XSS and JBoss console vulnerabilities (including fixes)

Stored XSS: vulnerability is occurring in album http://album.goodbaby.com

1. Upload a photo at the background

2. Wear pictures at will

3. the upload is successful. In the displayed dialog box, click to view the uploaded photo.

4. The default album name is untitled.

 

5. Modify the album name.

6. If the album name is not filtered out, you can insert any js Code, but the display length is limited. There are many bypass methods, such as: the first album name is <script> jscode <! -- Name of the second album-> jscode </script>
7. I found that there is still an unlimited length display after clicking to enter the album.

 

There is no limit on the length above, and the following is a limit.
Proof of vulnerability: http://album.goodbaby.com/album/album_photo.php? Photoid = 6p34z7 # viewpic

 


 

By neal


 

The JBoss console has a severe security vulnerability that allows users to upload and install war script packages. For this vulnerability, see: http://tech.ccidnet.com/art/1099/20100111/1977341_1.html

It's inconvenient to go to work. Check it.

Solution:

Add an access password to the jmx-console

1. Find the jmx-console.war directory edit WEB-INF/web. xml file under $ {jboss. server. home. dir}/deploy to remove the comments of the security-constraint block so that it works

2. Edit WEB-INF/classes/jmx-console-users.properties or server/default/conf/props/jmx-console-users.properties (version> = 4.0.2) and WEB-INF/classes/jmx-console-roles.properties

Or server/default/conf/props/jmx-console-roles.properties (version> = 4.0.2) add user name and password

3. Edit the WEB-INF/jboss-web.xml to remove the comments for the security-domain block, the security-domain value ing file is a login-config.xml that defines the login authorization method

Author: zeracker