Menu

Search for hundreds of thousands of exploits

"Apache Axis2 Administration Console - (Authenticated) Cross-Site Scripting"

Author

Exploit author

"Richard Brain"

Platform

Exploit platform

multiple

Release date

Exploit published date

2010-05-21

Download file

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
PR10-03 Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console 

Source:
http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-03

Advisory publicly released:  Friday, 21 May 2010
Vulnerability found:  Saturday, 30 January 2010
Severity level:  Medium

Credits
Richard Brain of ProCheckUp Ltd (www.procheckup.com)

Description:
Axis2 is a web services/SOAP/WDSL engine, widely used within many commercial products Procheckup has found it is vulnerable to a vanilla Cross-Site Scripting Vulnerability (XSS).  Axis2 is used within SAP Business Objects 12 and 3com's IMC network management tool.

http://ws.apache.org/axis2/

Comfirmed vulnerable versions:
1.4.1

Proof of concept:

The following demonstrate the XSS flaw:

Authenticated XSS normally login as admin and axis2

http://target-domain.foo:8080/imcws/axis2-admin/axis2-admin/axis2-web/axis2-admin/axis2-admin/engagingglobally?
submit=%2bEngage%2b&modules=<script>alert(1)</script>

Note: The above path will change depending on how axis2 has been installed. 

Legal
Copyright 2010 Procheckup Ltd. All rights reserved.

Permission is granted for copying and circulating this Bulletin to the Internet community for the purpose of alerting them to problems, if and only if, the Bulletin is not edited or changed in any way, is attributed to Procheckup, and provided such reproduction and/or distribution is performed for non-commercial purposes.

Any other use of this information is prohibited. Procheckup is not liable for any misuse of this information by any third party.
Release Date Title Type Platform Author
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2020-12-02 "Expense Management System - 'description' Stored Cross Site Scripting" webapps multiple "Nikhil Kumar"
2020-12-02 "Bakeshop Online Ordering System 1.0 - 'Owner' Persistent Cross-site scripting" webapps multiple "Parshwa Bhavsar"
2020-12-02 "ILIAS Learning Management System 4.3 - SSRF" webapps multiple Dot
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "Under Construction Page with CPanel 1.0 - SQL injection" webapps multiple "Mayur Parmar"
Release Date Title Type Platform Author
2011-10-18 "Check Point UTM-1 Edge and Safe 8.2.43 - Multiple Vulnerabilities" remote hardware "Richard Brain"
2011-05-16 "Mitel Audio and Web Conferencing 4.4.3.0 - Multiple Cross-Site Scripting Vulnerabilities" webapps asp "Richard Brain"
2011-05-09 "Keyfax Customer Response Management 3.2.2.6 - Multiple Cross-Site Scripting Vulnerabilities" webapps asp "Richard Brain"
2011-05-05 "BMC Dashboards 7.6.01 - Cross-Site Scripting / Information Disclosure" webapps jsp "Richard Brain"
2011-05-05 "BMC Remedy Knowledge Management 7.5.00 - Default Account / Multiple Cross-Site Scripting Vulnerabilities" webapps jsp "Richard Brain"
2010-12-21 "WordPress Plugin Mediatricks Viva Thumbs - Multiple Information Disclosure Vulnerabilities" webapps php "Richard Brain"
2010-12-15 "HP Insight Diagnostics Online Edition 8.4 - 'search.php' Cross-Site Scripting" webapps php "Richard Brain"
2010-12-14 "BlogCFC 5.9.6.001 - Multiple Cross-Site Scripting Vulnerabilities" webapps php "Richard Brain"
2010-12-13 "Mura CMS - Multiple Cross-Site Scripting Vulnerabilities" webapps cfm "Richard Brain"
2010-12-03 "DotNetNuke 5.5.1 - 'InstallWizard.aspx' Cross-Site Scripting" webapps asp "Richard Brain"
2010-06-09 "Juniper Networks SA2000 SSL VPN Appliance - 'welcome.cgi' Cross-Site Scripting" remote hardware "Richard Brain"
2010-05-21 "Apache Axis2 Administration Console - (Authenticated) Cross-Site Scripting" webapps multiple "Richard Brain"
2010-05-21 "3Com* iMC (Intelligent Management Center) - Traversal File Retrieval" webapps windows "Richard Brain"
2010-05-21 "3Com* iMC (Intelligent Management Center) - Cross-Site Scripting / Information Disclosure Flaws" webapps windows "Richard Brain"
2010-01-28 "CommonSpot Server - '/utilities/longproc.cfm' Cross-Site Scripting" webapps cfm "Richard Brain"
2010-01-27 "SAP BusinessObjects 12 - URI redirection / Cross-Site Scripting" remote multiple "Richard Brain"
2010-01-27 "HP System Management Homepage 3.0.2 - 'servercert' Cross-Site Scripting" remote multiple "Richard Brain"
2009-09-25 "Activedition - '/activedition/aelogin.asp' Multiple Cross-Site Scripting Vulnerabilities" webapps asp "Richard Brain"
2008-11-11 "Sun Java System Identity Manager 6.0/7.x - Multiple Vulnerabilities" webapps jsp "Richard Brain"
2008-04-23 "RSA Authentication Agent for Web 5.3 - Open Redirection" remote windows "Richard Brain"
2008-02-28 "Juniper Networks Secure Access 2000 Web - Root Full Path Disclosure" webapps cgi "Richard Brain"
2008-02-28 "Juniper Networks Secure Access 2000 - 'rdremediate.cgi' Cross-Site Scripting" remote hardware "Richard Brain"
2007-11-30 "F5 Networks FirePass 4100 SSL VPN - 'My.Logon.php3' Cross-Site Scripting" remote hardware "Richard Brain"
2007-08-30 "Absolute Poll Manager XE 4.1 - 'xlaapmview.asp' Cross-Site Scripting" webapps asp "Richard Brain"
2007-02-19 "Spyce 2.1.3 - 'spyce/examples/request.spy?name' Cross-Site Scripting" webapps php "Richard Brain"
2007-02-19 "Spyce 2.1.3 - 'spyce/examples/getpost.spy?Name' Cross-Site Scripting" webapps php "Richard Brain"
2007-02-19 "Spyce 2.1.3 - spyce/examples/automaton.spy Direct Request Error Message Information Disclosure" webapps php "Richard Brain"
2007-02-19 "Spyce 2.1.3 - '/docs/examples/redirect.spy' Multiple Cross-Site Scripting Vulnerabilities" webapps php "Richard Brain"
2007-02-19 "Spyce 2.1.3 - 'docs/examples/handlervalidate.spy?x' Cross-Site Scripting" webapps php "Richard Brain"
2007-02-19 "Spyce 2.1.3 - '/spyce/examples/formtag.spy' Multiple Cross-Site Scripting Vulnerabilities" webapps php "Richard Brain" 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected