Hi, I'm working on the security of a web site. This on has got JSP page under broad vision. In one page, I can pass in paramater via the GET method a variable which the content is displayed on the page Ex: http://serveur/page.jsp?affich=
><bold>bonjour</bold><br> It will be displayed "bonjour" in bold. Is it a flaw ???? Are thy flaws in JSP pages which can allow to execute arbitrary code in server side like there are in CGI script wrote in perl ???? Regards. -- Cédric Foll mail : cedric.follat_private France ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Mon Jul 16 2001 - 10:03:55 PDT