| Title | XSS vulnerability in Search.jsp |
| Date | 23-Nov-2004 00:09:03 EET |
| Version | 2.1.120 |
| Submitter | Administrator |
| Criticality | BadBug |
| Browser version | |
| Status | ClosedBug |
| PageProvider used | |
| Servlet Container | |
| Operating System | |
| URL | |
| Java version |
How to repeat: http://(yoursite)/Search.jsp?query=<script>alert('hi')</script>
cf.
CERT Advisory CA-2000-02
http://www.cert.org/advisories/CA-2000-02.html
Microsoft HOWTO: Prevent Cross-Site Scripting Security Issues (Q252985)
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q252985
Microsoft Technet "Cross-site Scripting Overview"
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/topics/csoverv.asp
http://www.microsoft.com/technet/security/news/csoverv.mspx
Fixed in 2.1.122. Here's the necessary patch, if anyone is interested:
--- src/webdocs/Search.jsp 8 May 2003 22:46:21 -0000 1.27
+++ src/webdocs/Search.jsp 23 Nov 2004 20:22:36 -0000 1.28
@@ -41,6 +41,8 @@
list,
PageContext.REQUEST_SCOPE );
+ query = TextUtil.replaceEntities( query );
+
pageContext.setAttribute( "query",
query,
PageContext.REQUEST_SCOPE );
-- JanneJalkanen, 23-Nov-2004
Version 2.1.122 contains the vulnerability too. You fixed it in 2.1.123.
-- SteffenStundzig, 30-Nov-2004
Add new attachment
JSPWiki
- Features
- Download
- Documentation
- Templates
- Plugins
- Provider
- Filters
- Support
- FAQ
- Irc Channel
- Mailing List
- Weblog
- Applications
- Getting Involved
- JSPWIKI Testers
Development
Internet Search