Details
-
Bug
-
Resolution: Fixed
-
Highest
-
2.5.7
-
None
-
Apache http, Confluence 2.5.7 standalone, Windows Server 2003, JDK 1.5
Description
The test successfully embedded a script in the response, which will be executed once the page
is loaded in the user's browser. This means that the application is vulnerable to the Cross-Site
Scripting attack.
The file 500page.jsp should escape the attributes and parameters to prevent code execution.
[3 of 5] Cross-Site Scripting
Severity: High
Test Type: Application
Vulnerable URL: http://xxx.yyy.com:8080/addpersonalspacetofavourites.action
(Parameter = key)
Remediation Tasks: Filter out hazardous characters from user input
Variant 1 of 8 [ID=574034]
The following changes were applied to the original request:
• Injected '<script>alert("Watchfire%20XSS")</script>' into parameter 'key's value
Request/Response:
GET /addpersonalspacetofavourites.action?nonBlankResult=true&key=<script>alert ("Watchfire%20XSS")</script> HTTP/1.0
Cookie: seraph.confluence=Zh\hNiQi[hZiOf]fOm\fOfUgSfZfWkYkWk;
confluence.list.pages.cookie=list-alphabetically;
confluence.browse.space.cookie=space-templates;
JSESSIONID=7FC6827BCA10B0042DE6BE0536A246D0
Accept: /
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Host: xxxx.yyyy.com:8080
Referer: http://xxx.yyyy.com:8080/dopeopledirectorysearch.action?
searchQueryBean.queryString=&showOnlyPersonal=true
HTTP/1.1 500 Internal Server Error
Content-Length: 23985
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Date: Wed, 22 Aug 2007 20:26:11 GMT
Connection: close
<html>
<head>
<title>Oops - an error has occurred</title>
<link rel="stylesheet" href="/styles/main-action.css" type="text/css" />
<script language="JavaScript" type="text/javascript"
src="/includes/js/cookieUtils.js"></script>
<style>
...
Attachments
Issue Links
- is duplicated by
-
-
- Closed
-
- is related to
-
-
- Closed
-
