Test case 146053

Type: source code
State: mixed
Status: candidate
Language: Java
Submission Date: 21 May 2013

Description

CWE: 83 Cross Site Scripting (XSS) in attributes; Examples(replace QUOTE with an actual double quote): ?img_loc=http://www.google.comQUOTE%20onerror=QUOTEalert(1) and ?img_loc=http://www.google.comQUOTE%20onerror=QUOTEjavascript:alert(1)
BadSource: getParameter_Servlet Read data from a querystring using getParameter()
GoodSource: A hardcoded string
Sinks: printlnServlet
BadSink : XSS in img src attribute
Flow Variant: 52 Data flow: data passed as an argument from one method to another to another in three different classes in the same package

Flaws

CWE-83 Improper Neutralization of Script in Attributes in a Web Page

Test Suites

Juliet Java 1.3 with extra support
Juliet Java 1.2
Juliet Java 1.2 with extra support
Juliet Java 1.3

Documentation

Juliet 1.3 Test Suite: Changes From 1.2
Release Log for Juliet 1.3
Juliet v1.2 for Java cases.pdf

Have any comments on this test case? Please, send us an email.