Thursday, May 8, 2014

This is my XSS hack servlet

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
public class SimpleServletXSS extends HttpServlet {
    
    private static final long serialVersionUID = 1L;

    @Override
    public void doGet(final HttpServletRequest request, final HttpServletResponse response) throws ServletException, IOException {
        doPost(request, response);
    }
    @Override
    public void doPost(final HttpServletRequest request, final HttpServletResponse response) throws ServletException, IOException {
        final StringBuffer buf = new StringBuffer();
        final String method = request.getMethod();  
        buf.append("<html><head>\n<!-- HEAD -->\n</head>\n <body>  <br />  <form method='post' action='SimpleServletXSS'>\n<textarea cols='40' rows='5' name='hack1'> &lt;script&gt; alert(\"XSS\");&lt;/script&gt; </textarea>  <br /> <textarea cols='40' rows='5' name='hack2'>&lt;script&gt; alert(\"XSS\"); &lt;/script&gt; </textarea> \n<!-- DATA -->\n");        
        buf.append("<br /><input type='submit' value='SUBMIT'>");
        buf.append("</form></body></html>");
        final String html = buf.toString();        
        final PrintWriter out = response.getWriter();
        if ("GET".equalsIgnoreCase(method)) {
            out.println(html);
        } else if ("POST".equalsIgnoreCase(method)) {
            final String head = request.getParameter("hack1");
            final String data = request.getParameter("hack2");
            System.out.println(head);
            System.out.println(data);
            out.println(html.replaceAll("<!-- HEAD -->", head).replaceAll("<!-- DATA -->", data));            
        } else {
            throw new ServletException("Error");
        }
    }
    
}
 
}