From: markt Date: Thu, 14 Jun 2007 02:01:19 +0000 (+0000) Subject: Fix XSS issues in snoop.jsp. This is CVE-2007-2449. Some of these are harder (impossi... X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=56a1dd9bbca0a1b146dbfb6d9876b3ee58fcdcdc;p=tomcat7.0 Fix XSS issues in snoop.jsp. This is CVE-2007-2449. Some of these are harder (impossible?) to exploit than others but doing all of them means there won't be another XSS issue to patch later. I also made a similar change for a couple of other JSPs that are in the harder/impossible? to exploit category. git-svn-id: https://svn.apache.org/repos/asf/tomcat/tc6.0.x/trunk@547081 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/webapps/examples/jsp/security/protected/index.jsp b/webapps/examples/jsp/security/protected/index.jsp index f7585ebec..d2e84be22 100644 --- a/webapps/examples/jsp/security/protected/index.jsp +++ b/webapps/examples/jsp/security/protected/index.jsp @@ -27,14 +27,16 @@ -You are logged in as remote user <%= request.getRemoteUser() %> +You are logged in as remote user +<%= util.HTMLFilter.filter(request.getRemoteUser()) %> in session <%= session.getId() %>

<% if (request.getUserPrincipal() != null) { %> Your user principal name is - <%= request.getUserPrincipal().getName() %>

+ <%= util.HTMLFilter.filter(request.getUserPrincipal().getName()) %> +

<% } else { %> diff --git a/webapps/examples/jsp/snp/snoop.html b/webapps/examples/jsp/snp/snoop.html index 0f1f08845..e48355b43 100644 --- a/webapps/examples/jsp/snp/snoop.html +++ b/webapps/examples/jsp/snp/snoop.html @@ -24,8 +24,8 @@

Source Code for Request Parameters Example -

Source Code for Request Parameters Example +

diff --git a/webapps/examples/jsp/snp/snoop.jsp b/webapps/examples/jsp/snp/snoop.jsp index 9b979eed7..c8561dec6 100644 --- a/webapps/examples/jsp/snp/snoop.jsp +++ b/webapps/examples/jsp/snp/snoop.jsp @@ -19,37 +19,38 @@

Request Information

-JSP Request Method: <% out.print(util.HTMLFilter.filter(request.getMethod())); %> +JSP Request Method: <%= util.HTMLFilter.filter(request.getMethod()) %>
-Request URI: <%= request.getRequestURI() %> +Request URI: <%= util.HTMLFilter.filter(request.getRequestURI()) %>
-Request Protocol: <%= request.getProtocol() %> +Request Protocol: <%= util.HTMLFilter.filter(request.getProtocol()) %>
-Servlet path: <%= request.getServletPath() %> +Servlet path: <%= util.HTMLFilter.filter(request.getServletPath()) %>
-Path info: <% out.print(util.HTMLFilter.filter(request.getPathInfo())); %> +Path info: <%= util.HTMLFilter.filter(request.getPathInfo()) %>
-Query string: <% out.print(util.HTMLFilter.filter(request.getQueryString())); %> +Query string: <%= util.HTMLFilter.filter(request.getQueryString()) %>
Content length: <%= request.getContentLength() %>
-Content type: <% out.print(util.HTMLFilter.filter(request.getContentType())); %> +Content type: <%= util.HTMLFilter.filter(request.getContentType()) %>
-Server name: <%= request.getServerName() %> +Server name: <%= util.HTMLFilter.filter(request.getServerName()) %>
Server port: <%= request.getServerPort() %>
-Remote user: <%= request.getRemoteUser() %> +Remote user: <%= util.HTMLFilter.filter(request.getRemoteUser()) %>
-Remote address: <%= request.getRemoteAddr() %> +Remote address: <%= util.HTMLFilter.filter(request.getRemoteAddr()) %>
-Remote host: <%= request.getRemoteHost() %> +Remote host: <%= util.HTMLFilter.filter(request.getRemoteHost()) %>
-Authorization scheme: <%= request.getAuthType() %> +Authorization scheme: <%= util.HTMLFilter.filter(request.getAuthType()) %>
Locale: <%= request.getLocale() %>

-The browser you are using is <% out.print(util.HTMLFilter.filter(request.getHeader("User-Agent"))); %> +The browser you are using is +<%= util.HTMLFilter.filter(request.getHeader("User-Agent")) %>

diff --git a/webapps/examples/jsp/source.jsp b/webapps/examples/jsp/source.jsp index 3940796f9..d26ee51c8 100644 --- a/webapps/examples/jsp/source.jsp +++ b/webapps/examples/jsp/source.jsp @@ -17,4 +17,4 @@ <%@ taglib uri="http://jakarta.apache.org/tomcat/examples-taglib" prefix="eg" %> - +