Struts
 » 
Struts - User

 « Return to Thread: Struts2 Bean Setter Attack

Re: Struts2 Bean Setter Attack

by newton.dave :: Rate this Message:

Reply to Author | View in Thread

Martin Gainty wrote:
> possibly excludeParams with (reg-exp) patterns to exclude
>
> <interceptor-ref name="params">
>   <param name="excludeParams">
 >     <a href*>,^struts\..*
 >   </param>
> </interceptor-ref>

It's probably unusual to have variables named "<a href*>".

Dave

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@...
For additional commands, e-mail: user-help@...

 « Return to Thread: Struts2 Bean Setter Attack

Free embeddable forum powered by Nabble Forum Help