-
Bug
-
Resolution: Fixed
-
Highest
-
2.5.7
-
None
-
Apache http, Confluence 2.5.7 standalone, Windows Server 2003, JDK 1.5
The test successfully embedded a script in the response, which will be executed once the page
is loaded in the user's browser. This means that the application is vulnerable to the Cross-Site
Scripting attack.
The file 500page.jsp should escape the attributes and parameters to prevent code execution.
[3 of 5] Cross-Site Scripting
Severity: High
Test Type: Application
Vulnerable URL: http://xxx.yyy.com:8080/addpersonalspacetofavourites.action
(Parameter = key)
Remediation Tasks: Filter out hazardous characters from user input
Variant 1 of 8 [ID=574034]
The following changes were applied to the original request:
• Injected '<script>alert("Watchfire%20XSS")</script>' into parameter 'key's value
Request/Response:
GET /addpersonalspacetofavourites.action?nonBlankResult=true&key=<script>alert ("Watchfire%20XSS")</script> HTTP/1.0
Cookie: seraph.confluence=Zh\hNiQi[hZiOf]fOm\fOfUgSfZfWkYkWk;
confluence.list.pages.cookie=list-alphabetically;
confluence.browse.space.cookie=space-templates;
JSESSIONID=7FC6827BCA10B0042DE6BE0536A246D0
Accept: /
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Host: xxxx.yyyy.com:8080
Referer: http://xxx.yyyy.com:8080/dopeopledirectorysearch.action?
searchQueryBean.queryString=&showOnlyPersonal=true
HTTP/1.1 500 Internal Server Error
Content-Length: 23985
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Date: Wed, 22 Aug 2007 20:26:11 GMT
Connection: close
<html>
<head>
<title>Oops - an error has occurred</title>
<link rel="stylesheet" href="/styles/main-action.css" type="text/css" />
<script language="JavaScript" type="text/javascript"
src="/includes/js/cookieUtils.js"></script>
<style>
...
- is duplicated by
-
-
- Closed
-
- is related to
-
-
- Closed
-
[CONFSERVER-9560] Cross-site scripting vulnerability in 500page.jsp
| Workflow | Original: JAC Bug Workflow v3 [ 2893230 ] | New: CONFSERVER Bug Workflow v4 [ 2985235 ] |
| Workflow | Original: JAC Bug Workflow v2 [ 2792812 ] | New: JAC Bug Workflow v3 [ 2893230 ] |
| Status | Original: Resolved [ 5 ] | New: Closed [ 6 ] |
| Workflow | Original: JAC Bug Workflow [ 2722676 ] | New: JAC Bug Workflow v2 [ 2792812 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2392659 ] | New: JAC Bug Workflow [ 2722676 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 [ 2274988 ] | New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2392659 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2233117 ] | New: Confluence Workflow - Public Facing - Restricted v5 [ 2274988 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2193947 ] | New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2233117 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 [ 1924073 ] | New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2193947 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v3 [ 1726520 ] | New: Confluence Workflow - Public Facing - Restricted v5 [ 1924073 ] |
| Workflow | Original: CONF Bug Subtask WF (TEMP) [ 1682340 ] | New: Confluence Workflow - Public Facing - Restricted v3 [ 1726520 ] |
