Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

JSPWiki 2.4.104 / 2.5.139 Multiple Remote Vulnerabilities

🗓️ 13 Feb 2008 00:00:00Reported by BugSec LTDType 
zdt
 zdt🔗 0day.today👁 27 Views

JSPWiki remote vulnerabilities in versions 2.4.104 and 2.5.139 allow for local file inclusion and cross-site scripting attacks, potentially compromising server security

Code
=========================================================
JSPWiki 2.4.104 / 2.5.139 Multiple Remote Vulnerabilities
=========================================================


JSPWiki Multiple Vulnerabilities


Vendor:
Janne Jalkanen JSPWiki – http://www.jspwiki.org

Application Description:
From JSPWiki website - “JSPWiki is a feature-rich and extensible WikiWiki engine built around a standart J2EE components (Java, servlets, JSP).”

Tested versions:
JSPWiki v2.4.104
JSPWiki v2.5.139
Earlier versions may also be affected.

JSPWiki Local .jsp File Inclusion Vulnerability.
An input validation problem exists within JSPWiki which allows to execute (include) arbitrary local .jsp files. An attacker may leverage this issue to execute arbitrary server-side script code on a vulnerable server with the privileges of the web server process.

Example (including rss.jsp file from the application root directory):
http://server/JSPWikiPath/Edit.jsp?page=Main&editor=../../../rss

Note: page parameter must be an existing page on the server.

This grants an attacker unauthorized access to sensitive .jsp files on the server and can lead to information disclosure.

Examples:
http://server/JSPWikiPath/Edit.jsp?page=User&editor=../../../Install
http://server/JSPWikiPath/Edit.jsp?page=User&editor=../../../admin/SecurityConfig

The first example disclose sensitive information such as the full path of the application on the server, page (and attachments) storage path, log files and work directory by including the application installation (Install.jsp).
The second example disclose the application security configurations by including the JSPWiki Security Configuration Verifier file (admin/SecurityConfig.jsp).

In addition, JSPWiki allow users to upload (attach) files to entry pages. An attacker can use the information disclosed by the installation file to upload a malicious .jsp file and locally execute it.
By executing malicious server-side code, an attacker may be able to compromise the server.


JSPWiki Cross-Site Scripting Vulnerability.
An attacker may leverage cross-site scripting vulnerability to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

Example:
http://server/JSPWikiPath/Edit.jsp?page=Main&editor=%3Cscript%3Ealert(document.cookie)%3C/script%3E




#  0day.today [2018-02-13]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
13 Feb 2008 00:00Current
7.1High risk
Vulners AI Score7.1
jspwikiremote vulnerabilitieslocal file inclusioncross-site scriptinginformation disclosureserver compromiseauthentication credentials
27