Home / exploitsPDF  

tomcat-func-xss.txt

Posted on 07 September 2007

Apache Tomcat remote xss Author: handrix Contact: handrix_at_morx_dot_org Vulnerability: Cross Site Scripting Severity: Medium/High MorX security research team www.morx.org Description: Apache Tomcat remote xss Tomcat provide many example of jsp files, servlet and others. functions.jsp's script is vulnerable to cross-site scripting attacks in foo parameter. XSS Vector: http://server:port/jsp-examples/jsp2/el/functions.jsp?foo=%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E Vulnerable versions : Apache Tomecat/5.2.28 and maybe others

 

TOP