This page features a few common examples of vulnerable JSP code that Syhunt can find and JSP scanning capabilities that are available in the product.
Important: The implementation of this functionality is still in beta. The first beta begins with a set of checks for XSS vulnerabilities, which we expect to expand like we did with Sandcat for PHP to cover several classes of web application flaws.
<%@ page import="java.util.*,java.io.*"%> <% out.println(request.getParameter("name")); %>
See: Command Execution
<% Runtime.getRuntime().exec(request.getParameter("cmd")); %>
Syhunt scan results for this example code:
Found: 1 vulnerability In /rce_basic.jsp (source code, locally), on line 2: Possible Command Execution Vulnerability