Network Security: Detailed info on Potential XSS errors when using information from HTTP requests

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Web-App-Sec

[Top] [All Lists]

Potential XSS errors when using information from HTTP requests

from [V.Benjamin Livshits] Network Security

[Permanent Link]

Subject:	Potential XSS errors when using information from HTTP requests
Date:	Sat, 16 Oct 2004 14:27:06 -0700

I've been seeing a lot of redirects like the ones below in J2EE
programs.       

1.      response.sendRedirect(request.getParameter("REFERRER"));

2.      response.sendRedirect(request.getRequestURI());
        
3.      response.sendRedirect(request.getServletPath() + toPath);

Since the URL the user is being redirected to comes from the HTTP
header, I was wondering if forging parts of the header may lead to a
cross-site scripting exploit of some sort. Clearly, it would be
dangerous to use this data as part of SQL statements. However, I have
trouble imagining XSS exploit scenarios.

Thanks,

-Ben

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Potential XSS errors when using information from HTTP requests, V.Benjamin Livshits <= Re: Potential XSS errors when using information from HTTP requests, Amit Klein (AKsecurity) Re: Potential XSS errors when using information from HTTP requests, Tibor Veres Re: Potential XSS errors when using information from HTTP requests, Paul Johnston Re: Potential XSS errors when using information from HTTP requests, Jeff Williams RE: Potential XSS errors when using information from HTTP requests, Calderon, Juan Carlos (GE Commercial Finance, NonGE)

Previous by Date:	Re: Apache log file monitor, Joseph Miller
Next by Date:	Re: Apache log file monitor, James Barkley
Previous by Thread:	Web Attack Data - Apache, Ryan Barnett
Next by Thread:	Re: Potential XSS errors when using information from HTTP requests, Amit Klein (AKsecurity)
Indexes:	[Date] [Thread] [Top] [All Lists]