WSO2 SOA Enablement Server – Reflected Cross-Site Scripting

Posted by Etnies on May 17

Title: WSO2 SOA Enablement Server – Reflected Cross-Site Scripting
Authors: Jakub Pałaczyński, Łukasz Juszczyk
Date: 08. April 2016

Affected Software:
=============

WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616
Probably other versions are also vulnerable.

Proof of Concept:
============

PoC works only in IE browser – path is reflected in the response and needs
to be long enough to bypass IE’s 404 page…

Leave a Reply