WebSphere Application Server version 6.0 suffers from a cross site scripting flaw.
f68cc25f25bdda26b2281f384909d577b5ea7ee94e8abe5de53465cf42838c22
WebSphere Application Server V6.0 Security advisory
21 April 2005
Remote Vulnerabilities in WebSphere Application Server
Synopsis: Dr_insane has discovered some remote vulnerabilities in WebSphere Application Server V6.0. WebSphere®
Application Server is a Java 2 Enterprise Edition (J2EE) and Web services technology-based application platform,
delivering a high-performance and extremely scalable transaction engine for dynamic e-business applications.
The vulnerabilies allow a remote attacker to execute arbitrary script code in a user's
browser session in context of a vulnerable site as well as to reaveal the source code of .jsp files.
Affected Systems:
WebSphere Application Server V6.0 for Windows
Description:
The first vulnerability is a basic cross site scripting attack that can be performed by a remote attacker
to execute sript code in a user's browser session in context of a vulnerable site.
WebSphere Application Server V6.0 comes with a default 404 error page.This 404 error page presents
the path of the file requested, and is not filtering it for hazardous characters.
example: http://127.0.0.1:9080/<script>alert()</script>.jsp
The second vulnerability can be performed to read the source code of jsp files.By assigning a space
%20 after the .jsp file you will get its source code.
example: http://127.0.0.1:9080/somefile.jsp%20
Credit:
Dr_insane
dr_insane@pathfinder.gr