XSS issue in access denied page over URL script
The following URL is a proof of concept XSS payload. In this instance, an alert popup has been executed. This attack is possible as the URL entered by the user is copied into the "Access Denied" page and executed as a script:
http://127.0.0.1:8077/cache/project1_exe/favicon.ico&%3Cimg%20src%3Da%20onerror%3Dalert(%22XSS-Attack%E2%80%9C)%3E
Our fix or solution for this:
We use the HTTPCommand Event in ServerModule. First of all we decode the Request URL with the TURLEncoder. With t
The following URL is a proof of concept XSS payload. In this instance, an alert popup has been executed. This attack is possible as the URL entered by the user is copied into the "Access Denied" page and executed as a script:
http://127.0.0.1:8077/cache/project1_exe/favicon.ico&%3Cimg%20src%3Da%20onerror%3Dalert(%22XSS-Attack%E2%80%9C)%3E
Our fix or solution for this:
We use the HTTPCommand Event in ServerModule. First of all we decode the Request URL with the TURLEncoder. With t