i have href link in jsp page and destination page shows script code if hacker add the script to href

Asked Aug 14 '14 at 10:12

Active Aug 14 '14 at 10:12

Viewed 142 times

first page is like this:

<a href = "javascript:test('abcd.jsp?asd=<%= asd 
%>');">
function test(x)
    { 
        document.abc.method='post';
        document.abc.action=x;
        document.abc.submit();
    }

hacker adds some script "><script>alert(12345)</script>"> code to url then submit it abcd.jsp display the alert msg which is written in script code.

asked Aug 14 '14 at 10:12

suresh manda

1

So ??? What you are going to do ? I mean ,what is your question? – Suresh Atta Aug 14 '14 at 10:13
@ sᴜʀᴇsʜ ᴀᴛᴛᴀ i don't want to display script on next page. – suresh manda Aug 14 '14 at 10:25
What is that asd? are you taking input from user? – R D Aug 14 '14 at 11:38
@RajavelD yes it is input – suresh manda Aug 21 '14 at 12:34
@sureshmanda I have tried with this, but alert is not coming – R D Aug 22 '14 at 05:52

i have href link in jsp page and destination page shows script code if hacker add the script to href

0 Answers0