Questions tagged [el-injection]

Expression Language Injection (EL-injection or ELI) is an attack where poorly sanitized user input is fed to the Java Unified Expression Language interpreter and injected into a webpage.

2 questions

votes

0 answers

Calling methods with Expression Language Injection in Spring Framework?

I'm currently on a pentest and I've come across a URL parameter which is vulnerable to Expression Language (EL) injection and I can prove that by accessing properties such as ${pageContext}. However, it appears that I have access to Java object…

asked Jun 03 '16 at 11:55

DarkMantis

votes

1 answer

Clarification about PrimeFaces Expression Language Injection

The PrimeFaces Expression Language Injection explained here: http://blog.mindedsecurity.com/2016/02/rce-in-oracle-netbeans-opensource.html Will happy for the clarification about the remediation: Why not enough to filter all requests with…

java injection el-injection

asked Aug 18 '17 at 11:59

Michael

1,457
1
18
36