test #1
test #1
Conversation
![reshift-security[bot]](https://avatars.githubusercontent.com/in/30378?s=60&v=4){kind=small}
| @@ -285,7 +285,8 @@ protected void doDelete(HttpServletRequest req, HttpServletResponse res) throws | |||
|
|
|||
| String on_wall = req.getParameter("on_wall"); | |||
| String wall_id = req.getParameter("wall_id"); | |||
There was a problem hiding this comment.
Potential HTTP Response Splitting [HIGH]
HTTP Response Splitting vulnerabilities occur when un-sanitized user-supplied data is used directly in a HTTP response header. Applications that do not sanitize input containing the characters CR (carriage return, also given by %0d or \r) and LF (line feed, also given by %0a or \n) used in HTTP response headers (such as Cookie:) are primarily at risk. These characters permit attackers to control the headers and body of the current response and make it possible to create additional responses entirely under their control. The ability to construct arbitrary HTTP responses permits a variety of resulting attacks, including: cross-user defacement, web and browser cache poisoning, cross-site scripting and page hijacking.
reshift reference: https://reshift.softwaresecured.com/project/scans/519#issue91193
| @@ -285,7 +285,8 @@ protected void doDelete(HttpServletRequest req, HttpServletResponse res) throws | |||
|
|
|||
| String on_wall = req.getParameter("on_wall"); | |||
| String wall_id = req.getParameter("wall_id"); | |||
There was a problem hiding this comment.
Potential Arbitrary URL Redirection [MODERATE]
The identified application pages and associated parameters can be used to redirect unsuspecting users to any URL. The application should not allow redirection to URLs unrelated to the application. Pages allowing arbitrary URL redirection can potentially be used in phishing or social engineering attacks.
reshift reference: https://reshift.softwaresecured.com/project/scans/519#issue91194
No description provided.