Test case 59711

Deprecated test case

This version contains mistakes, making it deprecated. Deprecated test cases should not be used for new work. However, They remain in the SARD as a reference to redo previous work.

Type: source code
State: mixed
Status: deprecated
Language: Java
Submission Date: 08 Apr 2011

Description

CWE: 83 Cross Site Scripting (XSS) in attributes; Examples(replace QUOTE with an actual double quote): ?img_loc=http://www.google.comQUOTE%20onerror=QUOTEalert(1) and ?img_loc=http://www.google.comQUOTE%20onerror=QUOTEjavascript:alert(1)
BadSource: PropertiesFile Read a value from a .properties file (in property named data)
GoodSource: A hardcoded string
Sinks: printlnServlet
BadSink : XSS in img src attribute
Flow Variant: 54 Data flow: data passed as an argument from one method through three others to a fifth; all five functions are in different classes in the same package

Flaws

CWE-83 Improper Neutralization of Script in Attributes in a Web Page

Test Suites

Documentation

Juliet v1.0 for Java cases.pdf

Have any comments on this test case? Please, send us an email.