Questions tagged [jsp]

JavaServer Pages (JSP) is a technology that helps software developers create dynamically generated web pages based on HTML, XML, or other document types. **source Wikipedia:** - [**JavaServer_Pages**][1] [1]: https://en.wikipedia.org/wiki/JavaServer_Pages

JavaServer Pages (JSP) is a technology that helps software developers create dynamically generated web pages based on HTML, XML, or other document types. To deploy and run JavaServer Pages, a compatible web server with a servlet container, such as Apache Tomcat or Jetty, is required.

source Wikipedia:

JSP

6 questions

votes

6 answers

Backend database username and password revealed in JSP Page

Recently I came across a website and when clicking on one of hyperlinks it displayed a HTTP 500 error page as shown in the image, which indicated that it is using Java Server Pages and on line 23 the code read as Connection con =…

asked Feb 13 '22 at 17:14

Wasim Wani

votes

2 answers

Is OWASP ESAPI still the recommended way to secure JSP pages

I noticed OWASP ESAPI hasn't been updated in a while (minor update in 2016, and before 2013). Are there better alternatives to using it i.e. using a more maintained framework's utilities for say escaping and validating user inputs ala XSS…

java owasp esapi jsp

asked Oct 02 '17 at 15:25

blindcodifier9734

votes

0 answers

Solutions from StackOverflow to prevent XSS in JSP pages don't work

I have a JSP page where the HTML title is pulled from a GET parameter title: ${title} Obviously, this allows for XSS attacks. If I follow the answer given on this page and try the solutions <c:out…</div> <div class="grid ai-start jc-space-between fw-wrap"> <div class="grid gs4 fw-wrap tags "> <a href="../../questions/tagged/xss" class="post-tag grid--cell" title="show questions tagged 'xss'" rel="tag">xss</a> <a href="../../questions/tagged/jsp" class="post-tag grid--cell" title="show questions tagged 'jsp'" rel="tag">jsp</a> </div> <div class="started mt0"> <div class="s-user-card s-user-card"> <time class="s-user-card--time" datetime="asked Mar 15 '18 at 18:41">asked Mar 15 '18 at 18:41</time> <a href="../../users/173053/piotrchernin" class="s-avatar s-avatar__32 s-user-card--avatar"> <img class="s-avatar--image" src="../../users/profiles/173053.webp" data-jdenticon-width="32" data-jdenticon-height="32" data-jdenticon-value="PiotrChernin" /> </a> <div class="s-user-card--info"> <a href="../../users/173053/piotrchernin" class="s-user-card--link">PiotrChernin</a> <ul class="s-user-card--awards"> <li class="s-user-card--rep" title="reputation score">131</li> <li class="s-award-bling s-award-bling__bronze" title="2 bronze badges">2</li> </ul> </div> </div> </div> </div> </div> </div> </div> <div class="mln24"> <div class="question-summary" id="question-summary-239261"> <div class="statscontainer"> <div class="stats"> <div class="vote"> <div class="votes"> <span class="vote-count-post"><strong>1</strong></span> <div class="viewcount">vote</div> </div> </div> <div class="status "> <strong>2</strong> answers </div> </div> </div> <div class="summary"> <h3><a href="../../questions/239261/can-c-set-cause-cross-site-scripting-xss-vulnerability" class="question-hyperlink">Can “c:set” cause Cross Site Scripting (XSS) vulnerability?</a></h3> <div class="excerpt">Can this be exploited as XSS vulnerability using urls like localhost/?myVar=<script>alert(document.cookie)</script> or though any other possibility? <c:set var="myVar" value="<%=request.getParameter(\"myVar\")%>"/> <c:if test="${myVar ==…</div> <div class="grid ai-start jc-space-between fw-wrap"> <div class="grid gs4 fw-wrap tags "> <a href="../../questions/tagged/web-application" class="post-tag grid--cell" title="show questions tagged 'web-application'" rel="tag">web-application</a> <a href="../../questions/tagged/xss" class="post-tag grid--cell" title="show questions tagged 'xss'" rel="tag">xss</a> <a href="../../questions/tagged/javascript" class="post-tag grid--cell" title="show questions tagged 'javascript'" rel="tag">javascript</a> <a href="../../questions/tagged/vulnerability" class="post-tag grid--cell" title="show questions tagged 'vulnerability'" rel="tag">vulnerability</a> <a href="../../questions/tagged/jsp" class="post-tag grid--cell" title="show questions tagged 'jsp'" rel="tag">jsp</a> </div> <div class="started mt0"> <div class="s-user-card s-user-card"> <time class="s-user-card--time" datetime="asked Oct 07 '20 at 07:55">asked Oct 07 '20 at 07:55</time> <a href="../../users/243804/rajat-jain" class="s-avatar s-avatar__32 s-user-card--avatar"> <img class="s-avatar--image" src="../../users/profiles/243804.webp" data-jdenticon-width="32" data-jdenticon-height="32" data-jdenticon-value="Rajat Jain" /> </a> <div class="s-user-card--info"> <a href="../../users/243804/rajat-jain" class="s-user-card--link">Rajat Jain</a> <ul class="s-user-card--awards"> <li class="s-user-card--rep" title="reputation score">119</li> <li class="s-award-bling s-award-bling__bronze" title="1 bronze badges">1</li> </ul> </div> </div> </div> </div> </div> </div> </div> <div class="mln24"> <div class="question-summary" id="question-summary-186880"> <div class="statscontainer"> <div class="stats"> <div class="vote"> <div class="votes"> <span class="vote-count-post"><strong>1</strong></span> <div class="viewcount">vote</div> </div> </div> <div class="status "> <strong>1</strong> answer </div> </div> </div> <div class="summary"> <h3><a href="../../questions/186880/how-to-prevent-persistent-xss-vulnerability-with-the-java-struts-1-framework" class="question-hyperlink">How to prevent persistent XSS vulnerability with the Java Struts 1 Framework?</a></h3> <div class="excerpt">I have an application that executes under Tomcat 7, developed with Struts (Java Web Framework). My application contains a security vulnerability (XSS Cross-site scripting). What kind of XSS vulnerability is it ? Persistent (or stored) How is it…</div> <div class="grid ai-start jc-space-between fw-wrap"> <div class="grid gs4 fw-wrap tags "> <a href="../../questions/tagged/xss" class="post-tag grid--cell" title="show questions tagged 'xss'" rel="tag">xss</a> <a href="../../questions/tagged/vulnerability" class="post-tag grid--cell" title="show questions tagged 'vulnerability'" rel="tag">vulnerability</a> <a href="../../questions/tagged/jsp" class="post-tag grid--cell" title="show questions tagged 'jsp'" rel="tag">jsp</a> </div> <div class="started mt0"> <div class="s-user-card s-user-card"> <time class="s-user-card--time" datetime="asked May 31 '18 at 18:23">asked May 31 '18 at 18:23</time> <a href="../../users/179318/grf2018" class="s-avatar s-avatar__32 s-user-card--avatar"> <img class="s-avatar--image" src="../../users/profiles/179318.webp" data-jdenticon-width="32" data-jdenticon-height="32" data-jdenticon-value="grf2018" /> </a> <div class="s-user-card--info"> <a href="../../users/179318/grf2018" class="s-user-card--link">grf2018</a> <ul class="s-user-card--awards"> <li class="s-user-card--rep" title="reputation score">11</li> <li class="s-award-bling s-award-bling__bronze" title="3 bronze badges">3</li> </ul> </div> </div> </div> </div> </div> </div> </div> <div class="mln24"> <div class="question-summary" id="question-summary-262498"> <div class="statscontainer"> <div class="stats"> <div class="vote"> <div class="votes"> <span class="vote-count-post"><strong>0</strong></span> <div class="viewcount">votes</div> </div> </div> <div class="status "> <strong>0</strong> answers </div> </div> </div> <div class="summary"> <h3><a href="../../questions/262498/cmd-jsp-tomcat-understanding-http-status-code-302" class="question-hyperlink">cmd.jsp - Tomcat - Understanding HTTP Status Code (302)</a></h3> <div class="excerpt">I'm currently playing with cmd.jsp webshells on a Java webapp in tomcat. This is the request (sending via burpsuite) PUT /path/cmd.jsp HTTP/1.1 Host: 69.69.69.69 Content-Length: 579 <%@ page import="java.util.*,java.io.*"%> <% if…</div> <div class="grid ai-start jc-space-between fw-wrap"> <div class="grid gs4 fw-wrap tags "> <a href="../../questions/tagged/web-application" class="post-tag grid--cell" title="show questions tagged 'web-application'" rel="tag">web-application</a> <a href="../../questions/tagged/http" class="post-tag grid--cell" title="show questions tagged 'http'" rel="tag">http</a> <a href="../../questions/tagged/burp-suite" class="post-tag grid--cell" title="show questions tagged 'burp-suite'" rel="tag">burp-suite</a> <a href="../../questions/tagged/tomcat" class="post-tag grid--cell" title="show questions tagged 'tomcat'" rel="tag">tomcat</a> <a href="../../questions/tagged/jsp" class="post-tag grid--cell" title="show questions tagged 'jsp'" rel="tag">jsp</a> </div> <div class="started mt0"> <div class="s-user-card s-user-card"> <time class="s-user-card--time" datetime="asked Jun 04 '22 at 09:47">asked Jun 04 '22 at 09:47</time> <a href="../../users/278674/citrusbytez" class="s-avatar s-avatar__32 s-user-card--avatar"> <img class="s-avatar--image" src="../../users/profiles/278674.webp" data-jdenticon-width="32" data-jdenticon-height="32" data-jdenticon-value="citrusbytez" /> </a> <div class="s-user-card--info"> <a href="../../users/278674/citrusbytez" class="s-user-card--link">citrusbytez</a> <ul class="s-user-card--awards"> <li class="s-user-card--rep" title="reputation score">1</li> <li class="s-award-bling s-award-bling__bronze" title="1 bronze badges">1</li> </ul> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> <script src="../../static/js/stack-icons.js"></script> <script src="../../static/js/fromnow.js"></script> </body> </html>