Uploaded image for project: 'Struts 2'
  1. Struts 2
  2. WW-2264

A session value is overwrited by requesting.

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Critical
    • Resolution: Not A Problem
    • 2.0.9
    • 2.0.9
    • Value Stack
    • None
    • I tested in struts2.0.9

    Description

      The attacker can inject the given value into session map by clicking following URL.

      http://example.com/SomeAction.action?session.somekey=someValue

      [[A session value is overwrited by demanding a browser. ]]
      FROM: hisato.killing@gmail.com
      TO: struts-dev
      >>>>
      1.This problem is caused in struts 2.0.9 and others perhaps.

      In that case, it is assumed that it is as follows.
      i. SomeAction is implements SessionAware.
      ii. And It is defined in struts-default.
      iii. devMode is true or false.

      ["someValue"] of the name of "someKey" enters in SessionMap when the
      request shown in that URL is processed.
      It is meant that ["someValue"] is an array including "someValue".
      This causes ClassCastException in case of almost.

      hisato.killing@gmail.com
      It is thought that this only has to be my mistake ,setting etc.

      Thanks

      Attachments

        1. s2inject.zip
          6 kB
          Hisato Killing

        Activity

          People

            Unassigned Unassigned
            hisato.killing Hisato Killing
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: