A session value is overwrited by requesting.
--------------------------------------------
Key: WW-2264
URL: https://issues.apache.org/struts/browse/WW-2264
Project: Struts 2
Issue Type: Bug
Components: Value Stack
Affects Versions: 2.0.9
Environment: I tested in struts2.0.9
Reporter: Hisato Killing
Priority: Critical
Attachments: s2inject.zip
The attacker can inject the given value into session map by clicking following
URL.
http://example.com/SomeAction.action?session.somekey=someValue
[[A session value is overwrited by demanding a browser. ]]
FROM: [EMAIL PROTECTED]
TO: struts-dev
>>>>
1.This problem is caused in struts 2.0.9 and others perhaps.
In that case, it is assumed that it is as follows.
i. SomeAction is implements SessionAware.
ii. And It is defined in struts-default.
iii. devMode is true or false.
["someValue"] of the name of "someKey" enters in SessionMap when the
request shown in that URL is processed.
It is meant that ["someValue"] is an array including "someValue".
This causes ClassCastException in case of almost.
[EMAIL PROTECTED]
It is thought that this only has to be my mistake ,setting etc.
Thanks
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
