Full Disclosure mailing list archives
Apache Tomcat remote xss
From: "handrix cobra" <handrix () gmail com>
Date: Thu, 6 Sep 2007 02:13:54 +0000
Apache Tomcat remote xss Author: handrix Contact: handrix_at_morx_dot_org Vulnerability: Cross Site Scripting Severity: Medium/High MorX security research team www.morx.org Description: Apache Tomcat remote xss Tomcat provide many example of jsp files, servlet and others. functions.jsp's script is vulnerable to cross-site scripting attacks in foo parameter. XSS Vector: http://server:port/jsp-examples/jsp2/el/functions.jsp?foo=%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E Vulnerable versions : Apache Tomecat/5.2.28 and maybe others
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Apache Tomcat remote xss handrix cobra (Sep 05)
- <Possible follow-ups>
- Apache Tomcat remote xss handrix cobra (Sep 05)