Warning: file_get_contents(/data/phpspider/zhask/data//catemap/4/jsp/3.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Java Xss漏洞_Java_Jsp_Xss - Fatal编程技术网
Fatal编程技术网
  • java/
  • Java Xss漏洞

Java Xss漏洞

java jsp

Java Xss漏洞,java,jsp,xss,Java,Jsp,Xss,我已使用Acunetix漏洞扫描程序对我的web应用程序进行了审计,开发者报告告诉我: /referentiels-web/j_spring_cas_security_check Details URL encoded GET input ticket was set to ST-1664-V7HlBALHdSMeqYmAjHL9-passeport01.brgm-rec.fr'"()&%<acx><ScRiPt>qvVq(9803)</ScRiPt>

我已使用Acunetix漏洞扫描程序对我的web应用程序进行了审计,开发者报告告诉我:

/referentiels-web/j_spring_cas_security_check
Details
URL encoded GET input ticket was set to ST-1664-V7HlBALHdSMeqYmAjHL9-passeport01.brgm-rec.fr'"()&%<acx><ScRiPt>qvVq(9803)</ScRiPt>
>qvVq(9803)</ScRiPt>
GET /referentiels-web/authfailed.jsp;jsessionid=83A16DB68D05ECF865408DAC009A0DAF HTTP/1.1
Referer: https://myapp.com:443/referentiels-web/
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Host: Rgf-ref.brgm-rec.fr

/referentiels web/j\u spring\u cas\u security\u check
细节
URL编码的GET输入票证设置为ST-1664-V7HlBALHdSMeqYmAjHL9-passeport01.brgm-rec.fr'()&%

邮递员:


authfiled.jsp:



登录CAS失败!
登录CAS失败!
您的CAS凭据被拒绝。


原因:

我可以从报告中看到脚本被设置到“ticket”GET输入中

请尝试使用此url:


https://myapp.com:443/referentiels-web/authfailed.jsp;jsessionid=83A16DB68D05EC‌​F865408DAC009A0DAF?ticket=ST-1664-V7HlBALHdSMeqYmAjHL9-passeport01.brgm-rec.fr'"()&%<ScRiPt>alert('test')</ScRiPt>



好吧,让我们从你如何尝试reproduce@cricket_007我必须这样做
https://myapp.com:443/referentiels-web/authfiled.jsp;jsessionid=83A16DB68D05ECF865408DAC09A0DAF?警报('test'))
您在URL栏中输入了它?我认为这不是XSS,因为脚本标记不是由您的site@cricket_007是的,我在我的URL中输入了它。简而言之,向用户显示堆栈跟踪是个坏主意,请不要这样做。这对用户体验不利(它会让你的网站看起来笨重和破碎),对用户没有帮助(用户不读取错误消息),并且在安全方面,它会显示有关系统的不必要的详细信息,在这种情况下,它容易受到XSS的攻击,因为您回显异常消息,其中可能包含一些未初始化的用户输入。

<%@ page import="org.springframework.security.core.AuthenticationException" %>
<%@ page import="org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter" %>
<%@ page import="org.springframework.security.web.WebAttributes" %>

<html>
<head>
    <title>Login to CAS failed!</title>
</head>

<body>
<h2>Login to CAS failed!</h2>

<font color="red">
    Your CAS credentials were rejected.<br/><br/>
    Reason: <%= ((AuthenticationException) session.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION)).getMessage() %>
</font>

</body>
</html>



https://myapp.com:443/referentiels-web/authfailed.jsp;jsessionid=83A16DB68D05EC‌​F865408DAC009A0DAF?ticket=ST-1664-V7HlBALHdSMeqYmAjHL9-passeport01.brgm-rec.fr'"()&%<ScRiPt>alert('test')</ScRiPt>



https://myapp.com:443/referentiels-web/authfailed.jsp;jsessionid=83A16DB68D05EC‌​F865408DAC009A0DAF?ticket=%53%54%2D%31%36%36%34%2D%56%37%48%6C%42%41%4C%48%64%53%4D%65%71%59%6D%41%6A%48%4C%39%2D%70%61%73%73%65%70%6F%72%74%30%31%2E%62%72%67%6D%2D%72%65%63%2E%66%72%27%22%28%29%26%25%3C%53%63%52%69%50%74%3E%61%6C%65%72%74%28%27%74%65%73%74%27%29%3C%2F%53%63%52%69%50%74%3E



https://myapp.com:443/referentiels-web/authfailed.jsp;jsessionid=83A16DB68D05EC‌​F865408DAC009A0DAF?ticket=U1QtMTY2NC1WN0hsQkFMSGRTTWVxWW1BakhMOS1wYXNzZXBvcnQwMS5icmdtLXJlYy5mciciKCkmJTxTY1JpUHQ+YWxlcnQoJ3Rlc3QnKTwvU2NSaVB0Pg==