Summary
Openfire is a real time collaboration (RTC) server licensed under the Open Source GPL. It uses the widely adopted open protocol for instant messaging XMPP, also called Jabber. Multiple cross-site scripting vulnerabilities have been found in Openfire, which may lead to arbitrary remote code execution on the server running the application due to unauthorized upload of Java plugin code.
Credit:
The information has been provided by CORE Security Technologies Advisories.
The original article can be found at:
Details
Vulnerable Systems:
* Openfire version 3.6.2
Immune Systems:
* Openfire version 3.6.3
Technical Description / Proof of Concept Code:
Multiple cross-site scripting vulnerabilities have been found in Openfire, which may lead to arbitrary remote code execution on the server running Openfire server due to unauthorized upload of Java plugin code.
Reflected XSS Vulnerabilities
Several cross site scripting (XSS) were detected that lead to cross site request forgery (XSRF), which enable arbitrary remote code execution on the server running the application. These vulnerabilities are network exploitable but the victim must voluntarily interact with the attack mechanism. The victim must be an authorized user to deploy the complete attack.
We identified insufficient sanitization of several parameters in several scripts. In the case of 'logviewer.jsp', 'group-summary.jsp', 'user-properties.jsp' and 'audit-policy.jsp' there is no sanitization at all. In 'log.jsp' there is a filter against '
Openfire is a real time collaboration (RTC) server licensed under the Open Source GPL. It uses the widely adopted open protocol for instant messaging XMPP, also called Jabber. Multiple cross-site scripting vulnerabilities have been found in Openfire, which may lead to arbitrary remote code execution on the server running the application due to unauthorized upload of Java plugin code.
Credit:
The information has been provided by CORE Security Technologies Advisories.
The original article can be found at:
Details
Vulnerable Systems:
* Openfire version 3.6.2
Immune Systems:
* Openfire version 3.6.3
Technical Description / Proof of Concept Code:
Multiple cross-site scripting vulnerabilities have been found in Openfire, which may lead to arbitrary remote code execution on the server running Openfire server due to unauthorized upload of Java plugin code.
Reflected XSS Vulnerabilities
Several cross site scripting (XSS) were detected that lead to cross site request forgery (XSRF), which enable arbitrary remote code execution on the server running the application. These vulnerabilities are network exploitable but the victim must voluntarily interact with the attack mechanism. The victim must be an authorized user to deploy the complete attack.
We identified insufficient sanitization of several parameters in several scripts. In the case of 'logviewer.jsp', 'group-summary.jsp', 'user-properties.jsp' and 'audit-policy.jsp' there is no sanitization at all. In 'log.jsp' there is a filter against '