WebApp Sec mailing list archives
Re: Potential XSS errors when using information from HTTP requests
From: Tibor Veres <tibor.veres () gmail com>
Date: Mon, 18 Oct 2004 02:46:16 +0200
XSS relies on data inserted by one user being sent to another one. These data althrough comes from the user and might be forged, it will be sent back to him.. Effectively he can exploit himself. On Sat, 16 Oct 2004 14:27:06 -0700, V.Benjamin Livshits <livshits () cs stanford edu> wrote:
I've been seeing a lot of redirects like the ones below in J2EE programs. 1. response.sendRedirect(request.getParameter("REFERRER")); 2. response.sendRedirect(request.getRequestURI()); 3. response.sendRedirect(request.getServletPath() + toPath); Since the URL the user is being redirected to comes from the HTTP header, I was wondering if forging parts of the header may lead to a cross-site scripting exploit of some sort. Clearly, it would be dangerous to use this data as part of SQL statements. However, I have trouble imagining XSS exploit scenarios. Thanks, -Ben
-- Tibor Veres tibor.veres () gmail com
Current thread:
- Potential XSS errors when using information from HTTP requests V.Benjamin Livshits (Oct 17)
- Re: Potential XSS errors when using information from HTTP requests Amit Klein (AKsecurity) (Oct 18)
- Re: Potential XSS errors when using information from HTTP requests Tibor Veres (Oct 18)
- Re: Potential XSS errors when using information from HTTP requests Paul Johnston (Oct 18)
- Re: Potential XSS errors when using information from HTTP requests Jeff Williams (Oct 18)
- <Possible follow-ups>
- RE: Potential XSS errors when using information from HTTP requests Calderon, Juan Carlos (GE Commercial Finance, NonGE) (Oct 18)