you,
Jonathan Babie
Java Applications Developer
Work: (838) 910-4274
Personal: (518) 331-8758
From: Bas Gooren
Sent: Tuesday, November 8, 2022 5:08 AM
To: users@wicket.apache.org ; Jonathan P. Babie
Subject: Re: Blind XPath Injection Solution
Hi Jonathan
Hi Jonathan,
If this is an actual problem or not depends on your application.
Several of our apps are security scanned regularly, and we always get some
false positives.
E.g. ”Path based vulnerability” because extra path parameters can be added,
and we still show the same page.
>From your
TL;DR In general wicket app should do server side validation and if client
submits a valid query then it might not be a problem, or you need to add
validation.
Does this ring a bell?
**
Martin
ti 8. marrask. 2022 klo 6.03 Jonathan P. Babie (jba...@osc.ny.gov.invalid)
kirjoitti:
> Hello,
>
>
