WebApp Sec mailing list archives

Re: Potential XSS errors when using information from HTTP requests

From: Tibor Veres <tibor.veres () gmail com>
Date: Mon, 18 Oct 2004 02:46:16 +0200

XSS relies on data inserted by one user being sent to another one.

These data althrough comes from the user and might be forged, it will
be sent back to him.. Effectively he can exploit himself.


On Sat, 16 Oct 2004 14:27:06 -0700, V.Benjamin Livshits
<livshits () cs stanford edu> wrote:

I've been seeing a lot of redirects like the ones below in J2EE
programs.

1.      response.sendRedirect(request.getParameter("REFERRER"));

2.      response.sendRedirect(request.getRequestURI());

3.      response.sendRedirect(request.getServletPath() + toPath);

Since the URL the user is being redirected to comes from the HTTP
header, I was wondering if forging parts of the header may lead to a
cross-site scripting exploit of some sort. Clearly, it would be
dangerous to use this data as part of SQL statements. However, I have
trouble imagining XSS exploit scenarios.

Thanks,

-Ben



-- 
Tibor Veres
  tibor.veres () gmail com

Current thread:

Potential XSS errors when using information from HTTP requests V.Benjamin Livshits (Oct 17)
- Re: Potential XSS errors when using information from HTTP requests Amit Klein (AKsecurity) (Oct 18)
- Re: Potential XSS errors when using information from HTTP requests Tibor Veres (Oct 18)
- Re: Potential XSS errors when using information from HTTP requests Paul Johnston (Oct 18)
- Re: Potential XSS errors when using information from HTTP requests Jeff Williams (Oct 18)
- <Possible follow-ups>
- RE: Potential XSS errors when using information from HTTP requests Calderon, Juan Carlos (GE Commercial Finance, NonGE) (Oct 18)