|
Mantis - Resin
|
|||||
| Viewing Issue Advanced Details | |||||
|
|
|||||
| ID: | Category: | Severity: | Reproducibility: | Date Submitted: | Last Update: |
| 4794 | minor | always | 10-12-11 08:35 | 06-20-12 11:07 | |
|
|
|||||
| Reporter: | cowan | Platform: | |||
| Assigned To: | ferg | OS: | |||
| Priority: | high | OS Version: | |||
| Status: | closed | Product Version: | 4.0.24 | ||
| Product Build: | Resolution: | not fixable | |||
| Projection: | none | ||||
| ETA: | none | Fixed in Version: | |||
|
|
|||||
| Summary: | 0004794: getRequestURI is URL decoded using mod_caucho | ||||
| Description: |
sample.war attached [Access URL (use Resin web server)] http://192.168.108.38:8080/sample/test/%22%3EXSS%3C/A%3E%3Cscript%3Ealert('XSS')%3C/script%3E [^] [Result] getRequestURL: http://192.168.108.38:8080/sample/test/%22%3EXSS%3C/A%3E%3Cscript%3Ealert('XSS')%3C/script%3E [^] getRequestURI: /sample/test/%22%3EXSS%3C/A%3E%3Cscript%3Ealert('XSS')%3C/script%3E [Access URL (use Apache2.2)] http://192.168.108.38/sample/test/%22%3EXSS%3C/A%3E%3Cscript%3Ealert('XSS')%3C/script%3E [^] [Result] getRequestURL: http://192.168.108.38/sample/test/">XSS</A><script>alert('XSS')</script> [^] getRequestURI: /sample/test/">XSS</A><script>alert('XSS')</script> |
||||
| Steps To Reproduce: | |||||
| Additional Information: |
Rep by N. SHINOMIYA |
||||
| Relationships | |||||
| Attached Files: | |||||
| Notes | |||||
|
|
|||||
|
|
||||
|
|
|||||
|
|
||||
|
|
|||||
|
|
||||
|
|
|||||
|
|
||||