One vulnerabilty found in my application,that is cross site scripting .
JSP page :
<%@ page import="com.lpasystems.cmss.util.StringUtil" %>
<jsp:useBean id="project" class="com.lpasystems.cmss.ProjectBean" scope="application" />
<HTML>
<HEAD>
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<META HTTP-EQUIV="Content-Type" content="text/html; charset=UTF-8">
<TITLE>User Access Type Tabs</TITLE>
<% response.addHeader("X-Frame-Options", "SAMEORIGIN"); %>
<SCRIPT LANGUAGE="JavaScript">
function onLoadTabDocument()
{
parent.parent.DynamicFrame.TabClicked("");
}
var sDoneLoading = 'DONE'
</SCRIPT>
</HEAD>
<%
out.write("<BODY bgcolor=\"" + project.getsTitleBgColor() + "\" text=\"" + project.getsTitleTextColor() + "\"");
// Called from AccessTabs with appropriate OnLoad function call
if(StringUtil.escapeForHTML(request.getParameter("OnLoadGenTabs")) == null) {
out.write(">");
} else {
out.write(" onLoad=\"" + StringUtil.escapeForHTML(request.getParameter("OnLoadGenTabs")) + "\">\n");
}
%>
</BODY>
</HTML>
StringUtil.java
public static
String escapeForHTML(String someText) {
if (someText == null) {
return someText;
}
final StringBuffer result = new StringBuffer();
final StringCharacterIterator iterator = new StringCharacterIterator(someText);
char character = iterator.current();
while (character != CharacterIterator.DONE) {
if (character == '<') {
result.append("<");
}
else if (character == '>') {
result.append(">");
}
else if (character == '&') {
result.append("&");
}
else if (character == '\"') {
result.append(""");
}
else if (character == '\'') {
result.append("'");
}
else if (character == '(') {
result.append("(");
}
else if (character == ')') {
result.append(")");
}
else if (character == '#') {
result.append("#");
}
else if (character == '%') {
result.append("%");
}
else if (character == ';') {
result.append(";");
}
else if (character == '+') {
result.append("+");
}
else if (character == '-') {
result.append("-");
}
else {
// the char is not a special one
// add it to the result as is
result.append(character);
}
character = iterator.next();
}
return result.toString();
}
}
Url - this is the Url that is causing the vunerability
http://usa0300uz3456.apps.mc.xerox.com:10503/CMSS/jsp/GenTabs.jsp?OnLoadGenTabs=%3b%61%6c%65%
72%74%28%36%36%36%38%33%29%2f%2f
Parameter : OnLoadGenTabs
escaped the characters like <,%,> ..but still occuring this issue ..can you please help me how to fix this issue.