dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Changed the field1.replaceAll to field1 = field1.replaceAll. The first case does not clean the taint

Browse Source 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@474 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
mayhew64@gmail.com 2012-04-27 14:14:24 +00:00
parent dec4f45f8c
commit 3079397430
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
webgoat/src/main/webapp/lessons/Ajax/eval.jsp
View File

@ -12,10 +12,11 @@ if(field1 == null) field1 = "123";
if(field2 == null) field2 = "-1"; if(field2 == null) field2 = "-1";
/** For security reasons, we remove all '<' and '>' characters to prevent XSS **/ /** For security reasons, we remove all '<' and '>' characters to prevent XSS **/
field1.replaceAll("<", ""); // Thank you Victor Bucutea for noticing replaceAll only cleans taint to the return value.
field1.replaceAll(">", ""); field1 = field1.replaceAll("<", "");
field2.replaceAll("<", ""); field1 = field1.replaceAll(">", "");
field2.replaceAll(">", ""); field2 = field2.replaceAll("<", "");
field2 = field2.replaceAll(">", "");
if("Purchase".equals(action)) if("Purchase".equals(action))
{ {