RE: ACROS Security: HTML Injection in BEA WebLogic Server Console (2)

From: ACROS Security (lists_at_acros.si)
Date: 05/27/05

  • Next message: Martin Schulze: "[SECURITY] [DSA 730-1] New bzip2 packages fix file unauthorised permissions modification"
    To: "'Will Schroeder'" <wschroed@schroedernet.net>
    Date: Fri, 27 May 2005 12:06:33 +0200
    
    

    Will,

    > To exploit this an admin user still needs to click on a link
    > to a URL right? or is the malicious javascript inserted into
    > the login page via http splitting?

    An attacker needs to either trick the admin to visit some web page, or
    modify the response of any web server the admin ever connects to (e.g.,
    Google). What's important is that he can do this any time _before_ the admin
    logs in to WebLogic console, not during an already active administration
    session. This makes the attack very easy, at least from my pen-testing
    perspective.

    Sorry for the delay in replying.

    Mitja Kolsek

    ACROS, d.o.o.
    Makedonska ulica 113
    SI - 2000 Maribor, Slovenia
    tel: +386 2 3000 280
    fax: +386 2 3000 282
    web: http://www.acrossecurity.com


  • Next message: Martin Schulze: "[SECURITY] [DSA 730-1] New bzip2 packages fix file unauthorised permissions modification"

    Relevant Pages

    • Re: Change boot partition from E: to C:
      ... I would ask your Admin why he made it the way it is. ... That could be a trick to hide your c drive from whom or what ever! ... > XP pro? ... Disk management will not let me make that change. ...
      (microsoft.public.windowsxp.help_and_support)
    • User Settings Q.
      ... what trick is there to avoid "Unable to update cursor" issues with Win ... I have a user in GA who is okay as the Admin, ...
      (microsoft.public.fox.programmer.exchange)
    • Re: Unable to start Office Applications.
      ... I logged in as admin and activate Office. ... That did the trick. ... "Mangeekaa" wrote in message ... > If office apps work when logged in as admin or with admin rights, ...
      (microsoft.public.windows.terminal_services)