Giter VIP home page Giter VIP logo

struts1filter's People

Contributors

pwntester avatar rgielen avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar

Forkers

pwntester johnjohnsp1 albertinipeter martinjuarez77 incisive claudiorafael1 davidgargar ercolettif

struts1filter's Issues

WebSphere Liberty: SRVE0216E

Installing this filter on WebSphere Liberty (WebSphere Application Server 8.5.5.5) with Struts causes the following error: SRVE0216E

java.io.IOException: SRVE0216E: post body contains less bytes than specified by content-length
    at com.ibm.ws.webcontainer.servlet.RequestUtils.getPostBody(RequestUtils.java:312)
    at com.ibm.ws.webcontainer.servlet.RequestUtils.parsePostData(RequestUtils.java:358)
    at com.ibm.ws.webcontainer.srt.SRTServletRequest.parsePostData(SRTServletRequest.java:2410)
    at com.ibm.ws.webcontainer.srt.SRTServletRequest.parseParameters(SRTServletRequest.java:2287)
    at com.ibm.ws.webcontainer.srt.SRTServletRequest.getParameterNames(SRTServletRequest.java:1879)
    at javax.servlet.ServletRequestWrapper.getParameterNames(ServletRequestWrapper.java:157)
    at net.rgielen.struts1.filter.ParamWrapperFilter$ParamFilteredRequest.getParameterNames(ParamWrapperFilter.java:143)
    at org.apache.struts.util.RequestUtils.populate(RequestUtils.java:431)
    at org.apache.struts.chain.commands.servlet.PopulateActionForm.populate(PopulateActionForm.java:50)
    at org.apache.struts.chain.commands.AbstractPopulateActionForm.execute(AbstractPopulateActionForm.java:60)
    at org.apache.struts.chain.commands.ActionCommandBase.execute(ActionCommandBase.java:51)
    at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:191)
    at org.apache.commons.chain.generic.LookupCommand.execute(LookupCommand.java:305)
    at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:191)
    at org.apache.struts.chain.ComposableRequestProcessor.process(ComposableRequestProcessor.java:283)
    at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913)
    at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:462)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:595)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:668)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1285)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:776)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:473)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.invokeTarget(WebAppFilterChain.java:135)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:89)
    at net.rgielen.struts1.filter.ParamWrapperFilter.doFilter(ParamWrapperFilter.java:79)
    at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:206)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:86)
    at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:978)
    at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1100)
    at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:4845)
    at com.ibm.ws.webcontainer.osgi.DynamicVirtualHost$2.handleRequest(DynamicVirtualHost.java:297)
    at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:981)
    at com.ibm.ws.webcontainer.osgi.DynamicVirtualHost$2.run(DynamicVirtualHost.java:262)
    at com.ibm.ws.http.dispatcher.internal.channel.HttpDispatcherLink$TaskWrapper.run(HttpDispatcherLink.java:955)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:745)

Fixing it by adding the following in server.xml does not help:

<webContainer enableMultiReadOfPostData="true"/>

Probably because of this limitation:
In WebSphere Liberty Profile enableMultiReadOfPostData Is Not Available

pattern.matcher returns false

pattern.matcher(parameterName).matches() line returns false when "][]Class][<>" is passed as parameterName. I am not sure if this is a code issue or testing issue. Please provide some guidance on how to test classloader manipulation issue.

The filter seems to corrupt certain files

Hello,

After testing the latest filter, we found some case where when we upload certain files, the files that gets saved is "corrupted".

You can find an offending file here: https://github.com/julienfromentc/struts1filter-issue/raw/master/PDF.PDF, in this case the resulting PDF will be blank page.

Update:
It seems the issue happens with the following characters:

  • 81
  • 8D
  • 8F
  • 90
  • 9D

Those characters are undefined in Windows1252 (http://en.wikipedia.org/wiki/Windows-1252). After the string conversion, those chars are transformed to '?'. So if we could convert the read the inputstream in an other encoding, the issue could be fixed

Adding the filter break my applications

Hello,

I tried adding this filter to 2 of my web applications, both using struts 1.3.10, and in both case the application stopped working.

The issue seems to happens when I submit a multipart form.

Also, after the request.getInputStream(); is called in the the constructor, the call to super.getParameterNames() in the the getParameterNames method return and empty Enumeration, even thought some parameter were sent in the form data

I was previously using the a version of the filter discussed here: http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Protect-your-Struts1-applications/ba-p/6463188#.VDftfvldX9Y (withour issues)

Simple login action extending Action fails with 1.0.1-SNAPSHOT

A test of a simple Struts 1 application extending Action

https://github.com/julianvilas/rooted2k15/tree/master/struts-tester/struts1/struts1.struts1-helloworld-0.0.1-SNAPSHOT/src/main/java/com/vaannila

worked without the filter but showed no input with the 1.0.1-SNAPSHOT filter. My test consisted of submitting good (userName=foobar, password=foobar) and bad (userName=foobar, password=foobar2) inputs and expecting the respective displays of success.jsp and failure.jsp.

Using Alberto Fernández's maintenance branch of Struts 1 which included the fix in ActionServlet and the fix in RequestUtils protected against the RCE/Tomcat attack and held water with the form submission test of expected and unexpected benign inputs.

My guesses at how Struts 1 could fail with the filter and my attempts at addressing these guesses did not show improvements in the test.

Filter crashing redirects when dispatch variable not included

Hi there.

My application has a function that displays search results on the same screen, but hidden behind a #results tag that we use to trigger the display of the search results or not, along with normal struts navigation. When applying your filter, when we navigate to a blah.do operation, we're fine. However, when we do blah.do#results, it causes a cascading core dump:

javax.servlet.ServletException: Request[/runSearch] does not contain handler parameter named 'dispatch'. This may be caused by whitespace in the label text.

I'm suspecting it has to do with the regex, which I used the suggested one:

(..|^|.|[('|"))(c|C)lass(.|('|")]|[).*

Do you have any suggestions on how to address this issue?

Unable to compile class with servlet 3.x

I have tried to compile this class with servlet-api.jar version 3.1, It throws compilation error. Can you please make this compatible with servlet 3.x or is there any way to overcome this error.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.