Home / exploitsPDF  

Ericsson Drutt MSDP (3PI Manager) Cross Site Scripting

Posted on 01 April 2015

+p-------------------------------------------------------------------+ + Ericsson Drutt MSDP (3PI Manager) - Cross Site Scripting Injection + +--------------------------------------------------------------------+ Affected Product: Ericsson Drutt MSDP (3PI Manager) Vendor Homepage : www.ericsson.com Version : 4, 5 and 6 CVE v2 Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N CVE : Discovered by : Anastasios Monachos (secuid0) - [anastasiosm (at) gmail (dot) com] Patched : Yes +-------------+ + Description + +-------------+ Ericsson Drutt Mobile Service Delivery Platform (MSDP) is a complete business support system providing an SDP center for both on- and off-portal business that includes support for the retail, advertising and wholesale of a wide range of different products and services. The MSDP was originally developed by Drutt Corporation which Ericsson bought back in 2007. Drutt was converted into Ericsson SA SD&P and they are still developing the MSDP. The platform is available in three configurations which also can be combined in the same installation: Storefront, Mobile Marketing and Open Surf. The 3PI Manager component contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code in the user's browser session in the context of the affected site. +----------------------+ + Exploitation Details + +----------------------+ The vulnerable input point and respective URL path is listed below: http(s)://<drutt>:<port>/tpim/register.do POST Data: companyName=aaa&contactPersonName=secuid0&contactPersonEmail=[XSS]&contactPersonPhone=aa&comment=&send.pressed=Save +---------------------+ + Disclosure Timeline + +---------------------+ 17.Feb.2015 - Contacted Ericsson http://www.ericsson.com/feedback 24.Feb.2015 - Ericsson responded with point of contact at Corporate Security Office 24.Feb.2015 - Contacted Corporate Security Office team 02.Mar.2015 - Ericsson Product Security Incident Response Team reverted via a secure channel 02.Mar.2015 - Shared vulnerability details 06.Mar.2015 - Ericsson confirmed the validity of the issues and started developing the patches 08.Mar.2015 - Agreed on public disclosure timelines 12.Mar.2015 - Patches released 31.Mar.2015 - Public disclosure

 

TOP