Apache Struts2 showcase multiple XSS

2013-10-28 / 2013-10-29
Credit: Nebula
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

*Abstract* The latest version of the current official struts-2.3.15.3&#65292;struts2-showcase.war demo XSS still exist! *Details* I found an update of the official demo of Strust2, so I did a test. It used to be able to filter, escape input and escape output, but why didn&#8217;t it escape this time? *Proofs of concept* Two demo addresses&#8217; namespacec parameters were not solved: http://127.0.0.1:8080/struts2-07/config-browser/actionNames.action?namespace= <script>alert(/xss/);</script> http://127.0.0.1:8080/struts2-07/config-browser/showConfig.action?namespace= <script>alert(/xss/);</script>&actionName=showcase _______________________________________________ Form:http://en.wooyun.org/bugs/wooyun-2013-034 Author:Nebula <http://en.wooyun.org/whitehats/Nebula>

References:

http://en.wooyun.org/bugs/wooyun-2013-034


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top