psiinon / bodgeit Goto Github PK
View Code? Open in Web Editor NEWThe BodgeIt Store is a vulnerable web application which is currently aimed at people who are new to pen testing.
The BodgeIt Store is a vulnerable web application which is currently aimed at people who are new to pen testing.
What steps will reproduce the problem?
1. go to bodgeit/advanced.jsp
What is the expected output? What do you see instead?
Not sure but I am guessing not what I get.
backtrack 5r2
Please provide any additional information below.
When I load the advanced search I get this exception report.
type Exception report
message
description The server encountered an internal error () that prevented it from
fulfilling this request.
exception
org.apache.jasper.JasperException: Unable to compile class for JSP:
An error occurred at line: 8 in the generated java file
Only a type can be imported. com.thebodgeitstore.util.AES resolves to a package
An error occurred at line: 48 in the jsp file: /advanced.jsp
AES cannot be resolved to a type
45: String key = "";
46: String[] params = {};
47: if (request.getMethod().equals("POST")){
48: AES enc = new AES();
49: try {
50: key = session.getAttribute("key").toString();
51: } catch (Exception e){
Original issue reported on code.google.com by [email protected]
on 12 Oct 2012 at 1:50
No war file found, only source code available.
please provide compile instructions or a link to the war file.
It is possible to run a XSS attack through the contact.jsp
servlet that allows attackers to run arbitrary javascript code on the contact.jsp
page itself and on admin.jsp
.
contact.jsp
as guest usernull
and comments
fields to %3CScript%3Ealert%28%27hello%27%29%3B%3C%2FScript%3E
(e.g. null=%3CScript%3Ealert%28%27hello%27%29%3B%3C%2FScript%3E&anticsrf=0.33839068496777436&comments=%3CScript%3Ealert%28%27hello%27%29%3B%3C%2FScript%3Enull=%3CScript%3Ealert%28%27hello%27%29%3B%3C%2FScript%3E&anticsrf=0.33839068496777436&comments=%3CScript%3Ealert%28%27hello%27%29%3B%3C%2FScript%3E
).hello
should be displayedWhat steps will reproduce the problem?
1.Copy the bodgeit.war file into the webapps directory for tomcat 6.0.30
2. Start tomcat
3. go to http://localhost:8080/bodgeit/ but you can see the stack trace as
soon as Tomcat is started--before you even try and load bodgeit in the browser
What is the expected output? What do you see instead?
Sep 3, 2012 9:07:32 AM org.apache.catalina.core.AprLifecycleListener init
INFO: The Apache Tomcat Native library which allows optimal performance in
production environments was not found on the java.library.path: C:\Program
Files\Java\jre6\bin;.;C:\WINDOWS\Sun\Java\bin;C:\WINDOWS\system32;C:\WINDOWS;C:/
Program Files/Java/jre6/bin/client;C:/Program Files/Java/jre6/bin;C:\Program
Files\PHP\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program
Files\QuickTime\QTSystem\;D:\Temp\eclipse\plugins\org.apache.ant_1.7.1.v20090120
-1145/bin;C:\Python27;C:\Program Files\MySQL\MySQL Server 5.5\bin
Sep 3, 2012 9:07:32 AM org.apache.coyote.http11.Http11Protocol init
INFO: Initializing Coyote HTTP/1.1 on http-8080
Sep 3, 2012 9:07:32 AM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 485 ms
Sep 3, 2012 9:07:32 AM org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
Sep 3, 2012 9:07:32 AM org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/6.0.14
Sep 3, 2012 9:07:32 AM org.apache.catalina.startup.HostConfig deployWAR
INFO: Deploying web application archive bodgeit.war
Sep 3, 2012 9:07:34 AM org.apache.catalina.loader.WebappClassLoader
validateJarFile
INFO: validateJarFile(D:\Temp\1 Java\Apache
Group\apache-tomcat-6.0.30\webapps\bodgeit\WEB-INF\lib\servlet-api.jar) - jar
not loaded. See Servlet Spec 2.3, section 9.7.2. Offending class:
javax/servlet/Servlet.class
Sep 3, 2012 9:07:36 AM org.apache.catalina.core.StandardContext loadOnStartup
SEVERE: Servlet /bodgeit threw load() exception
org.apache.jasper.JasperException: Unable to compile class for JSP:
An error occurred at line: 239 in the generated java file
The method getJspApplicationContext(ServletContext) is undefined for the type
JspFactory
Stacktrace:
at org.apache.jasper.compiler.DefaultErrorHandler.javacError(DefaultErrorHandler.java:92)
at org.apache.jasper.compiler.ErrorDispatcher.javacError(ErrorDispatcher.java:330)
at org.apache.jasper.compiler.JDTCompiler.generateClass(JDTCompiler.java:423)
at org.apache.jasper.compiler.Compiler.compile(Compiler.java:308)
at org.apache.jasper.compiler.Compiler.compile(Compiler.java:286)
at org.apache.jasper.compiler.Compiler.compile(Compiler.java:273)
at org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:566)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:317)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:320)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:266)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1180)
at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:981)
at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4045)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4351)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525)
at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:825)
at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:714)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:490)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:719)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at org.apache.catalina.core.StandardService.start(StandardService.java:516)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:566)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
Sep 3, 2012 9:07:36 AM org.apache.tomcat.util.modeler.Registry registerComponent
SEVERE: Null component
Catalina:type=JspMonitor,name=InitServlet,WebModule=//localhost/bodgeit,J2EEAppl
ication=none,J2EEServer=none
Sep 3, 2012 9:07:36 AM org.apache.catalina.core.ApplicationContext log
INFO: ContextListener: contextInitialized()
Sep 3, 2012 9:07:36 AM org.apache.catalina.core.ApplicationContext log
INFO: SessionListener: contextInitialized()
Sep 3, 2012 9:07:36 AM org.apache.coyote.http11.Http11Protocol start
INFO: Starting Coyote HTTP/1.1 on http-8080
Sep 3, 2012 9:07:36 AM org.apache.jk.common.ChannelSocket init
INFO: JK: ajp13 listening on /0.0.0.0:8009
Sep 3, 2012 9:07:36 AM org.apache.jk.server.JkMain start
INFO: Jk running ID=0 time=0/47 config=null
Sep 3, 2012 9:07:36 AM org.apache.catalina.startup.Catalina start
INFO: Server startup in 3954 ms
Sep 3, 2012 9:08:25 AM org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet jsp threw exception
org.apache.jasper.JasperException: Unable to compile class for JSP:
An error occurred at line: 53 in the generated java file
The method getJspApplicationContext(ServletContext) is undefined for the type
JspFactory
Stacktrace:
at org.apache.jasper.compiler.DefaultErrorHandler.javacError(DefaultErrorHandler.java:92)
at org.apache.jasper.compiler.ErrorDispatcher.javacError(ErrorDispatcher.java:330)
at org.apache.jasper.compiler.JDTCompiler.generateClass(JDTCompiler.java:423)
at org.apache.jasper.compiler.Compiler.compile(Compiler.java:308)
at org.apache.jasper.compiler.Compiler.compile(Compiler.java:286)
at org.apache.jasper.compiler.Compiler.compile(Compiler.java:273)
at org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:566)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:317)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:320)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:266)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:263)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:584)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Unknown Source)
What version of the product are you using? On what operating system?
1.4 Windows XP
Please provide any additional information below.
Original issue reported on code.google.com by [email protected]
on 3 Sep 2012 at 4:15
Adding products to the basket is vulnerable to CRSF attacks.
Need to find a good way of scoring this - any suggestions welcome.
Original issue reported on code.google.com by [email protected]
on 14 Apr 2011 at 2:57
In the installation notes it states:
All you need to do is download and open the zip file, and then extract the war
file into the webapps directory of your favorite servlet engine.
Then point your browser at (for example) http://localhost:8080/bodgeit
Q. Exactly what do you mean by 'point your browser'? Are you referring to a
proxy setting here?
Original issue reported on code.google.com by [email protected]
on 30 Jun 2014 at 3:05
password.jsp
12345' where name = '[email protected]'--
in the password fieldslogin.jsp
[email protected]
and password 12345
It is possible to run a SQLi attack through the register.jsp servlet that allows new users to register as administrator.
register.jsp
H@ans','ADMIN','12345')
in the username field12345
in the password fieldsadmin.jsp
where the user is listed as root userSorry, if this is trivial, but the github contains no WAR file, no instructions how to get it. Could you please let me know and update accordingly?
You can do an XSS attack on the Login form that does not count for any
challenge result:
1. Go to http://localhost:18080/bodgeit/login.jsp
2. Provide Username [email protected]') --<script>alert("XSS")</script>
Original issue reported on code.google.com by [email protected]
on 9 Aug 2013 at 8:08
Hi 👋
The docker image was build some year ago, and the schema used back then is now getting slowly deprecated.
When pulling the image it is currently outputting:
docker pull psiinon/bodgeit
Using default tag: latest
latest: Pulling from psiinon/bodgeit
Image docker.io/psiinon/bodgeit:latest uses outdated schema1 manifest format. Please upgrade to a schema2 image for better future compatibility. More information at https://docs.docker.com/registry/spec/deprecated-schema-v1/
142a601d9793: Already exists
...
98113d72b3dc: Already exists
Digest: sha256:6582f6b195494f8b346ed18cab7617ba422d69c93a46ed187b3a9eeb401afed1
Status: Image is up to date for psiinon/bodgeit:latest
docker.io/psiinon/bodgeit:latest
I'm raising this issue primarily as the old docker schema version apparently doesn't work with some image scanning tools like trivy anymore. Which is sad as bodgeit would be a nice example for an older docker image.
A rebuild and push with a current docker version seems to fix this.
I've tried it out and it seems to be working fine (https://hub.docker.com/repository/docker/j12934/bodgeit). Would be awesome if the official docker image could be updated 🚀
What steps will reproduce the problem?
1.Install Tomcat 7.0.28
2.Load Bodgeit 1.3.0
3.place search.jsp code in the bodgeit store app.
What is the expected output? What do you see instead?
I expect the search page.
org.apache.jasper.JasperException: Unable to compile class for JSP:
An error occurred at line: 15 in the generated java file
Only a type can be imported. org.apache.commons.lang3.StringEscapeUtils
resolves to a package
An error occurred at line: 48 in the jsp file: /search.jsp
StringEscapeUtils cannot be resolved
45: <%
46: Statement stmt = conn.createStatement();
47: ResultSet rs = null;
48: query = StringEscapeUtils.escapeHtml4(query).replaceAll("'",
"'");
49:
50: try {
51: String sql = "SELECT PRODUCT, DESC, TYPE, TYPEID, PRICE " +
What version of the product are you using? On what operating system?
1.3.0, OSX Lion
Please provide any additional information below.
I think this is related to the fact that search.jsp isn't part of the app WAR
but I am not sure.
Original issue reported on code.google.com by [email protected]
on 25 Jun 2012 at 1:04
Hello,
I am using Ubuntu 14.04 LTS and trying to make the build targets from build.xml work.
"ant compile" and "ant deploy" worked fine, but before being able to proceed with the subsequent targets I had to manually create two directories:
build/tests
build /WEB-INF/classes
ZAP is configured to port 8090, running in daemon mode. Bodgeit Store is deployed to Tomcat7's webapps directory and verified to work.
peter@xubuntuvm:~/git/bodgeit$ ant test
Buildfile: /home/peter/git/bodgeit/build.xml
test:
[junit] WARNING: multiple versions of ant detected in path for junit
[junit] jar:file:/usr/share/ant/lib/ant.jar!/org/apache/tools/ant/Project.class
[junit] and jar:file:/home/peter/git/bodgeit/lib/ant.jar!/org/apache/tools/ant/Project.class
[junit] Running com.thebodgeitstore.selenium.tests.FunctionalTest
[junit] Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 0 sec
[junit] Test com.thebodgeitstore.selenium.tests.FunctionalTest FAILED
BUILD SUCCESSFUL
Total time: 0 seconds
peter@xubuntuvm:~/git/bodgeit$ ant zap-proxy-tests
Buildfile: /home/peter/git/bodgeit/build.xml
zap-proxy-tests:
[junit] WARNING: multiple versions of ant detected in path for junit
[junit] jar:file:/usr/share/ant/lib/ant.jar!/org/apache/tools/ant/Project.class
[junit] and jar:file:/home/peter/git/bodgeit/lib/ant.jar!/org/apache/tools/ant/Project.class
[junit] Running com.thebodgeitstore.selenium.tests.FunctionalZAP
[junit] Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 0 sec
[junit] Test com.thebodgeitstore.selenium.tests.FunctionalZAP FAILED
BUILD SUCCESSFUL
Total time: 0 seconds
peter@xubuntuvm:~/git/bodgeit$ ant zap-test
Buildfile: /home/peter/git/bodgeit/build.xml
zap-test:
zap-proxy-tests:
[junit] WARNING: multiple versions of ant detected in path for junit
[junit] jar:file:/usr/share/ant/lib/ant.jar!/org/apache/tools/ant/Project.class
[junit] and jar:file:/home/peter/git/bodgeit/lib/ant.jar!/org/apache/tools/ant/Project.class
[junit] Running com.thebodgeitstore.selenium.tests.FunctionalZAP
[junit] Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 0 sec
[junit] Test com.thebodgeitstore.selenium.tests.FunctionalZAP FAILED
zap-spider:
[java] Open URL: http://zap/xml/spider/action/scan/?url=http%3A%2F%2Flocalhost%3A8080%2Fbodgeit%2F&
[java] [Fatal Error] :1:1: Content ist nicht zulässig in Prolog.
[java] org.zaproxy.clientapi.core.ClientApiException: org.zaproxy.clientapi.core.ClientApiException: org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; Content ist nicht zulässig in Prolog.
[java] at org.zaproxy.clientapi.core.ClientApi.callApi(Unknown Source)
[java] at org.zaproxy.clientapi.gen.Spider.scan(Unknown Source)
[java] at org.zaproxy.clientapi.core.ClientApi.spiderAndPoll(Unknown Source)
[java] at org.zaproxy.clientapi.core.ClientApiMain.executeTask(Unknown Source)
[java] at org.zaproxy.clientapi.core.ClientApiMain.(Unknown Source)
[java] at org.zaproxy.clientapi.core.ClientApiMain.main(Unknown Source)
[java] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[java] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
[java] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[java] at java.lang.reflect.Method.invoke(Method.java:606)
[java] at org.apache.tools.ant.taskdefs.ExecuteJava.run(ExecuteJava.java:217)
[java] at org.apache.tools.ant.taskdefs.ExecuteJava.execute(ExecuteJava.java:152)
[java] at org.apache.tools.ant.taskdefs.Java.run(Java.java:771)
[java] at org.apache.tools.ant.taskdefs.Java.executeJava(Java.java:221)
[java] at org.apache.tools.ant.taskdefs.Java.executeJava(Java.java:135)
[java] at org.apache.tools.ant.taskdefs.Java.execute(Java.java:108)
[java] at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:292)
[java] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[java] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
[java] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[java] at java.lang.reflect.Method.invoke(Method.java:606)
[java] at org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:106)
[java] at org.apache.tools.ant.Task.perform(Task.java:348)
[java] at org.apache.tools.ant.Target.execute(Target.java:435)
[java] at org.apache.tools.ant.Target.performTasks(Target.java:456)
[java] at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1393)
[java] at org.apache.tools.ant.helper.SingleCheckExecutor.executeTargets(SingleCheckExecutor.java:38)
[java] at org.apache.tools.ant.Project.executeTargets(Project.java:1248)
[java] at org.apache.tools.ant.taskdefs.Ant.execute(Ant.java:440)
[java] at org.apache.tools.ant.taskdefs.CallTarget.execute(CallTarget.java:105)
[java] at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:292)
[java] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[java] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
[java] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[java] at java.lang.reflect.Method.invoke(Method.java:606)
[java] at org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:106)
[java] at org.apache.tools.ant.Task.perform(Task.java:348)
[java] at org.apache.tools.ant.Target.execute(Target.java:435)
[java] at org.apache.tools.ant.Target.performTasks(Target.java:456)
[java] at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1393)
[java] at org.apache.tools.ant.Project.executeTarget(Project.java:1364)
[java] at org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultExecutor.java:41)
[java] at org.apache.tools.ant.Project.executeTargets(Project.java:1248)
[java] at org.apache.tools.ant.Main.runBuild(Main.java:851)
[java] at org.apache.tools.ant.Main.startAnt(Main.java:235)
[java] at org.apache.tools.ant.launch.Launcher.run(Launcher.java:280)
[java] at org.apache.tools.ant.launch.Launcher.main(Launcher.java:109)
[java] Caused by: org.zaproxy.clientapi.core.ClientApiException: org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; Content ist nicht zulässig in Prolog.
[java] at org.zaproxy.clientapi.core.ClientApi.callApiDom(Unknown Source)
[java] ... 47 more
[java] Caused by: org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; Content ist nicht zulässig in Prolog.
[java] at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:257)
[java] at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:347)
[java] at javax.xml.parsers.DocumentBuilder.parse(DocumentBuilder.java:121)
[java] ... 48 more
[java] usage: spider url={url} [zapaddr={ip}] [zapport={port}]
[java]
[java] Examples:
[java] 1. Type 'java -jar zap-api.jar activeScanUrl url=http://myurl.com/'
[java] Execute and active scan on http://myurl.com/ using zap listening on localhost:8090
[java] 2. Type 'java -jar zap-api.jar activeScanUrl url=http://myurl.com/' zapaddr=192.168.1.1 zapport=7080'
[java] Execute and active scan on http://myurl.com/ using zap listening on 192.168.1.1:7080
[java]
[java] Java Result: 1
zap-ascan:
[java] Open URL: http://zap/xml/ascan/action/scan/?inScopeOnly=false&recurse=true&url=http%3A%2F%2Flocalhost%3A8080%2Fbodgeit%2F&
[java] [Fatal Error] :1:1: Content ist nicht zulässig in Prolog.
[java] org.zaproxy.clientapi.core.ClientApiException: org.zaproxy.clientapi.core.ClientApiException: org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; Content ist nicht zulässig in Prolog.
[java] at org.zaproxy.clientapi.core.ClientApi.callApi(Unknown Source)
[java] at org.zaproxy.clientapi.gen.Ascan.scan(Unknown Source)
[java] at org.zaproxy.clientapi.core.ClientApi.activeScanAndPoll(Unknown Source)
[java] at org.zaproxy.clientapi.core.ClientApiMain.executeTask(Unknown Source)
[java] at org.zaproxy.clientapi.core.ClientApiMain.(Unknown Source)
[java] at org.zaproxy.clientapi.core.ClientApiMain.main(Unknown Source)
[java] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[java] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
[java] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[java] at java.lang.reflect.Method.invoke(Method.java:606)
[java] at org.apache.tools.ant.taskdefs.ExecuteJava.run(ExecuteJava.java:217)
[java] at org.apache.tools.ant.taskdefs.ExecuteJava.execute(ExecuteJava.java:152)
[java] at org.apache.tools.ant.taskdefs.Java.run(Java.java:771)
[java] at org.apache.tools.ant.taskdefs.Java.executeJava(Java.java:221)
[java] at org.apache.tools.ant.taskdefs.Java.executeJava(Java.java:135)
[java] at org.apache.tools.ant.taskdefs.Java.execute(Java.java:108)
[java] at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:292)
[java] at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)
[java] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[java] at java.lang.reflect.Method.invoke(Method.java:606)
[java] at org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:106)
[java] at org.apache.tools.ant.Task.perform(Task.java:348)
[java] at org.apache.tools.ant.Target.execute(Target.java:435)
[java] at org.apache.tools.ant.Target.performTasks(Target.java:456)
[java] at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1393)
[java] at org.apache.tools.ant.helper.SingleCheckExecutor.executeTargets(SingleCheckExecutor.java:38)
[java] at org.apache.tools.ant.Project.executeTargets(Project.java:1248)
[java] at org.apache.tools.ant.taskdefs.Ant.execute(Ant.java:440)
[java] at org.apache.tools.ant.taskdefs.CallTarget.execute(CallTarget.java:105)
[java] at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:292)
[java] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[java] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
[java] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[java] at java.lang.reflect.Method.invoke(Method.java:606)
[java] at org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:106)
[java] at org.apache.tools.ant.Task.perform(Task.java:348)
[java] at org.apache.tools.ant.Target.execute(Target.java:435)
[java] at org.apache.tools.ant.Target.performTasks(Target.java:456)
[java] at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1393)
[java] at org.apache.tools.ant.Project.executeTarget(Project.java:1364)
[java] at org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultExecutor.java:41)
[java] at org.apache.tools.ant.Project.executeTargets(Project.java:1248)
[java] at org.apache.tools.ant.Main.runBuild(Main.java:851)
[java] at org.apache.tools.ant.Main.startAnt(Main.java:235)
[java] at org.apache.tools.ant.launch.Launcher.run(Launcher.java:280)
[java] at org.apache.tools.ant.launch.Launcher.main(Launcher.java:109)
[java] Caused by: org.zaproxy.clientapi.core.ClientApiException: org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; Content ist nicht zulässig in Prolog.
[java] at org.zaproxy.clientapi.core.ClientApi.callApiDom(Unknown Source)
[java] ... 46 more
[java] Caused by: org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; Content ist nicht zulässig in Prolog.
[java] at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:257)
[java] at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:347)
[java] at javax.xml.parsers.DocumentBuilder.parse(DocumentBuilder.java:121)
[java] ... 47 more
[java] usage: activeScanSubtree url={url} [zapaddr={ip}] [zapport={port}]
[java]
[java] Examples:
[java] 1. Type 'java -jar zap-api.jar activeScanUrl url=http://myurl.com/'
[java] Execute and active scan on http://myurl.com/ using zap listening on localhost:8090
[java] 2. Type 'java -jar zap-api.jar activeScanUrl url=http://myurl.com/' zapaddr=192.168.1.1 zapport=7080'
[java] Execute and active scan on http://myurl.com/ using zap listening on 192.168.1.1:7080
[java]
[java] Java Result: 1
zap-saveSession:
[java] Open URL: http://zap/xml/core/action/saveSession/?overwrite=true&name=%2Fhome%2Fpeter%2Fgit%2Fbodgeit%2Fbodgeit-2015-09-04-10-07-24&
[java] [Fatal Error] :1:1: Content ist nicht zulässig in Prolog.
[java] org.zaproxy.clientapi.core.ClientApiException: org.zaproxy.clientapi.core.ClientApiException: org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; Content ist nicht zulässig in Prolog.
[java] at org.zaproxy.clientapi.core.ClientApi.callApi(Unknown Source)
[java] at org.zaproxy.clientapi.gen.Core.saveSession(Unknown Source)
[java] at org.zaproxy.clientapi.core.ClientApiMain.executeTask(Unknown Source)
[java] at org.zaproxy.clientapi.core.ClientApiMain.(Unknown Source)
[java] at org.zaproxy.clientapi.core.ClientApiMain.main(Unknown Source)
[java] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[java] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
[java] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[java] at java.lang.reflect.Method.invoke(Method.java:606)
[java] at org.apache.tools.ant.taskdefs.ExecuteJava.run(ExecuteJava.java:217)
[java] at org.apache.tools.ant.taskdefs.ExecuteJava.execute(ExecuteJava.java:152)
[java] at org.apache.tools.ant.taskdefs.Java.run(Java.java:771)
[java] at org.apache.tools.ant.taskdefs.Java.executeJava(Java.java:221)
[java] at org.apache.tools.ant.taskdefs.Java.executeJava(Java.java:135)
[java] at org.apache.tools.ant.taskdefs.Java.execute(Java.java:108)
[java] at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:292)
[java] at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)
[java] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[java] at java.lang.reflect.Method.invoke(Method.java:606)
[java] at org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:106)
[java] at org.apache.tools.ant.Task.perform(Task.java:348)
[java] at org.apache.tools.ant.Target.execute(Target.java:435)
[java] at org.apache.tools.ant.Target.performTasks(Target.java:456)
[java] at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1393)
[java] at org.apache.tools.ant.helper.SingleCheckExecutor.executeTargets(SingleCheckExecutor.java:38)
[java] at org.apache.tools.ant.Project.executeTargets(Project.java:1248)
[java] at org.apache.tools.ant.taskdefs.Ant.execute(Ant.java:440)
[java] at org.apache.tools.ant.taskdefs.CallTarget.execute(CallTarget.java:105)
[java] at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:292)
[java] at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)
[java] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[java] at java.lang.reflect.Method.invoke(Method.java:606)
[java] at org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:106)
[java] at org.apache.tools.ant.Task.perform(Task.java:348)
[java] at org.apache.tools.ant.Target.execute(Target.java:435)
[java] at org.apache.tools.ant.Target.performTasks(Target.java:456)
[java] at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1393)
[java] at org.apache.tools.ant.Project.executeTarget(Project.java:1364)
[java] at org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultExecutor.java:41)
[java] at org.apache.tools.ant.Project.executeTargets(Project.java:1248)
[java] at org.apache.tools.ant.Main.runBuild(Main.java:851)
[java] at org.apache.tools.ant.Main.startAnt(Main.java:235)
[java] at org.apache.tools.ant.launch.Launcher.run(Launcher.java:280)
[java] at org.apache.tools.ant.launch.Launcher.main(Launcher.java:109)
[java] Caused by: org.zaproxy.clientapi.core.ClientApiException: org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; Content ist nicht zulässig in Prolog.
[java] at org.zaproxy.clientapi.core.ClientApi.callApiDom(Unknown Source)
[java] ... 44 more
[java] Caused by: org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; Content ist nicht zulässig in Prolog.
[java] at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:257)
[java] at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:347)
[java] at javax.xml.parsers.DocumentBuilder.parse(DocumentBuilder.java:121)
[java] ... 45 more
[java] usage: saveSession sessionName={PATH} [zapaddr={ip}] [zapport={port}]
[java]
[java] Examples:
[java] 1. Type 'java -jar zap-api.jar saveSession sessionName="Users/me/My Documents/mysession/mysessionfile"'
[java] Save zap session using zap listening on localhost:8090
[java] 2. Type 'java -jar zap-api.jar saveSession sessionName="Users/me/My Documents/mysession/mysessionfile" zapaddr=192.168.1.1 zapport=7080'
[java] Save zap session using zap listening on 192.168.1.1:7080
[java] Note: for paths containing spaces ensure path is enclosed in quotes
[java]
[java]
[java] Java Result: 1
zap-checkAlerts:
[java] Open URL: http://zap/xml/core/view/alerts/?count=-1&start=-1&baseurl=&
zap-stop:
[java] Open URL: http://zap/xml/core/action/shutdown/?
[java] [Fatal Error] :1:1: Content ist nicht zulässig in Prolog.
[java] org.zaproxy.clientapi.core.ClientApiException: org.zaproxy.clientapi.core.ClientApiException: org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; Content ist nicht zulässig in Prolog.
[java] at org.zaproxy.clientapi.core.ClientApi.callApi(Unknown Source)
[java] at org.zaproxy.clientapi.gen.Core.shutdown(Unknown Source)
[java] at org.zaproxy.clientapi.core.ClientApiMain.executeTask(Unknown Source)
[java] at org.zaproxy.clientapi.core.ClientApiMain.(Unknown Source)
[java] at org.zaproxy.clientapi.core.ClientApiMain.main(Unknown Source)
[java] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[java] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
[java] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[java] at java.lang.reflect.Method.invoke(Method.java:606)
[java] at org.apache.tools.ant.taskdefs.ExecuteJava.run(ExecuteJava.java:217)
[java] at org.apache.tools.ant.taskdefs.ExecuteJava.execute(ExecuteJava.java:152)
[java] at org.apache.tools.ant.taskdefs.Java.run(Java.java:771)
[java] at org.apache.tools.ant.taskdefs.Java.executeJava(Java.java:221)
[java] at org.apache.tools.ant.taskdefs.Java.executeJava(Java.java:135)
[java] at org.apache.tools.ant.taskdefs.Java.execute(Java.java:108)
[java] at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:292)
[java] at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)
[java] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[java] at java.lang.reflect.Method.invoke(Method.java:606)
[java] at org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:106)
[java] at org.apache.tools.ant.Task.perform(Task.java:348)
[java] at org.apache.tools.ant.Target.execute(Target.java:435)
[java] at org.apache.tools.ant.Target.performTasks(Target.java:456)
[java] at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1393)
[java] at org.apache.tools.ant.helper.SingleCheckExecutor.executeTargets(SingleCheckExecutor.java:38)
[java] at org.apache.tools.ant.Project.executeTargets(Project.java:1248)
[java] at org.apache.tools.ant.taskdefs.Ant.execute(Ant.java:440)
[java] at org.apache.tools.ant.taskdefs.CallTarget.execute(CallTarget.java:105)
[java] at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:292)
[java] at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)
[java] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[java] at java.lang.reflect.Method.invoke(Method.java:606)
[java] at org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:106)
[java] at org.apache.tools.ant.Task.perform(Task.java:348)
[java] at org.apache.tools.ant.Target.execute(Target.java:435)
[java] at org.apache.tools.ant.Target.performTasks(Target.java:456)
[java] at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1393)
[java] at org.apache.tools.ant.Project.executeTarget(Project.java:1364)
[java] at org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultExecutor.java:41)
[java] at org.apache.tools.ant.Project.executeTargets(Project.java:1248)
[java] at org.apache.tools.ant.Main.runBuild(Main.java:851)
[java] at org.apache.tools.ant.Main.startAnt(Main.java:235)
[java] at org.apache.tools.ant.launch.Launcher.run(Launcher.java:280)
[java] at org.apache.tools.ant.launch.Launcher.main(Launcher.java:109)
[java] Caused by: org.zaproxy.clientapi.core.ClientApiException: org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; Content ist nicht zulässig in Prolog.
[java] at org.zaproxy.clientapi.core.ClientApi.callApiDom(Unknown Source)
[java] ... 44 more
[java] Caused by: org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; Content ist nicht zulässig in Prolog.
[java] at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:257)
[java] at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:347)
[java] at javax.xml.parsers.DocumentBuilder.parse(DocumentBuilder.java:121)
[java] ... 45 more
[java] usage: stop [zapaddr={ip}] [zapport={port}]
[java]
[java] Examples:
[java] 1. Type 'java -jar zap-api.jar stop'
[java] Stop zap listening on default settings (localhost:8090)
[java] 2. Type 'java -jar zap-api.jar stop zapaddr=192.168.1.1 apikey=1234'
[java] Stop zap listening on 192.168.1.1:8090
[java] 3. Type 'java -jar zap-api.jar stop zapport=7080 apikey=1234'
[java] Stop zap listening on localhost:7080
[java] 4. Type 'java -jar zap-api.jar stop zapaddr=192.168.1.1 zapport=7080 apikey=1234'
[java] Stop zap listening on 192.168.1.1:7080
[java]
[java]
[java] Java Result: 1
BUILD SUCCESSFUL
Total time: 27 seconds
Please excuse the German error messages, they should be straight forward though.
I am submitting this issue with the intention to streamline build.xml to work as much out of the box as possible, especially for people who are new to ZAP (like me) making their first steps with it.
Thanks,
Peter
Apparently bodgeit doesnt deploy in Glassfish.
Need to investigate why.
Original issue reported on code.google.com by [email protected]
on 9 Aug 2012 at 2:36
It is possible to run a SQLi attack through the register.jsp
servlet that allows attackers to dump the whole db.
register.jsp
Mich@el',Select password from Users where name LIKE 'admin%','12345')--
in the username field12345
in the password fieldsadmin.jsp
where the root password is displayedWhen logged in as some user and tampering with the b_id cookie to see another
users cart, this seems not to be counted as a passed challenge.
The challenge seems only to be passed (=green ball) when doing to as Guest User.
Original issue reported on code.google.com by [email protected]
on 9 Aug 2013 at 8:10
Hi
Further to Peter's note some time ago, I too am experiencing the same issues with running the test tasks in Eclipse.
I've done a bit of digging into this and it seems it might be down to any one of the following issues:
I'd quite like to fix this for the following reasons:
Please, time permitting, get in touch to help troubleshoot.
Thanks
Mark
<!-- Top Nav Bar -->
<nav class="navbar navbar-default navbar-fixed-top top-nav">
<div class="container-fluid">
<!-- Brand and toggle get grouped for better mobile display -->
<div class="navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1" aria-expanded="false">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<img alt="logo" class="logo navbar-brand" src="/assets/detectiveVlogo-f17554413140186c35c94a83ee8515992f7bff66ca6ba3e6bf13c40639278679.png" /><a class="navbar-brand" href="/">Detective V</a>
</div>
<!-- Collect the nav links, forms, and other content for toggling -->
<div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
<ul class="nav navbar-nav navbar-right">
<li><a href="/users/settings">Signed in as aegrobbel</a></li>
</li>
<li id="signout"><a rel="nofollow" data-method="delete" href="/users/sign_out">Signout</a>
</li>
</ul>
</div><!-- /.navbar-collapse -->
</div><!-- /.container-fluid -->
</nav>
<!-- Side Nav Bar -->
<div class="row side-bar">
<div class="side-menu side-nav">
<nav class="navbar navbar-default" role="navigation">
<!-- Brand and toggle get grouped for better mobile display -->
<div class="navbar-header">
<div class="brand-wrapper">
<!-- Brand -->
<div class="brand-name-wrapper">
<p class="navbar-brand" >Repositories</p>
</div>
<a id="repo-scan-trigger" href="/repos"><i class="glyphicon glyphicon-file"></i></a>
<!-- New Project -->
<a id="repo-add-trigger" href="/repos/new"><i class="glyphicon glyphicon-plus"></i></a>
</div>
</div>
<!-- Repo List -->
<div class="side-menu-container">
<ul class="nav navbar-nav side-nav-list">
<li class="panel panel-default" id="dropdown">
<!-- <span class="glyphicon glyphicon-sunglasses"></span>bodgeit -->
<div>
<!-- <span class="glyphicon glyphicon-sunglasses"></span>bodgeit -->
</span><a class="nav-repo" href="/repos/5">psiinon/bodgeit</a>
<span class="side-nav-arrow" data-toggle="collapse" href="#dropdown-5">
Scans<span class="caret"></span>
</span>
</div>
<!-- Dropdown level 1 -->
<div id="dropdown-5" class="panel-collapse collapse">
<div class="panel-body">
<ul class="nav navbar-nav">
<li><a href="/scans/43">11/04/2016 - 13:47</a></li>
<li><a href="/scans/41">11/04/2016 - 12:51</a></li>
</ul>
</div>
</div>
</li>
<li class="panel panel-default" id="dropdown">
<!-- <span class="glyphicon glyphicon-sunglasses"></span>detective-v -->
<div>
<!-- <span class="glyphicon glyphicon-sunglasses"></span>detective-v -->
</span><a class="nav-repo" href="/repos/6">mdp-groupon/detective-v</a>
<span class="side-nav-arrow" data-toggle="collapse" href="#dropdown-6">
Scans<span class="caret"></span>
</span>
</div>
<!-- Dropdown level 1 -->
<div id="dropdown-6" class="panel-collapse collapse">
<div class="panel-body">
<ul class="nav navbar-nav">
<li><a href="/scans/42">11/04/2016 - 13:15</a></li>
</ul>
</div>
</div>
</li>
<li class="panel panel-default" id="dropdown">
<!-- <span class="glyphicon glyphicon-sunglasses"></span>springcloudsample -->
<div>
<!-- <span class="glyphicon glyphicon-sunglasses"></span>springcloudsample -->
</span><a class="nav-repo" href="/repos/7">bdf/springcloudsample</a>
<span class="side-nav-arrow" data-toggle="collapse" href="#dropdown-7">
Scans<span class="caret"></span>
</span>
</div>
<!-- Dropdown level 1 -->
<div id="dropdown-7" class="panel-collapse collapse">
<div class="panel-body">
<ul class="nav navbar-nav">
<li><a href="/scans/44">11/09/2016 - 12:04</a></li>
</ul>
</div>
</div>
</li>
<li class="panel panel-default" id="dropdown">
<!-- <span class="glyphicon glyphicon-sunglasses"></span>d3 -->
<div>
<!-- <span class="glyphicon glyphicon-sunglasses"></span>d3 -->
</span><a class="nav-repo" href="/repos/8">d3/d3</a>
<span class="side-nav-arrow" data-toggle="collapse" href="#dropdown-8">
Scans<span class="caret"></span>
</span>
</div>
<!-- Dropdown level 1 -->
<div id="dropdown-8" class="panel-collapse collapse">
<div class="panel-body">
<ul class="nav navbar-nav">
<li><a href="/scans/45">11/09/2016 - 12:11</a></li>
</ul>
</div>
</div>
</li>
<li class="panel panel-default" id="dropdown">
<!-- <span class="glyphicon glyphicon-sunglasses"></span>kraken-js -->
<div>
<!-- <span class="glyphicon glyphicon-sunglasses"></span>kraken-js -->
</span><a class="nav-repo" href="/repos/9">krakenjs/kraken-js</a>
<span class="side-nav-arrow" data-toggle="collapse" href="#dropdown-9">
Scans<span class="caret"></span>
</span>
</div>
<!-- Dropdown level 1 -->
<div id="dropdown-9" class="panel-collapse collapse">
<div class="panel-body">
<ul class="nav navbar-nav">
<li><a href="/scans/46">11/09/2016 - 12:39</a></li>
</ul>
</div>
</div>
</li>
<li class="panel panel-default" id="dropdown">
<!-- <span class="glyphicon glyphicon-sunglasses"></span>testme_ng -->
<div>
<!-- <span class="glyphicon glyphicon-sunglasses"></span>testme_ng -->
</span><a class="nav-repo" href="/repos/10">sshepard/testme_ng</a>
<span class="side-nav-arrow" data-toggle="collapse" href="#dropdown-10">
Scans<span class="caret"></span>
</span>
</div>
<!-- Dropdown level 1 -->
<div id="dropdown-10" class="panel-collapse collapse">
<div class="panel-body">
<ul class="nav navbar-nav">
<li><a href="/scans/47">11/09/2016 - 12:47</a></li>
</ul>
</div>
</div>
</li>
<li class="panel panel-default" id="dropdown">
<!-- <span class="glyphicon glyphicon-sunglasses"></span>nodejs-sample-app -->
<div>
<!-- <span class="glyphicon glyphicon-sunglasses"></span>nodejs-sample-app -->
</span><a class="nav-repo" href="/repos/11">ijason/nodejs-sample-app</a>
<span class="side-nav-arrow" data-toggle="collapse" href="#dropdown-11">
Scans<span class="caret"></span>
</span>
</div>
<!-- Dropdown level 1 -->
<div id="dropdown-11" class="panel-collapse collapse">
<div class="panel-body">
<ul class="nav navbar-nav">
<li><a href="/scans/48">11/09/2016 - 12:49</a></li>
</ul>
</div>
</div>
</li>
<li class="panel panel-default" id="dropdown">
<!-- <span class="glyphicon glyphicon-sunglasses"></span>screen -->
<div>
<!-- <span class="glyphicon glyphicon-sunglasses"></span>screen -->
</span><a class="nav-repo" href="/repos/12">zhangyd/screen</a>
<span class="side-nav-arrow" data-toggle="collapse" href="#dropdown-12">
Scans<span class="caret"></span>
</span>
</div>
<!-- Dropdown level 1 -->
<div id="dropdown-12" class="panel-collapse collapse">
<div class="panel-body">
<ul class="nav navbar-nav">
</ul>
</div>
</div>
</li>
</ul>
</div><!-- /.navbar-collapse -->
</nav>
</div>
</div>
<!-- Main content -->
<div class="body side-body">
Detective-V identified the following vulnerability in bodgeit:
Description: Multiple cross-site scripting (XSS) vulnerabilities in Mort Bay Jetty 6.x and 7.0.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to jsp/dump.jsp in the JSP Dump feature, or the (2) Name or (3) Value parameter to the default URI for the Session Dump Servlet under session/.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Severity: 4
Details:
, http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
Scanner: OWASP Dependency Check
File: [http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt]
</div>
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.