Apache Pluto 3.0.0 / 3.0.1 - Persistent Cross-Site Scripting

EDB-ID:

46759

CVE:

2019-0186

EDB Verified:

Author:

Dhiraj Mishra

Type:

webapps

Exploit:   /  

Platform:

Java

Date:

2019-04-26

Vulnerable App: 
Exploit Title: Stored XSS
# Date: 25-04-2019
# Exploit Author: Dhiraj Mishra
# Vendor Homepage: https://portals.apache.org/pluto
# Software Link: https://portals.apache.org/pluto/download.html
# Version: 3.0.0, 3.0.1
# Tested on: Ubuntu 16.04 LTS
# CVE: CVE-2019-0186
# References:
# https://nvd.nist.gov/vuln/detail/CVE-2019-0186
# https://portals.apache.org/pluto/security.html
# https://www.inputzero.io/2019/04/apache-pluto-xss.html

Summary:
The "Chat Room" portlet demo that ships with the Apache Pluto Tomcat bundle
contains a Cross-Site Scripting (XSS) vulnerability. Specifically, if an
attacker can input raw HTML markup into the "Name" or "Message" input
fields and submits the form, then the inputted HTML markup will be embedded
in the subsequent web page.

Technical observation:
- Start the Apache Pluto Tomcat bundle
- Visit http://localhost:8080/pluto/portal/Chat%20Room%20Demo
- In the name field, enter:
     <input type="text" value="Name field XSS></input>
- Click Submit
- In the message field, enter:
     <input type="text" value="Message field XSS></input>

Patch:
3.0.x users should upgrade to 3.1.0
Tags: Cross-Site Scripting (XSS)
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services