Re: Cookie Manipulation attack

2010-05-27 Thread Alex Rodriguez Lopez 

Em 27-05-2010 11:27, Vishnu Vyasan Nelliparmbil escreveu:

Hi Guys,

I am handling a application in which we have application in two
languages. There is a Locale action for setting locale to English or
Arabic based on the parameter being passed from the respective index
pages. I.e. index_en.jsp and index_ar.jsp the parameter is passed as the
POST variable.

Now we conducted a security testing in which it was shown that the
parameter has been changed in to some meta tag for cookie manipulation.

If I try changing the parameter the dispatch action will throw an error

java.lang.NoSuchMethodException:

Now how could I redirect to error page if an exception is thrown in
dispatch action?



Global exception mappings in struts.xml , maybe?


Best Regards,


Vishnu NV

* *

* *




-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org

Cookie Manipulation attack

2010-05-27 Thread Vishnu Vyasan Nelliparmbil 
Hi Guys,

 

I am handling  a application in which we have application in two
languages. There is a Locale action for setting locale to English or
Arabic based on the parameter being passed from the respective index
pages. I.e. index_en.jsp and index_ar.jsp  the parameter is passed as
the POST variable.

 

Now we conducted a security testing in which it  was shown that the
parameter has been changed in to some meta tag for cookie manipulation. 

 

If I try changing the parameter the dispatch action will throw an error


 

java.lang.NoSuchMethodException:

 

 

Now how could I redirect  to  error page if an exception is thrown in
dispatch action?

Best Regards,

  


Vishnu NV