beaXSS.txt

`  
I. DESCRIPTION  
  
A cross-site scripting issue affects the display of error events in the  
'View Error Log' feature of BEA WebLogic Administration console.  
  
II. AFFECTED PRODUCTS  
  
BEA WebLogic 8.1 SP4 and previous.  
  
III. HOW TO VERIFY  
  
1. Make a HTTP request containing XSS code to a target Web server  
  
$ printf \  
"GET /<script>alert(document.cookie)</script>GomoR HTTP/1.0\r\n\r\n" \  
| nc www.example.com 80  
  
2. Login into the Administration console  
3. Go to the menu 'Network configurations/servers/myserser/'  
4. Click on 'View server log'  
5. Search for the string GomoR and click on the BEA-id event.  
  
A JavaScript dialog box should appear.  
  
IV. SEVERITY  
  
I let each customer evaluate that within their own context.  
  
V. DISCLOSURE TIMELINE  
  
06/08/2005 Vendor alerted  
06/08/2005 First vendor response  
06/10/2005 Vendor confirmed the issue  
06/22/2005 Vendor gave temporary test patch  
08/15/2005 Vendor public advisory  
08/23/2005 GomoR public advisory  
  
VI. REFERENCES  
  
BEA05-80.01  
http://dev2dev.bea.com/pub/advisory/135  
  
BEA WebLogic Server and WebLogic Express Multiple Remote Vulnerabilities  
http://www.securityfocus.com/bid/13717  
  
--   
^ ___ ___ FreeBSD Network - http://www.GomoR.org/ <-+  
| / __ |__/ Systems & Security Engineer |  
| \__/ | \ ---[ zsh$ alias psed='perl -pe ' ]--- |  
+--> Net::Packet <=> http://search.cpan.org/~gomor/ <--+  
`