I tried this too, and I can confirm that it does actually shut down the server. The return value of the method that the property tag references is evaluated for some reason, which makes the application vulnerable to OGNL injection attacks... this is a huge security problem.
On 7/16/07, Aram Mkhitaryan <[EMAIL PROTECTED]> wrote:
Maybe it's new just for me, but I found out one of the main reasons of the problem try to submit "[EMAIL PROTECTED]@exit(0)}" in the viewable property for example you submit a text, and it is displayed by s2's tags try and have fun ... this expression works and my server shuts down! the problem I mentioned is that when I say "print property" it executes it at first ... but it should not! I'm right, amn't I? why it executes the string value in my property? (it's not just a problem, it's a security risk, the users can hack s2 sites) (at least who may read this message will know that he can hack s2 sites and the simplest way is given above) that's why even when you do not use ognl expressions, it still works and it costs ... Best, Aram ________________________________ Aram Mkhitaryan 52, 25 Lvovyan, Yerevan 375000, Armenia Mobile: +374 91 518456 E-mail: [EMAIL PROTECTED]
