clients. However, unlike XSS, it has a long lasting effect


because the spoofed resource remains in the browser's cache.


Example


Consider the following JSP page (let's assume it is located in


/redir_lang.jsp):


<%


response.sendRedirect("/by_lang.jsp?lang="+


request.getParameter("lang"));


%>


When invoking /redir_lang.jsp with a parameter lang=English, it will


redirect to /by_lang.jsp?lang=English. A typical response is as follows


(the web server is BEA WebLogic 8.1 SP1   see section  Lab


Environment  in [1] for exact details for this server):


HTTP/1.1 302 Moved Temporarily


Date: Wed, 24 Dec 2003 12:53:28 GMT


Location: http://10.1.1.1/by_lang.jsp?lang=English


Server: WebLogic XMLX Module 8.1 SP1 Fri Jun 20 23:06:40 PDT 2003


271009 with


Content Type: text/html


Set Cookie:


JSESSIONID=1pMRZOiOQzZiE6Y6iivsREg82pq9Bo1ape7h4YoHZ62RXj


ApqwBE! 1251019693; path=/


Connection: Close


302 Moved Temporarily




This document you requested has moved temporarily.


It s now at 


href="http://10.1.1.1/by_lang.jsp?lang=English">http://10.1.1.1/by_lang.jsp


?lang=English.




66


Copyright 2004, Web Application Security Consortium. All rights reserved.






Unlimited Web Hosting






  

    
  

  

    
 
  

  

    
  

  

    
TotalRoute.net Business web hosting division of Vision Web Hosting Inc. All rights reserved.