Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos network security services platform

WebApp Sec: Potential XSS errors when using information from HTTP requests

Potential XSS errors when using information from HTTP requests

From: V.Benjamin Livshits <livshits_at_cs.stanford.edu>
Date: Sat, 16 Oct 2004 14:27:06 -0700

I've been seeing a lot of redirects like the ones below in J2EE
programs.

1. response.sendRedirect(request.getParameter("REFERRER"));

2. response.sendRedirect(request.getRequestURI());

3. response.sendRedirect(request.getServletPath() + toPath);

Since the URL the user is being redirected to comes from the HTTP
header, I was wondering if forging parts of the header may lead to a
cross-site scripting exploit of some sort. Clearly, it would be
dangerous to use this data as part of SQL statements. However, I have
trouble imagining XSS exploit scenarios.

Thanks,

-Ben
Received on Oct 17 2004

This message: [ Message body ]
Next message: James Barkley: "Re: Apache log file monitor"
Previous message: Joseph Miller: "Re: Apache log file monitor"
Next in thread: Amit Klein (AKsecurity): "Re: Potential XSS errors when using information from HTTP requests"
Reply: Amit Klein (AKsecurity): "Re: Potential XSS errors when using information from HTTP requests"
Reply: Tibor Veres: "Re: Potential XSS errors when using information from HTTP requests"
Reply: Paul Johnston: "Re: Potential XSS errors when using information from HTTP requests"
Maybe reply: Calderon, Juan Carlos (GE Commercial Finance, NonGE): "RE: Potential XSS errors when using information from HTTP requests"
Reply: Jeff Williams: "Re: Potential XSS errors when using information from HTTP requests"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]