Web Application Security
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
Expression Language Injection Sep 12 2011 10:55AM
Stefano Di Paola (stefano dipaola wisec it)
Guys,
someone may be interested in this Spring MVC related paper
(CVE-2011-2730) "Expression Language Injection":
http://blog.mindedsecurity.com/2011/09/expression-language-injection.htm
l

Vulnerable app and server side examples:
http://68.169.49.40:18080/ELInjection/demo.htm

Client side Poc exampl...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus