Thursday, May 8, 2014

This is my XSS hack servlet

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
public class SimpleServletXSS extends HttpServlet {
    
    private static final long serialVersionUID = 1L;

    @Override
    public void doGet(final HttpServletRequest request, final HttpServletResponse response) throws ServletException, IOException {
        doPost(request, response);
    }
    @Override
    public void doPost(final HttpServletRequest request, final HttpServletResponse response) throws ServletException, IOException {
        final StringBuffer buf = new StringBuffer();
        final String method = request.getMethod();  
        buf.append("<html><head>\n<!-- HEAD -->\n</head>\n <body>  <br />  <form method='post' action='SimpleServletXSS'>\n<textarea cols='40' rows='5' name='hack1'> &lt;script&gt; alert(\"XSS\");&lt;/script&gt; </textarea>  <br /> <textarea cols='40' rows='5' name='hack2'>&lt;script&gt; alert(\"XSS\"); &lt;/script&gt; </textarea> \n<!-- DATA -->\n");        
        buf.append("<br /><input type='submit' value='SUBMIT'>");
        buf.append("</form></body></html>");
        final String html = buf.toString();        
        final PrintWriter out = response.getWriter();
        if ("GET".equalsIgnoreCase(method)) {
            out.println(html);
        } else if ("POST".equalsIgnoreCase(method)) {
            final String head = request.getParameter("hack1");
            final String data = request.getParameter("hack2");
            System.out.println(head);
            System.out.println(data);
            out.println(html.replaceAll("<!-- HEAD -->", head).replaceAll("<!-- DATA -->", data));            
        } else {
            throw new ServletException("Error");
        }
    }
    
}
 
}

4 comments:

techhighway said...

I just liked the article. It was Very refreshing post with attractive ideas.It was great to read your blog.
Web Development Company Pune

sathya said...

Nice post. It is really interesting. Thanks for sharing the post!
fridge online shopping
refrigerator online shopping
refrigerator price online
online fridge price
Washing Machine Sale
washing machine online offers
Online Shopping

Apps Lure said...

Thanks for sharing such a great blog... I am impressed with you taking time to post a nice info.
Website Development Company in Delhi
Website Designing Company in Delhi
Mobile App Development Company
Mobile App Development Company in India

PoL said...

Many software companies in the United States and Western Europe prefer outsourcing to Eastern Europe. But what are the pros and cons of this region over other outsourcing destinations? Here's everything you need to know about software development in Eastern Europe