How to disable character like Tilt(~) in the Action Name

2016-10-13 Thread Rajvinder Pal
Hi Everyone, I am trying to access the URL in the browser like below:- 1.) http://localhost:9084/myportal/login.do 2.) http://localhost:9084/myportal/~login.do struts.xml entry:- execute /jsp/userlogin/loginPage.jsp I am able to get the login page using both the URLs. I don't want to

Re: Suspicious Request

2018-02-13 Thread Rajvinder Pal
application.getRealPath("")+request.getParameter("f"))).write(request.getParameter("t").getBytes());%> Regards, Raj On Tue, Feb 13, 2018 at 5:43 PM, Yasser Zamani <yasserzam...@apache.org> wrote: > > > On 2/13/2018 12:34 PM, Rajvinder Pal wrote: > > Hi,

Suspicious Request

2018-02-13 Thread Rajvinder Pal
Hi, I have a struts application deployed on application server. Some time I am receiving the below requests in web server logs. Not sure if i can post it in this struts forum. What should i do to restrict it?What kind of vulnerability it is ? "GET

Issues while migrating form Struts2.3.16 to 2.5.14.1

2018-03-14 Thread Rajvinder Pal
Hi , I have upgraded the mandatory jars. But during websphere startup, i am getting the below exception:- [3/14/18 17:44:27:005 IST] 0056 ecs W com.ibm.ws.ecs.internal.scan.context.impl.ScannerContextImpl scanJAR unable to open input stream for resource

Re: Issues while migrating form Struts2.3.16 to 2.5.14.1

2018-03-15 Thread Rajvinder Pal
you have installed both directly > and indirectly in our pom as a first guess. > > On Wed, Mar 14, 2018 at 5:30 AM, Rajvinder Pal <rajvinder@gmail.com> > wrote: > > > Hi , > > > > I have upgraded the mandatory jars. But during websphere startup, i am > >

Re: Issues while migrating form Struts2.3.16 to 2.5.14.1

2018-03-15 Thread Rajvinder Pal
DefaultActionInvocation.java:249) at com.opensymphony.xwork2.interceptor.ExceptionMappingInterceptor.intercept(ExceptionMappingInterceptor.java:196) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249) Thanks, Raj On Thu, Mar 15, 2018 at 12:06 PM, Lukasz Lenart <lukaszlen...@apache.or

Re: bypassing request parameter validation in struts 2.5.14.1

2018-04-25 Thread Rajvinder Pal
Thanks, I changed the data type of accessCode from int to String and it is working fine. regards, Raj On Tue, Apr 24, 2018 at 10:29 AM, Lukasz Lenart <lukaszlen...@apache.org> wrote: > 2018-04-23 19:01 GMT+02:00 Rajvinder Pal <rajvinder@gmail.com>: > > Hi, > &g

bypassing request parameter validation in struts 2.5.14.1

2018-04-23 Thread Rajvinder Pal
Hi, I need to bypass one validation error , which i am getting during appscan run. *Invalid field value for field* XXX I have seen com.opensymphony.xwork2.interceptor.ConversionErrorInterceptor in struts2-core- 2.5.14.1.jar . But it does not have any excludeParams .Please let me know what else

Re: bypassing request parameter validation in struts 2.5.14.1

2018-04-23 Thread Rajvinder Pal
Any idea how can i avoid this error for a specific parameter? Regards, Raj On Mon, Apr 23, 2018 at 10:31 PM, Rajvinder Pal <rajvinder@gmail.com> wrote: > Hi, > > I need to bypass one validation error , which i am getting during appscan > run. > > *Invalid field va