Fabio, I sent a mail to the Struts Developers mailing list about the problem you reported, please follow the discussion there.
Thanks Antonio 2008/1/14, Antonio Petrelli <[EMAIL PROTECTED]>: > > 2008/1/14, GF <[EMAIL PROTECTED]>: > > > > > > > > Sorry again Fabio, but I need to understand: the querystring does not > > seem > > > to have a "param=value" structure, and <s:url> has "test" as action, > > and > > > does not take any dynamic value ( i.e. parameter), but maybe I am > > missing > > > something. > > > > The bug is calling that page itself (I mean XSS.jsp) passing via GET > > the malicious querystring. > > The "test action" is never called. You get the XSS exploit on XSS.jsp > > > > I pasted somewhere the full code of XSS.jsp, call it passing the > > malicious querystring (on IE6) and you will see the javascript being > > executed. > > > > Ok understood, thanks, sorry for my dumbness :-) > It's monday after all :-) > > Antonio > >
