Eclipse BIRT 2.2.1 Cross Site Scripting

Type packetstorm
Reporter euronymous
Modified 2009-10-15T00:00:00


                                            `Eclipse BIRT <= 2.2.1 Reflected XSS  
Vendor: Eclipse  
Author: Michele "euronymous" Orrù (euronymous AT antisnatchor DOT com)  
Quite a common problem in a lot of Java based applications: reflected  
XSS in Java stack trace.  
A Reflected XSS is present in the _report parameter: here below the modified  
request (that is the BIRT 2.2.1 version included in Konakart 2.2.6)  
Host: localhost:8780  
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:  
Gecko/20081029 Firefox/  
Accept-Language: en-us,en;q=0.5  
Accept-Encoding: gzip,deflate  
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7  
Keep-Alive: 300  
Proxy-Connection: keep-alive  
Referer: http://localhost:8780/konakartadmin/  
Konakart is actually using org.eclipse.birt.core_2.2.1.r22x_v20070924, that is  
actually old.  
- Disclosure timeline:  
2008-12-17 11:04:15 EST : Vendor Contacted  
2009-02-11 03:39:09 EST: Bug fix  
2009-03-09 05:32:42 EDT: Patches verified on 2.5.0  
Michele "euronymous" Orru'  
Copyright (c) 2009 Michele "euronymous" Orru'  
Permission is granted for the redistribution of this alert  
electronically. It may not be edited in any way without mine express  
written consent. If you wish to reprint the whole or any  
part of this alert in any other medium other than electronically,  
please email me for permission.  
Disclaimer: The information in the advisory is believed to be accurate  
at the time of publishing based on currently available information. Use  
of the information constitutes acceptance for use in an AS IS condition.  
There are no warranties with regard to this information. Neither the  
author nor the publisher accepts any liability for any direct, indirect,  
or consequential loss or damage arising from use of, or reliance on,  
this information.