|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Eric Detoisien (eric.detoisien
global-secure.fr)Date: Wed Mar 27 2002 - 05:44:43 CST
Hi,
NFuse provides several jsp (or asp) pages to make a portal.
In one this page (launch.jsp or launch.asp) it's possible to
use the method getLastError() of the TemplateParser object (in
fact this method is inherited from the WebPNObject object).
The CSS problem comes from the getLastError() method. It does not
filter the URL parameters that cause the problem.
Exemple :
if your launch.jsp contains a bit of code like this :
if (!parser.Parse())
{
out.println("Error: " + parser.getLastError());
}
else
{
...
}
With a request like this you can get the cookie with login and
This was tested on :
Workaround :
P.S. : thanks to Sylvain Bartoli and Selim Tahi who participated in testing
Eric DETOISIEN
password (the user must be connected before) :
http://my_nfuse_portal.com/launch.jsp?NFuse_Application=
NFuse 1.6 + Apache
NFuse 1.51 + Apache
NFuse 1.6 + Microsoft IIS
Do not print result of GetLastError() or filter the result before.
Consultant Sécurité
GLOBAL SECURE
Web : http://www.global-secure.fr