Thursday, May 8, 2014

This is my XSS hack servlet

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
public class SimpleServletXSS extends HttpServlet {
    
    private static final long serialVersionUID = 1L;

    @Override
    public void doGet(final HttpServletRequest request, final HttpServletResponse response) throws ServletException, IOException {
        doPost(request, response);
    }
    @Override
    public void doPost(final HttpServletRequest request, final HttpServletResponse response) throws ServletException, IOException {
        final StringBuffer buf = new StringBuffer();
        final String method = request.getMethod();  
        buf.append("<html><head>\n<!-- HEAD -->\n</head>\n <body>  <br />  <form method='post' action='SimpleServletXSS'>\n<textarea cols='40' rows='5' name='hack1'> &lt;script&gt; alert(\"XSS\");&lt;/script&gt; </textarea>  <br /> <textarea cols='40' rows='5' name='hack2'>&lt;script&gt; alert(\"XSS\"); &lt;/script&gt; </textarea> \n<!-- DATA -->\n");        
        buf.append("<br /><input type='submit' value='SUBMIT'>");
        buf.append("</form></body></html>");
        final String html = buf.toString();        
        final PrintWriter out = response.getWriter();
        if ("GET".equalsIgnoreCase(method)) {
            out.println(html);
        } else if ("POST".equalsIgnoreCase(method)) {
            final String head = request.getParameter("hack1");
            final String data = request.getParameter("hack2");
            System.out.println(head);
            System.out.println(data);
            out.println(html.replaceAll("<!-- HEAD -->", head).replaceAll("<!-- DATA -->", data));            
        } else {
            throw new ServletException("Error");
        }
    }
    
}
 
}

10 comments:

techhighway said...

I just liked the article. It was Very refreshing post with attractive ideas.It was great to read your blog.
Web Development Company Pune

Sathya said...

Nice post. It is really interesting. Thanks for sharing the post!
fridge online shopping
refrigerator online shopping
refrigerator price online
online fridge price
Washing Machine Sale
washing machine online offers
Online Shopping

Appslure said...

Thanks for sharing such a great blog... I am impressed with you taking time to post a nice info.
Website Development Company in Delhi
Website Designing Company in Delhi
Mobile App Development Company
Mobile App Development Company in India

PoL said...

Many software companies in the United States and Western Europe prefer outsourcing to Eastern Europe. But what are the pros and cons of this region over other outsourcing destinations? Here's everything you need to know about software development in Eastern Europe

Gaurav Sharma said...

Good blog informatve for readers such a nice content keep posting thanks for sharing
Best Hotel in Mussoorie
business news in hindi
CHOPTA – “Mini Switzerland of Uttrakhand"
TOP 20 HILL STATIONS OF INDIA

Techsaga Corporations said...

At Techsaga corporations, serve you with end-to-end Indian business consultancies and development solutions. it helps you plan, conceive, incorporate, build, augment, and take care of your software with the help of our industry experts from different knowledge domains - offering you absolute benefits from our expert consulting.

emailtaai said...

Software development company in Noida team has to perform in accord with the client's engineering team for ideal results. Techsaga Corporations address this facet of software development process most aggressively with our streamlined and well-planned resources.

Employee Monitoring Software- RemoteDesk said...

Thanks for sharing such nice article. Check out our new blog here- webcam monitoring Software

PrestaShop Addons Magento Extensions CRM Plugins said...


Thanks for sharing a useful knowledge-sharing blog.

It helps in understanding and increase in knowledge.

Best Regards,
Prestashop addons
Prestashop modules
Prestashop addons blogs
Magento extensions
PrestaShop SEO Structured Data Schema Markup & Rich Snippet
PrestaShop Custom HTML inside Head Tag on Selected Pages
PrestaShop SEO Google Hreflang Tag for Multilingual Store
PrestaShop Product Extra Tabs
PrestaShop Social Login – Sign-In using Social Networks
PrestaShop Custom Banners for Selected Categories and Languages
PrestaShop Social Media Side Bar Links Buttons on All Pages
PrestaShop SEO Open Graph & Twitter Card Tags Generator
Magento Geolocation Redirect Visitor Country

Ratnavali Arts : Best Jewellery Wholesaler in Jaipur, Jewellery shop in Jaipur said...

Wow its a great blog.
Best Jewellery Wholesaler in Jaipur is Ratnavali. It is a best place to buy silver jewellery Jaipur, Jaipuri gold jewellery, gemstone figures in Jaipur, Rajasthan. We have skilled craftsmanship who made best designer collection of jewellery for you.