Forums: Analyze This Code - Forums

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Analyze This Code Can we bypass this JSP

#1 Guest_onlinepass_*

  • Group: Guests

Post icon  Posted 15 April 2004 - 02:41 AM

Quote

<%
String sessionString = "";

session.setMaxInactiveInterval(500);

if (!session.isNew())
{
  if (session.getAttribute("someattribute")==null)
  {
  response.sendRedirect("../default.html");
  }
  else
  {
  sessionString = session.getAttribute("someattribute").toString();
   
  if (!sessionString.equals("ax98asdf8234"))
  {
    response.sendRedirect("../default.html");
  }
  }
}

if (session.isNew())
{
  response.sendRedirect("../default.html");
}

%>
<%
String appth = request.getContextPath();
String userString = request.getParameter("Usrtring");
if (userString.equals("validated"))
{
%>


I have tried to bypass this JSP validation using some tricks by using a proxy in between and changing the attributes and other stuff, but still i dont seem to be hitting it right.

Can any one of you identify how we can bypass thiss???
0

#2 User is offline   Logan 

  • Specialist
  • Icon
  • Group: Specialist
  • Posts: 1,596
  • Joined: 29-February 04

Posted 15 April 2004 - 02:45 AM

is it just me or is this a how to hack?
Logan's Web Services
0

#3 Guest_onlinepass_*

  • Group: Guests

Posted 15 April 2004 - 03:23 AM

Wot does it seem to you... if i were hacking in to it.... and the server would give me the JSP source...

tweakz20 First try to understand that JSP source is not spitted out as simmilar to HTML code.
you need to have the source code.


And also I think this is much better than asking for "SQL Injection Strings"

This post has been edited by onlinepass: 15 April 2004 - 05:04 AM

0

#4 User is offline   phase 

  • Private First Class
  • Icon
  • Group: Members
  • Posts: 48
  • Joined: 15-December 03

Posted 15 April 2004 - 10:09 AM

I am not really seeing what you are trying your doing. Give me some more info.

This code seems to just look at the session. There is bound to be more code involved.

phase :ph34r:
0

#5 User is offline   Logan 

  • Specialist
  • Icon
  • Group: Specialist
  • Posts: 1,596
  • Joined: 29-February 04

Posted 15 April 2004 - 02:55 PM

onlinepass, on Apr 15 2004, 11:23 AM, said:

tweakz20 First try to understand that JSP source is not spitted out as simmilar to HTML code.
you need to have the source code.

ahhh, sorry, i didn't really look at it.. just saw javascript and a "how to bypass" question
btw: i agree with phase
Logan's Web Services
0
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users

  • Share



Our Sponsors:


SwiftLayer Affiliate Web Hosting