WebApp Sec mailing list archives

Potential XSS errors when using information from HTTP requests

From: "V.Benjamin Livshits" <livshits () cs stanford edu>
Date: Sat, 16 Oct 2004 14:27:06 -0700

I've been seeing a lot of redirects like the ones below in J2EE
programs.       

1.      response.sendRedirect(request.getParameter("REFERRER"));

2.      response.sendRedirect(request.getRequestURI());
        
3.      response.sendRedirect(request.getServletPath() + toPath);

Since the URL the user is being redirected to comes from the HTTP
header, I was wondering if forging parts of the header may lead to a
cross-site scripting exploit of some sort. Clearly, it would be
dangerous to use this data as part of SQL statements. However, I have
trouble imagining XSS exploit scenarios.

Thanks,

-Ben

Current thread:

Potential XSS errors when using information from HTTP requests V.Benjamin Livshits (Oct 17)
- Re: Potential XSS errors when using information from HTTP requests Amit Klein (AKsecurity) (Oct 18)
- Re: Potential XSS errors when using information from HTTP requests Tibor Veres (Oct 18)
- Re: Potential XSS errors when using information from HTTP requests Paul Johnston (Oct 18)
- Re: Potential XSS errors when using information from HTTP requests Jeff Williams (Oct 18)
- <Possible follow-ups>
- RE: Potential XSS errors when using information from HTTP requests Calderon, Juan Carlos (GE Commercial Finance, NonGE) (Oct 18)