Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

webappsec logo WebApp Sec mailing list archives

Re: Potential XSS errors when using information from HTTP requests
From: Tibor Veres <tibor.veres () gmail com>
Date: Mon, 18 Oct 2004 02:46:16 +0200
XSS relies on data inserted by one user being sent to another one.

These data althrough comes from the user and might be forged, it will
be sent back to him.. Effectively he can exploit himself.


On Sat, 16 Oct 2004 14:27:06 -0700, V.Benjamin Livshits
<livshits () cs stanford edu> wrote:

I've been seeing a lot of redirects like the ones below in J2EE
programs.

1.      response.sendRedirect(request.getParameter("REFERRER"));

2.      response.sendRedirect(request.getRequestURI());

3.      response.sendRedirect(request.getServletPath() + toPath);

Since the URL the user is being redirected to comes from the HTTP
header, I was wondering if forging parts of the header may lead to a
cross-site scripting exploit of some sort. Clearly, it would be
dangerous to use this data as part of SQL statements. However, I have
trouble imagining XSS exploit scenarios.

Thanks,

-Ben





-- 
Tibor Veres
  tibor.veres () gmail com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]