wangwei
/
classtest
Not watched
1
0
Fork 0
Code
Releases 0 Wiki Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain
You can not select more than 25 topics Topics must start with a chinese character,a letter or number, can include dashes ('-') and can be up to 35 characters long.
Tree: deb511d92a
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'deb511d92a'
${ noResults }
classtest/Reflect_XSS/Reflect_XSS_bad.jsp

19 lines
570 B
Raw Blame History 

  1. <%@ page language="java" contentType="text/html; charset=ISO-8859-1" import="java.util.regex.*"

  2.     pageEncoding="ISO-8859-1"%>

  3. <%

  4. String action = request.getParameter("action");

  5. String field1 = request.getParameter("field1");

  6. String regex1 = "^[0-9]{3}$";// any three digits

  7. Pattern pattern1 = Pattern.compile(regex1);

  8. 

  9. if("Purchase".equals(action))

  10. {

  11. 	if(!pattern1.matcher(field1).matches())

  12. 	{

  13. 		/** If they supplied the right attack, pass them **/

  14. 		

  15. 		out.write("alert('Whoops: You entered an incorrect access code of \"" + field1 + "\"');");  // bad  XSS

  16. 	}

  17. 	

  18. }

  19. %>