Name | JSP Parameter to Action Object Mapping (Security) Plugin |
---|---|
Publisher | |
License | Apache Software Foundation (ASF) |
Version | 0.1-ALPHA |
Compatibility | Struts 2.0.2+ |
Homepage | http://code.google.com/p/request-parameter-plugin-for-insecure-direct-object-reference/ |
Download |
HTML
Wiki Markup
Overview
JSP Parameter to Action Object Mapping (Security) Plugin excerptINLINE
does this great thing
...
Many applications expose their internal object references to users. Attackers use parameter tampering to change references and violate the intended but unenforced access control policy. Frequently, these references point to file systems and databases, but any exposed application construct could be vulnerable.
...
Instructions how to use your plugin.
Example
...
...
You could also include screenshots by attaching the images to this page
...
- XML File format given below
Code Block *DTD format* code -
<?xml version="1.0" encoding="UTF-8"?> <\!DOCTYPE mapping \[ <\!ELEMENT mapping (requestParameter)> <\!ELEMENT requestParameter (objectMapping)> <\!ELEMENT objectMapping (property)> <\!ELEMENT property (#PCDATA)> \]> code -
*XML Format* code -
<?xml version="1.0" encoding="UTF-8"?> <mapping> <requestParameter name="userName"> <objectMapping> <property>user.userName</property> </objectMapping> </requestParameter> <requestParameter name="password"> <objectMapping> <property>user.password</property> </objectMapping> </requestParameter> </mapping>
- Extends package with name "jsp-parameter-object-mapping"
...