Difference between revisions of "OWASP O2 Platform/Spring Framework/MVC"

From OWASP
Jump to: navigation, search
(Created page with 'This page will have information about how to analyze the MVC Part of the Spring Framework using O2 === O2 support for Spring MVC === http://deploy.o2-ounceopen.com/O2_Cmd_Spr…')
 
 
(7 intermediate revisions by one user not shown)
Line 1: Line 1:
 
This page will have information about how to analyze the MVC Part of the Spring Framework using O2
 
This page will have information about how to analyze the MVC Part of the Spring Framework using O2
  
 +
=== Spring MVC info ===
  
 +
* [http://diniscruz.blogspot.com/2009/09/spring-mvc-30-mvc-binding-rules.html Spring MVC 3.0 MVC Binding Rules]
  
 
=== O2 support for Spring MVC ===
 
=== O2 support for Spring MVC ===
Line 10: Line 12:
  
 
Start by downloading the files from http://deploy.o2-ounceopen.com/DemoFiles/SpringMvc/
 
Start by downloading the files from http://deploy.o2-ounceopen.com/DemoFiles/SpringMvc/
 +
 +
==== Auto-Binding on EditOwner.do ====
 +
 +
Draft explanation:
 +
 +
<pre>
 +
Install a clean copy of pet clinic on Tomcat.
 +
Use Firefox + LiveHttpHeaders or similar
 +
List the owners.
 +
Select owner 2 (Betty Davis).
 +
Click edit.
 +
Make a trivial change.
 +
Click edit again.
 +
Use LiveHttpHeaders replay to replay the previous edit but modify the POST body
 +
from:
 +
firstName=Betty&lastName=Davis&address=638+Cardinal+Ave&city=Sun+Prairie&telephone=6085551749
 +
 +
to:
 +
firstName=Betty&lastName=Davis&address=638+Cardinal+Ave&city=Sun+Prairie&telephone=6085551749&pets[0].owner.id=3
 +
 +
The upshot is that you end up over-writing owner 3 with Betty Davis's info even
 +
though the URL that the POST goes to is:
 +
http://localhost:8080/petclinic/editOwner.do?ownerId=2
 +
</pre>
 +
 +
{{:OWASP_O2_Platform/WIKI/bottom}}

Latest revision as of 15:30, 16 November 2009

This page will have information about how to analyze the MVC Part of the Spring Framework using O2

Contents

Spring MVC info

O2 support for Spring MVC

http://deploy.o2-ounceopen.com/O2_Cmd_SpringMvc/

Vulnerabilities in the JPetStore sample application

Start by downloading the files from http://deploy.o2-ounceopen.com/DemoFiles/SpringMvc/

Auto-Binding on EditOwner.do

Draft explanation:

Install a clean copy of pet clinic on Tomcat.
Use Firefox + LiveHttpHeaders or similar
List the owners.
Select owner 2 (Betty Davis).
Click edit.
Make a trivial change.
Click edit again.
Use LiveHttpHeaders replay to replay the previous edit but modify the POST body
from:
firstName=Betty&lastName=Davis&address=638+Cardinal+Ave&city=Sun+Prairie&telephone=6085551749

to:
firstName=Betty&lastName=Davis&address=638+Cardinal+Ave&city=Sun+Prairie&telephone=6085551749&pets[0].owner.id=3

The upshot is that you end up over-writing owner 3 with Betty Davis's info even
though the URL that the POST goes to is:
http://localhost:8080/petclinic/editOwner.do?ownerId=2



go back to the main OWASP O2 Platform page