WebApp Sec mailing list archives
Potential XSS errors when using information from HTTP requests
From: "V.Benjamin Livshits" <livshits () cs stanford edu>
Date: Sat, 16 Oct 2004 14:27:06 -0700
I've been seeing a lot of redirects like the ones below in J2EE programs. 1. response.sendRedirect(request.getParameter("REFERRER")); 2. response.sendRedirect(request.getRequestURI()); 3. response.sendRedirect(request.getServletPath() + toPath); Since the URL the user is being redirected to comes from the HTTP header, I was wondering if forging parts of the header may lead to a cross-site scripting exploit of some sort. Clearly, it would be dangerous to use this data as part of SQL statements. However, I have trouble imagining XSS exploit scenarios. Thanks, -Ben
Current thread:
- Potential XSS errors when using information from HTTP requests V.Benjamin Livshits (Oct 17)
- Re: Potential XSS errors when using information from HTTP requests Amit Klein (AKsecurity) (Oct 18)
- Re: Potential XSS errors when using information from HTTP requests Tibor Veres (Oct 18)
- Re: Potential XSS errors when using information from HTTP requests Paul Johnston (Oct 18)
- Re: Potential XSS errors when using information from HTTP requests Jeff Williams (Oct 18)
- <Possible follow-ups>
- RE: Potential XSS errors when using information from HTTP requests Calderon, Juan Carlos (GE Commercial Finance, NonGE) (Oct 18)