tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Walker Joe <Joe.Wal...@barclaycard.co.uk>
Subject JSP hole?
Date Tue, 25 Jul 2000 14:10:16 GMT

I hope this is just a known hole that isn't publicised enough ..

Very simple JSP page that contains a form to enter a name:

----------------------
<%@ page import="test.*" %>
<jsp:useBean id="example" scope="page" class="test.Example" />
<jsp:setProperty name="example" property="*" />
<html>
<body>

<form>
<input type="text" name="name" size="30">
<input type="submit" value="Submit">
</form>

</html>
----------------------

And a Bean that it works with:

----------------------
package test;
public class Example
{
    public void setName(String name) { this.name = name; debug(); }
    public String getName() { return name; }
    public void setPassword(String pass) { this. pass = pass; debug(); }
    public String getPassword() { return pass; }
    private String name;
    private String pass;
    private void debug()
    {
        System.out.println("name="+name);
        System.out.println("pass="+pass);
    }
}
----------------------

The danger is that using the following URL:

http://localhost:8080/hack/Example.jsp?name=hello&password=fred

I can edit the password field as well as the name field.

The real problem is <jsp:setProperty name="example" property="*" />

Is this well known?

Joe.



Legal Disclaimer:-

Please be aware that messages sent over
the Internet may not be secure and should
not be seen as forming a legally binding
contract unless otherwise stated.

Mime
View raw message