SecurityvulnsSECURITYVULNS:DOC:5270[Full-Disclosure] Caucho Resin 2.x - Cross Site Scripting
- EXPL-A-2003-026 exploitlabs.com Advisory 026 -
-= Caucho Resin =-
Donnie Werner
Oct 18, 2003
Vunerability(s):
- XSS
note: this is not
http://www.securiteam.com/securitynews/5KP0O1F7FM.html
http://www.securitytracker.com/alerts/2002/Jun/1004552.html
Product:
Caucho Resin Httpd 2.x
Reviews:
http://www.caucho.com/sales/customers.xtp
Description of product:
"Resinยฎ is a cutting-edge XML Application Server.
It serves the fastest servlets and JSP."
VUNERABILITY / EXPLOIT
default port 8080 ( others used )
affected scripts:
env.jsp
form.jsp
session.jsp
tictactoe.jsp
http://[host]:8080/examples/tictactoe/tictactoe.jsp?move=<iframe%20src="http://attcker/evil.cgi"></iframe>4
or
<SCRIPT>alert(document.domain);</SCRIPT><SCRIPT>alert(document.cookie);</SCR
IPT>
the above is only an example, all cookie and session
stealing Cross Site Scripting was possible.
guestbook.jsp allows persistant XSS
enter evil javascript in "name" and "comment" fields
it is then re-rendered upon revisit
Local:
nay
Remote:
yeh
Vendor Fix:
Versions 3.x dont have the examples included
Vendor Contact:
[email protected]
Concurrent with this advisory
Credits:
Donnie Werner
CTO E2 Labs
http://e2-labs.cpm
[email protected]
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html