Hi Thomás,
aren't you testing old voulnerable version?
If so, try the new one.
--
Pozdrawiam,
Paweł Wielgus.
tel: +48 604 603 546
2017-03-13 10:54 GMT+01:00 Tamás Barta :
> Lukasz, I don't write it to blame you. I very appreciate your work.
>
> I just write to this list because it seems to me
2017-03-13 10:54 GMT+01:00 Tamás Barta :
> Lukasz, I don't write it to blame you. I very appreciate your work.
>
> I just write to this list because it seems to me that these OGNL
> expressions are evaluated before my code is executed and I wonder if it can
> be disabled anyhow.
> Can I turn off th
Lukasz, I don't write it to blame you. I very appreciate your work.
I just write to this list because it seems to me that these OGNL
expressions are evaluated before my code is executed and I wonder if it can
be disabled anyhow.
Can I turn off these auto-evaluated thinks if I don't need them at al
2017-03-13 10:43 GMT+01:00 Tamás Barta :
> Interesting, I don't do such things. I write down the stack trace from
> where it is executed (in 2.5.2).
> This is the interesting part, there is no my code there.
>
> StrutsPrepareAndExecuteFilter:100 // boolean handled
> = execute.
Interesting, I don't do such things. I write down the stack trace from
where it is executed (in 2.5.2).
This is the interesting part, there is no my code there.
StrutsPrepareAndExecuteFilter:100 // boolean handled
= execute.executeStaticResourceRequest(request, response);
->
2017-03-13 9:50 GMT+01:00 Tamás Barta :
> I mean I never want a http header or parameter be handled as OGNL
> expression and got evaluated. I would like it to be retrieved as it is. For
> security purpose.
As I said, Struts doesn't evaluate incoming params as OGNL
expressions, but when you use suc
I mean I never want a http header or parameter be handled as OGNL
expression and got evaluated. I would like it to be retrieved as it is. For
security purpose.
On Mon, Mar 13, 2017 at 9:44 AM, Lukasz Lenart
wrote:
> 2017-03-13 9:41 GMT+01:00 Tamás Barta :
> > Hi,
> >
> > Is there any way to disa
2017-03-13 9:41 GMT+01:00 Tamás Barta :
> Hi,
>
> Is there any way to disable evaluating OGNL expressions in HTTP headers and
> request parameters?
There is no direct evaluation of request parameters nor headers. The
problem is that those values are often used by developers in JSPs or
in some othe
Hi,
Is there any way to disable evaluating OGNL expressions in HTTP headers and
request parameters?
Thanks,
Tamás
9 matches
Mail list logo
