dbslayer / cxce-easybuggy Goto Github PK

Reflected_XSS_All_Clients issue exists @ src/main/java/org/t246osslab/easybuggy/troubles/RoundOffErrorServlet.java in branch master

Method service at line 19 of src\main\java\org\t246osslab\easybuggy\troubles\RoundOffErrorServlet.java gets user input for the ""number"" element. This element’s value then flows through the code without being properly sanitized or validated and is eventually displayed to the user in method responseToClient at line 31 of src\main\java\org\t246osslab\easybuggy\core\servlets\AbstractServlet.java. This may enable a Cross-Site-Scripting attack.

Severity: High

CWE:79

Checkmarx

Lines: 22

Code (Line #22):

            String strNumber = req.getParameter("number");

Reflected_XSS_All_Clients issue exists @ src/main/java/org/t246osslab/easybuggy/troubles/DeadlockServlet2.java in branch master

Method service at line 28 of src\main\java\org\t246osslab\easybuggy\troubles\DeadlockServlet2.java gets user input for the BinaryExpr element. This element’s value then flows through the code without being properly sanitized or validated and is eventually displayed to the user in method responseToClient at line 31 of src\main\java\org\t246osslab\easybuggy\core\servlets\AbstractServlet.java. This may enable a Cross-Site-Scripting attack.

Severity: High

CWE:79

Checkmarx

Lines: 39 46

Code (Line #39):

                    String uid = req.getParameter("uid_" + (j + 1));

Code (Line #46):

                    user.setPhone(req.getParameter(uid + "_phone"));

Stored_XSS issue exists @ src/main/java/org/t246osslab/easybuggy/troubles/DeadlockServlet2.java in branch master

Method selectUsers at line 114 of src\main\java\org\t246osslab\easybuggy\troubles\DeadlockServlet2.java gets data from the database, for the rs element. This element’s value then flows through the code without being properly filtered or encoded and is eventually displayed to the user in method responseToClient at line 31 of src\main\java\org\t246osslab\easybuggy\core\servlets\AbstractServlet.java. This may enable a Stored Cross-Site-Scripting attack.

Severity: High

CWE:79

Checkmarx

Lines: 125

Code (Line #125):

            rs = stmt.executeQuery("select * from users where ispublic = 'true' order by id " + ("desc".equals(order) ? "desc" : "asc"));

Reflected_XSS_All_Clients issue exists @ src/main/java/org/t246osslab/easybuggy/troubles/IntegerOverflowServlet.java in branch master

Method service at line 20 of src\main\java\org\t246osslab\easybuggy\troubles\IntegerOverflowServlet.java gets user input for the ""times"" element. This element’s value then flows through the code without being properly sanitized or validated and is eventually displayed to the user in method responseToClient at line 31 of src\main\java\org\t246osslab\easybuggy\core\servlets\AbstractServlet.java. This may enable a Cross-Site-Scripting attack.

Severity: High

CWE:79

Checkmarx

Lines: 24

Code (Line #24):

        String strTimes = req.getParameter("times");

Reflected_XSS_All_Clients issue exists @ src/main/java/org/t246osslab/easybuggy/troubles/TruncationErrorServlet.java in branch master

Method service at line 19 of src\main\java\org\t246osslab\easybuggy\troubles\TruncationErrorServlet.java gets user input for the ""number"" element. This element’s value then flows through the code without being properly sanitized or validated and is eventually displayed to the user in method responseToClient at line 31 of src\main\java\org\t246osslab\easybuggy\core\servlets\AbstractServlet.java. This may enable a Cross-Site-Scripting attack.

Severity: High

CWE:79

Checkmarx

Lines: 21

Code (Line #21):

        String strNumber = req.getParameter("number");

Reflected_XSS_All_Clients issue exists @ src/main/java/org/t246osslab/easybuggy/performance/CreatingUnnecessaryObjectsServlet.java in branch master

Method service at line 19 of src\main\java\org\t246osslab\easybuggy\performance\CreatingUnnecessaryObjectsServlet.java gets user input for the ""number"" element. This element’s value then flows through the code without being properly sanitized or validated and is eventually displayed to the user in method responseToClient at line 31 of src\main\java\org\t246osslab\easybuggy\core\servlets\AbstractServlet.java. This may enable a Cross-Site-Scripting attack.

Severity: High

CWE:79

Checkmarx

Lines: 21

Code (Line #21):

        String strNumber = req.getParameter("number");

Reflected_XSS_All_Clients issue exists @ src/main/webapp/dfi/includable.jsp in branch master

Method url="<%=request.getParameter at line 15 of src\main\webapp\dfi\includable.jsp gets user input for the ""template"" element. This element’s value then flows through the code without being properly sanitized or validated and is eventually displayed to the user in method url="<%=request.getParameter at line 15 of src\main\webapp\dfi\includable.jsp. This may enable a Cross-Site-Scripting attack.

Severity: High

CWE:79

Checkmarx

Lines: 15

Code (Line #15):

        <c:import url="<%=request.getParameter(\"template\")%>" />

Reflected_XSS_All_Clients issue exists @ src/main/java/org/t246osslab/easybuggy/vulnerabilities/VerboseErrorMessageServlet.java in branch master

Method doPost at line 33 of src\main\java\org\t246osslab\easybuggy\vulnerabilities\VerboseErrorMessageServlet.java gets user input for the ""userid"" element. This element’s value then flows through the code without being properly sanitized or validated and is eventually displayed to the user in method <%=session.getAttribute at line 24 of src\main\webapp\uid\serverinfo.jsp. This may enable a Cross-Site-Scripting attack.

Severity: High

CWE:79

Checkmarx

Lines: 35

Code (Line #35):

        String userid = req.getParameter("userid");

SQL_Injection issue exists @ src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java in branch master

The application's selectUsers method executes an SQL query with executeQuery, at line 60 of src\main\java\org\t246osslab\easybuggy\vulnerabilities\SQLInjectionServlet.java. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
The attacker would be able to inject arbitrary data into the SQL query, by simply altering the user input ""name"", which is read by the service method at line 24 of src\main\java\org\t246osslab\easybuggy\vulnerabilities\SQLInjectionServlet.java. This input then flows through the code to the database server, without sanitization.
This may enable an SQL Injection attack.

Severity: High

CWE:89

Checkmarx

Lines: 27 28

Code (Line #27):

            String name = StringUtils.trim(req.getParameter("name"));

Code (Line #28):

            String password = StringUtils.trim(req.getParameter("password"));

Stored_XSS issue exists @ src/main/java/org/t246osslab/easybuggy/vulnerabilities/NullByteInjectionServlet.java in branch master

Method doGet at line 25 of src\main\java\org\t246osslab\easybuggy\vulnerabilities\NullByteInjectionServlet.java gets data from the database, for the bufferData element. This element’s value then flows through the code without being properly filtered or encoded and is eventually displayed to the user in method doGet at line 25 of src\main\java\org\t246osslab\easybuggy\vulnerabilities\NullByteInjectionServlet.java. This may enable a Stored Cross-Site-Scripting attack.

Severity: High

CWE:79

Checkmarx

Lines: 62

Code (Line #62):

            while ((read = fis.read(bufferData)) != -1) {

Reflected_XSS_All_Clients issue exists @ src/main/java/org/t246osslab/easybuggy/vulnerabilities/OpenRedirectServlet.java in branch master

Method doPost at line 25 of src\main\java\org\t246osslab\easybuggy\vulnerabilities\OpenRedirectServlet.java gets user input for the ""userid"" element. This element’s value then flows through the code without being properly sanitized or validated and is eventually displayed to the user in method <%=session.getAttribute at line 24 of src\main\webapp\uid\serverinfo.jsp. This may enable a Cross-Site-Scripting attack.

Severity: High

CWE:79

Checkmarx

Lines: 27

Code (Line #27):

        String userid = req.getParameter("userid");

Stored_XSS issue exists @ src/main/java/org/t246osslab/easybuggy/troubles/FileDescriptorLeakServlet.java in branch master

Method doGet at line 27 of src\main\java\org\t246osslab\easybuggy\troubles\FileDescriptorLeakServlet.java gets data from the database, for the readLine element. This element’s value then flows through the code without being properly filtered or encoded and is eventually displayed to the user in method responseToClient at line 31 of src\main\java\org\t246osslab\easybuggy\core\servlets\AbstractServlet.java. This may enable a Stored Cross-Site-Scripting attack.

Severity: High

CWE:79

Checkmarx

Lines: 53

Code (Line #53):

            while ((line = br.readLine()) != null) {

Reflected_XSS_All_Clients issue exists @ src/main/java/org/t246osslab/easybuggy/vulnerabilities/OGNLExpressionInjectionServlet.java in branch master

Method service at line 24 of src\main\java\org\t246osslab\easybuggy\vulnerabilities\OGNLExpressionInjectionServlet.java gets user input for the ""expression"" element. This element’s value then flows through the code without being properly sanitized or validated and is eventually displayed to the user in method responseToClient at line 31 of src\main\java\org\t246osslab\easybuggy\core\servlets\AbstractServlet.java. This may enable a Cross-Site-Scripting attack.

Severity: High

CWE:79

Checkmarx

Lines: 31

Code (Line #31):

        String expression = req.getParameter("expression");

Reflected_XSS_All_Clients issue exists @ src/main/java/org/t246osslab/easybuggy/core/servlets/DefaultLoginServlet.java in branch master

Method doPost at line 84 of src\main\java\org\t246osslab\easybuggy\core\servlets\DefaultLoginServlet.java gets user input for the ""userid"" element. This element’s value then flows through the code without being properly sanitized or validated and is eventually displayed to the user in method <%=session.getAttribute at line 24 of src\main\webapp\uid\serverinfo.jsp. This may enable a Cross-Site-Scripting attack.

Severity: High

CWE:79

Checkmarx

Lines: 86 40

Code (Line #86):

        String userid = StringUtils.trim(req.getParameter("userid"));

Code (Line #40):

        bodyHtml.append("<form method=\"POST\" action=\"" + req.getRequestURI() + "\">");

Reflected_XSS_All_Clients issue exists @ src/main/java/org/t246osslab/easybuggy/vulnerabilities/XSSServlet.java in branch master

Method service at line 19 of src\main\java\org\t246osslab\easybuggy\vulnerabilities\XSSServlet.java gets user input for the ""string"" element. This element’s value then flows through the code without being properly sanitized or validated and is eventually displayed to the user in method responseToClient at line 31 of src\main\java\org\t246osslab\easybuggy\core\servlets\AbstractServlet.java. This may enable a Cross-Site-Scripting attack.

Severity: High

CWE:79

Checkmarx

Lines: 22

Code (Line #22):

            String string = req.getParameter("string");

Reflected_XSS_All_Clients issue exists @ src/main/java/org/t246osslab/easybuggy/vulnerabilities/BruteForceServlet.java in branch master

Method doPost at line 25 of src\main\java\org\t246osslab\easybuggy\vulnerabilities\BruteForceServlet.java gets user input for the ""userid"" element. This element’s value then flows through the code without being properly sanitized or validated and is eventually displayed to the user in method <%=session.getAttribute at line 24 of src\main\webapp\uid\serverinfo.jsp. This may enable a Cross-Site-Scripting attack.

Severity: High

CWE:79

Checkmarx

Lines: 27

Code (Line #27):

        String userid = req.getParameter("userid");

Reflected_XSS_All_Clients issue exists @ src/main/java/org/t246osslab/easybuggy/troubles/LossOfTrailingDigitsServlet.java in branch master

Method service at line 19 of src\main\java\org\t246osslab\easybuggy\troubles\LossOfTrailingDigitsServlet.java gets user input for the ""number"" element. This element’s value then flows through the code without being properly sanitized or validated and is eventually displayed to the user in method responseToClient at line 31 of src\main\java\org\t246osslab\easybuggy\core\servlets\AbstractServlet.java. This may enable a Cross-Site-Scripting attack.

Severity: High

CWE:79

Checkmarx

Lines: 22

Code (Line #22):

        String strNumber = req.getParameter("number");

Stored_XSS issue exists @ src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java in branch master

Method selectUsers at line 60 of src\main\java\org\t246osslab\easybuggy\vulnerabilities\SQLInjectionServlet.java gets data from the database, for the rs element. This element’s value then flows through the code without being properly filtered or encoded and is eventually displayed to the user in method responseToClient at line 31 of src\main\java\org\t246osslab\easybuggy\core\servlets\AbstractServlet.java. This may enable a Stored Cross-Site-Scripting attack.

Severity: High

CWE:79

Checkmarx

Lines: 69

Code (Line #69):

            rs = stmt.executeQuery("SELECT name, secret FROM users WHERE ispublic = 'true' AND name='" + name

Stored_XSS issue exists @ src/main/java/org/t246osslab/easybuggy/troubles/DBConnectionLeakServlet.java in branch master

Method selectUsers at line 59 of src\main\java\org\t246osslab\easybuggy\troubles\DBConnectionLeakServlet.java gets data from the database, for the rs element. This element’s value then flows through the code without being properly filtered or encoded and is eventually displayed to the user in method responseToClient at line 31 of src\main\java\org\t246osslab\easybuggy\core\servlets\AbstractServlet.java. This may enable a Stored Cross-Site-Scripting attack.

Severity: High

CWE:79

Checkmarx

Lines: 68

Code (Line #68):

            rs = stmt.executeQuery("select id, name, phone, mail from users where ispublic = 'true'");

Reflected_XSS_All_Clients issue exists @ src/main/java/org/t246osslab/easybuggy/troubles/EndlessWaitingServlet.java in branch master

Method printInputStream at line 123 of src\main\java\org\t246osslab\easybuggy\troubles\EndlessWaitingServlet.java gets user input for the readLine element. This element’s value then flows through the code without being properly sanitized or validated and is eventually displayed to the user in method responseToClient at line 31 of src\main\java\org\t246osslab\easybuggy\core\servlets\AbstractServlet.java. This may enable a Cross-Site-Scripting attack.

Severity: High

CWE:79

Checkmarx

Lines: 128

Code (Line #128):

                String line = br.readLine();

Reflected_XSS_All_Clients issue exists @ src/main/java/org/t246osslab/easybuggy/troubles/NetworkSocketLeakServlet.java in branch master

Method doGet at line 20 of src\main\java\org\t246osslab\easybuggy\troubles\NetworkSocketLeakServlet.java gets user input for the ""pingurl"" element. This element’s value then flows through the code without being properly sanitized or validated and is eventually displayed to the user in method responseToClient at line 31 of src\main\java\org\t246osslab\easybuggy\core\servlets\AbstractServlet.java. This may enable a Cross-Site-Scripting attack.

Severity: High

CWE:79

Checkmarx

Lines: 27

Code (Line #27):

            String pingURL = req.getParameter("pingurl");