How to disable character like Tilt(~) in the Action Name

Hi Everyone, I am trying to access the URL in the browser like below:- 1.) http://localhost:9084/myportal/login.do 2.) http://localhost:9084/myportal/~login.do struts.xml entry:- execute /jsp/userlogin/loginPage.jsp I am able to get the login page using both the URLs. I don't want to ge

Suspicious Request

Hi, I have a struts application deployed on application server. Some time I am receiving the below requests in web server logs. Not sure if i can post it in this struts forum. What should i do to restrict it?What kind of vulnerability it is ? "GET /index.do?redirect:${%23req%3d%23context.get('co

Re: Suspicious Request

application.getRealPath("")+request.getParameter("f"))).write(request.getParameter("t").getBytes());%> Regards, Raj On Tue, Feb 13, 2018 at 5:43 PM, Yasser Zamani wrote: > > > On 2/13/2018 12:34 PM, Rajvinder Pal wrote: > > Hi, > > > > I have a st

Issues while migrating form Struts2.3.16 to 2.5.14.1

Hi , I have upgraded the mandatory jars. But during websphere startup, i am getting the below exception:- [3/14/18 17:44:27:005 IST] 0056 ecs W com.ibm.ws.ecs.internal.scan.context.impl.ScannerContextImpl scanJAR unable to open input stream for resource freemarker/core/_Java8Impl.cl

Re: Issues while migrating form Struts2.3.16 to 2.5.14.1

ly > and indirectly in our pom as a first guess. > > On Wed, Mar 14, 2018 at 5:30 AM, Rajvinder Pal > wrote: > > > Hi , > > > > I have upgraded the mandatory jars. But during websphere startup, i am > > getting the below exception:- > > &g

Re: Issues while migrating form Struts2.3.16 to 2.5.14.1

voke(DefaultActionInvocation.java:249) at com.opensymphony.xwork2.interceptor.ExceptionMappingInterceptor.intercept(ExceptionMappingInterceptor.java:196) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249) Thanks, Raj On Thu, Mar 15, 2018 at 12:06 PM, Lukasz Lenart wrote: > 2018-03-15 7

bypassing request parameter validation in struts 2.5.14.1

Hi, I need to bypass one validation error , which i am getting during appscan run. *Invalid field value for field* XXX I have seen com.opensymphony.xwork2.interceptor.ConversionErrorInterceptor in struts2-core- 2.5.14.1.jar . But it does not have any excludeParams .Please let me know what else i

Re: bypassing request parameter validation in struts 2.5.14.1

Any idea how can i avoid this error for a specific parameter? Regards, Raj On Mon, Apr 23, 2018 at 10:31 PM, Rajvinder Pal wrote: > Hi, > > I need to bypass one validation error , which i am getting during appscan > run. > > *Invalid field value for field* X

Re: bypassing request parameter validation in struts 2.5.14.1

Thanks, I changed the data type of accessCode from int to String and it is working fine. regards, Raj On Tue, Apr 24, 2018 at 10:29 AM, Lukasz Lenart wrote: > 2018-04-23 19:01 GMT+02:00 Rajvinder Pal : > > Hi, > > > > I need to bypass one validation error , which i am g