Difference between revisions of "OWASP O2 Platform/Spring Framework/MVC"

From OWASP
Jump to: navigation, search
 
(One intermediate revision by one user not shown)
Line 36: Line 36:
 
http://localhost:8080/petclinic/editOwner.do?ownerId=2
 
http://localhost:8080/petclinic/editOwner.do?ownerId=2
 
</pre>
 
</pre>
{{:OWASP_O2_Platform/WIKI/bottom}]
+
 
 +
{{:OWASP_O2_Platform/WIKI/bottom}}

Latest revision as of 15:30, 16 November 2009

This page will have information about how to analyze the MVC Part of the Spring Framework using O2

Contents

Spring MVC info

O2 support for Spring MVC

http://deploy.o2-ounceopen.com/O2_Cmd_SpringMvc/

Vulnerabilities in the JPetStore sample application

Start by downloading the files from http://deploy.o2-ounceopen.com/DemoFiles/SpringMvc/

Auto-Binding on EditOwner.do

Draft explanation:

Install a clean copy of pet clinic on Tomcat.
Use Firefox + LiveHttpHeaders or similar
List the owners.
Select owner 2 (Betty Davis).
Click edit.
Make a trivial change.
Click edit again.
Use LiveHttpHeaders replay to replay the previous edit but modify the POST body
from:
firstName=Betty&lastName=Davis&address=638+Cardinal+Ave&city=Sun+Prairie&telephone=6085551749

to:
firstName=Betty&lastName=Davis&address=638+Cardinal+Ave&city=Sun+Prairie&telephone=6085551749&pets[0].owner.id=3

The upshot is that you end up over-writing owner 3 with Betty Davis's info even
though the URL that the POST goes to is:
http://localhost:8080/petclinic/editOwner.do?ownerId=2



go back to the main OWASP O2 Platform page