Citar
JSP 2.0 expression Language - Implicit Objects
This example illustrates some of the implicit objects available in the expression Lanaguage. The following implicit objects are available (not all illustrated here):
* pageContext - the PageContext object
* pageScope - a Map that maps page-scoped attribute names to their values
* requestScope - a Map that maps request-scoped attribute names to their values
* sessionScope - a Map that maps session-scoped attribute names to their values
* applicationScope - a Map that maps application-scoped attribute names to their values
* param - a Map that maps parameter names to a single String parameter value
* paramValues - a Map that maps parameter names to a String[] of all values for that parameter
* header - a Map that maps header names to a single String header value
* headerValues - a Map that maps header names to a String[] of all values for that header
* initParam - a Map that maps context initialization parameter names to their String parameter value
* cookie - a Map that maps cookie names to a single Cookie object.
Change Parameter
foo =
EL expression Result ${param.foo} <script>alert()</script></A>
${param["foo"]} <script>alert()</script></A>
${header["host"]} x-sons.com.ar:8080
${header["accept"]} text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
${header["user-agent"]} Mozilla/5.0 (Windows; U; Windows NT 6.0; es-ES; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9 (.NET CLR 3.5.30729)
This example illustrates some of the implicit objects available in the expression Lanaguage. The following implicit objects are available (not all illustrated here):
* pageContext - the PageContext object
* pageScope - a Map that maps page-scoped attribute names to their values
* requestScope - a Map that maps request-scoped attribute names to their values
* sessionScope - a Map that maps session-scoped attribute names to their values
* applicationScope - a Map that maps application-scoped attribute names to their values
* param - a Map that maps parameter names to a single String parameter value
* paramValues - a Map that maps parameter names to a String[] of all values for that parameter
* header - a Map that maps header names to a single String header value
* headerValues - a Map that maps header names to a String[] of all values for that header
* initParam - a Map that maps context initialization parameter names to their String parameter value
* cookie - a Map that maps cookie names to a single Cookie object.
Change Parameter
foo =
EL expression Result ${param.foo} <script>alert()</script></A>
${param["foo"]} <script>alert()</script></A>
${header["host"]} x-sons.com.ar:8080
${header["accept"]} text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
${header["user-agent"]} Mozilla/5.0 (Windows; U; Windows NT 6.0; es-ES; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9 (.NET CLR 3.5.30729)
Bueno les comento tengo una web donde me salio un bug. atraves de esto que muestro aca que podria hacer?
de que manera se puede dejar desabilidada mi web?
o que datos podria obtener de la misma?
-------------------------------------------------------------------------------------------------
Por otro lado. que medidas deberia tomar para evitar o arreglar este bug
Vale aclarar que si no me equivoco el bug es por medio de xss (cross-site scripting)
de antemano gracias!