Skip to main content

Posts

Showing posts from April, 2012

Oracle GlassFish Server - Multiple Cross Site Scripting Vulnerabilities

Following disclosure of Oracle bugs, here is another bug found in Oracle GlassFish Server 3.1.1. The interesting part of this advisory is the exploit. When looking at the features of the Oracle GlassFish Server, I have noticed that with a XSS it would be possible to steal the session token and bypass HTTPOnly protection. I have found this condition to be true if a user is authenticated to the REST interface, which does not have the same security controls of the main web administrative interface. Quite an interesting point to keep in consideration when testing applications that come with a standard interface and a REST interface as well.


Details

Vendor Site: Oracle (www.oracle.com)
Date: April, 19th 2012 – CVE 2012-0551
Affected Software: Oracle GlassFish Server 3.1.1 (build 12)
Researcher: Roberto Suggi Liverani
PDF version: http://www.security-assessment.com/files/documents/advisory/Oracle_GlassFish_Server_Multiple_XSS.pdf

Description

Security-Assessment.com has discovered that components o…

Oracle GlassFish Server - REST CSRF

Time for some disclosure. Below, details of a CSRF bug discovered in Oracle GlassFish Server 3.1.1 few months ago. Interesting to observe that Oracle rates this as the third most critical bug fixed among the Oracle Sun Products. I guess that's because of the exploit which was included in the original report and which I am releasing as part of this advisory. I found a curios angle to exploit this bug, as arbitrary file upload of a WAR archive can be performed. A quite cool way to exploit a CSRF and own Oracle GlassFish, if you ask me :-). Enjoy.

Details

Vendor Site: Oracle (www.oracle.com)
Date: April, 19th 2012 – CVE 2012-0550
Affected Software: Oracle GlassFish Server 3.1.1 (build 12)
Researcher: Roberto Suggi Liverani
PDF version: http://www.security-assessment.com/files/documents/advisory/Oracle_GlassFish_Server_REST_CSRF.pdf

Description

Security-Assessment.com has discovered that the Oracle GlassFish Server REST interface is vulnerable to Cross
Site Request Forgery  (CSRF) attacks. Al…

Presenting at Hack In The Box Amsterdam 2012 - HITB2012AMS

In about six weeks time, I will be in .eu presenting at Hack In The Box Amsterdam 2012. I am very excited about it as that will be my first HITB conference. Also, the speakers line-up and conference agenda are impressive.

This time, I will be presenting with Scott Bell, my colleague at Security-Assessment.com. The presentation will cover the results of our research which focuses on browser bug hunting. Certainly, there is no fun without dropping some 0days... so expect to see some cool bugs if you are attending our talk. If not, you will be able to grab demos, videos and slides following the conference.

Here is the talk abstract:

Window Shopping: Browser Bug Hunting in 2012

Web browsers have become part of everyday life, and are relied upon by millions of internet citizens each day. The feature rich online world has turned the once simple web browser into a highly complex (and very often insecure) desktop application.
As browser vendors have extended functionality and support to new tech…