Professional Documents
Culture Documents
Issues by Folder
Critical
Medium
Impact
Low
2
0
61
1315
Page 2 of 7
Issues by Category
Refined by: [fortify priority order]:Critical
Issues by Category
Refined by: [fortify priority order]:Medium
Page 3 of 7
:(Critical)
Category: Cross-Site Scripting: Reflected (2 Issues)
Number of Issues
0.00
0.25
0.50
0.75
1.00
1.25
1.50
1.75
2.00
<Unaudited>
Analysis
Not an Issue
Reliability Issue
Bad Practice
Suspicious
Exploitable
Abstract:
Explanation:
Cross-site Scripting (XSS)
1. WebReflected XSS
Persisted XSSStored XSS
2.
JavaScriptHTMLFlash
XSSCookies
Web
1JSPHTTPID eidID
<% String eid = request.getParameter("eid"); %>
...
Employee ID: <%= eid %>
eideid
HTTP
URL
URLURL
Web
WebReflected XSS
2JSPID
<%...
Statement stmt = conn.createStatement();
ResultSet rs = stmt.executeQuery("select * from emp where id="+eid);
if (rs != null) {
rs.next();
String name = rs.getString("name");
%>
Employee Name: <%= name %>
Page 4 of 7
- 1HTTPHTTP
WebReflected XSS
URL
URL(phishing)
URL
Cookie
- 2
Persistent XSS
Recommendations:
XSS
XSS
Web
XSS
WebSQL Injection
XSSXSS
XSS
XSSHTTP
0-9
Web
HTML
HTML
HTML
Carnegie Mellon (Software Engineering Institute) CERT(R) (CERT(R) Coordination
Center) [1]
(block-level)
- <
- &
- ><
-
-
-
- &
URL
URL
- URL
- &CGI
- ASCIIISO-8859-1128URL
Page 5 of 7
- UTF-7<+ADw-
UTF-7
XSS
HTML[2]ISO 8859-1
Cross-Site ScriptingHTTP
Cross-Site Scripting
Tips:
Fortify Source Code Analysis SuiteXSS
Audit Workbench
Foritfy RTA adds protection against this category.
Critical
Folder
Critical
Input Validation and Representation
header.jsp_jspService()7
header.jsp:7 javax.servlet.http.HttpServletRequest.getRemoteUser()
8
9
Sink:
header.jsp:7 java.io.Writer.write()
5
6
7
8
9
Critical
Folder
Critical
Input Validation and Representation
GlobalMonitorobjectList.jsp_jspService()
63
GlobalMonitorobjectList.jsp:63 javax.servlet.ServletRequest.getParameter()
<c:if test="${not empty param.domainSerial && domainSerial != 1}">
<s:url action="DomainEdit_selectByKey" id="pkey">
<s:param name="vo.domainSerial"><c:out value="${param.domainSerial}" /></s:param>
</s:url>
<a href="${pkey}">
Sink:
61
GlobalMonitorobjectList.jsp:63 java.io.Writer.write()
<c:if test="${not empty param.domainSerial && domainSerial != 1}">
Page 6 of 7
:(Meduim)
Page 7 of 7