Network Security: Detailed info on Re: Potential XSS errors when using information from HTTP requests

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Web-App-Sec

[Top] [All Lists]

Re: Potential XSS errors when using information from HTTP requests

from [Tibor Veres] Network Security

[Permanent Link]

Subject:	Re: Potential XSS errors when using information from HTTP requests
Date:	Mon, 18 Oct 2004 02:46:16 +0200

XSS relies on data inserted by one user being sent to another one.

These data althrough comes from the user and might be forged, it will
be sent back to him.. Effectively he can exploit himself.


On Sat, 16 Oct 2004 14:27:06 -0700, V.Benjamin Livshits
<livshits@cs.stanford.edu> wrote:

I've been seeing a lot of redirects like the ones below in J2EE
programs.

1.      response.sendRedirect(request.getParameter("REFERRER"));

2.      response.sendRedirect(request.getRequestURI());

3.      response.sendRedirect(request.getServletPath() + toPath);

Since the URL the user is being redirected to comes from the HTTP
header, I was wondering if forging parts of the header may lead to a
cross-site scripting exploit of some sort. Clearly, it would be
dangerous to use this data as part of SQL statements. However, I have
trouble imagining XSS exploit scenarios.

Thanks,

-Ben



-- 
Tibor Veres
  tibor.veres@gmail.com

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Potential XSS errors when using information from HTTP requests, V.Benjamin Livshits Re: Potential XSS errors when using information from HTTP requests, Amit Klein (AKsecurity) Re: Potential XSS errors when using information from HTTP requests, Tibor Veres <= Re: Potential XSS errors when using information from HTTP requests, Paul Johnston Re: Potential XSS errors when using information from HTTP requests, Jeff Williams RE: Potential XSS errors when using information from HTTP requests, Calderon, Juan Carlos (GE Commercial Finance, NonGE)

Previous by Date:	Re: Apache log file monitor, forward
Next by Date:	Re: Potential XSS errors when using information from HTTP requests, Paul Johnston
Previous by Thread:	Re: Potential XSS errors when using information from HTTP requests, Amit Klein (AKsecurity)
Next by Thread:	Re: Potential XSS errors when using information from HTTP requests, Paul Johnston
Indexes:	[Date] [Thread] [Top] [All Lists]