Wednesday, 5 December 2012

Notes on JSP TLD injection

Another oldie pdf I found on my archive which contains some interesting notes on xss injection on JSPs TLDs (this is probably the smallest pdf I've posted here for a while).

What is interesting about the JSP TLD is that there are two parsing stages (which affect the payloads/exploits/vulnerability state)