AOH :: HP Unsorted G :: BX3464.HTM

Glassfish Web Admin Interface XSS (Sun Java System Application Server 9.1_01 (build b09d-fcs) )



XSS - Glassfish Web Admin Interface (Sun Java System Application Server 9.1_01 (build b09d-fcs) )
XSS - Glassfish Web Admin Interface (Sun Java System Application Server 9.1_01 (build b09d-fcs) )



=============================
XSS - Glassfish Web Admin Interface (Sun Java System Application
Server 9.1_01 (build b09d-fcs) )

=============================
Author: Eduardo Neves a.k.a _eth0_
Date: 10 june 2008
Site: http://webappsecurity.wordpress.com 

=============================
APPLICATION : Glassfish webadmin interface
VERSION : Sun Java System Application Server 9.1_01 (build b09d-fcs)
VENDOR : http://www.sun.com 
DOWNLOAD : https://glassfish.dev.java.net/

=============================
IMPACT: XSS, XSRF, etc.

Severity: Low (or not?)

=============================
Descrition:

This vulnerability was found in Edit HTTP Listener section in
Glassfish web admin interface.

This is a vulnerable URL:

http://[HOSTNAME]:4848/configuration/httpListenerEdit.jsf?name=&configName=server-config 

-- 
|_|0|_| Serrano Neves - a.k.a eth0
|_|_|0| http://webappsecurity.wordpress.com 
|0|0|0| "Talk is cheap. Show me the code." - Linus Torvalds

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.