From Syhunt Web Application Security Docs

Vulnerable: Vulnerable JSP Code

This page features a few common examples of vulnerable JSP code that Syhunt can find and JSP scanning capabilities that are available in the product.

Important: The implementation of this functionality is still in beta. The first beta begins with a set of checks for XSS vulnerabilities, which we expect to expand like we did with Sandcat for PHP to cover several classes of web application flaws.

XSS Detection

See: Cross-Site Scripting (XSS)

Example

 
<%@ page import="java.util.*,java.io.*"%>
<% out.println(request.getParameter("name")); %>
 

Command Execution Detection

See: Command Execution

Example

 
<%
Runtime.getRuntime().exec(request.getParameter("cmd"));
%>
 

Syhunt scan results for this example code:

Found: 1 vulnerability
In /rce_basic.jsp (source code, locally), on line 2:
  Possible Command Execution Vulnerability

Retrieved from http://www.syhunt.com/docwiki/index.php?n=Vulnerable.JSP
Page last modified on November 28, 2012, at 10:49 AM