search

chuckfw / owaspbwa

OWASP Broken Web Applications Project
294 stars 103 forks source link

BodgeIt -> 'Advanced Search' is broken! #95

Open grctest opened 7 years ago

grctest commented 7 years ago

Hey,

The 'BodgeIt' application's 'advanced search' functionality in v1.2.7 is broken.

Error log:

Apache Tomcat/6.0.24 - Error report

HTTP Status 500 -

type Exception report

message

description The server encountered an internal error () that prevented it from fulfilling this request.

exception 

org.apache.jasper.JasperException: Unable to compile class for JSP: 

An error occurred at line: 6 in the generated java file
Only a type can be imported. com.thebodgeitstore.search.AdvancedSearch resolves to a package

An error occurred at line: 11 in the generated java file
Only a type can be imported. com.thebodgeitstore.util.AES resolves to a package

An error occurred at line: 17 in the jsp file: /advanced.jsp
AdvancedSearch cannot be resolved to a type
14: //query = "\n\t<div class='search'>".concat(implode(params, "</div>\n\t<div class='search'>")).concat("</div>\n");
15: %>
16: <%
17:     AdvancedSearch as = new AdvancedSearch(request, session, conn);
18:     if(as.isAjax()){
19:         response.setContentType("application/json");
20:         out.print(as.getResultsOutput());

An error occurred at line: 17 in the jsp file: /advanced.jsp
AdvancedSearch cannot be resolved to a type
14: //query = "\n\t<div class='search'>".concat(implode(params, "</div>\n\t<div class='search'>")).concat("</div>\n");
15: %>
16: <%
17:     AdvancedSearch as = new AdvancedSearch(request, session, conn);
18:     if(as.isAjax()){
19:         response.setContentType("application/json");
20:         out.print(as.getResultsOutput());

Stacktrace:
  org.apache.jasper.compiler.DefaultErrorHandler.javacError(DefaultErrorHandler.java:92)
  org.apache.jasper.compiler.ErrorDispatcher.javacError(ErrorDispatcher.java:330)
  org.apache.jasper.compiler.JDTCompiler.generateClass(JDTCompiler.java:439)
  org.apache.jasper.compiler.Compiler.compile(Compiler.java:334)
  org.apache.jasper.compiler.Compiler.compile(Compiler.java:312)
  org.apache.jasper.compiler.Compiler.compile(Compiler.java:299)
  org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:589)
  org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:317)
  org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313)
  org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260)
  javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

note The full stack trace of the root cause is available in the Apache Tomcat/6.0.24 logs.

Apache Tomcat/6.0.24

Edit: Relevant: https://github.com/psiinon/bodgeit/issues/5

Cloned the latest bodgeit version from @psiinon's repo, same issue.

Alistair401 commented 6 years ago

Having the same issue on multiple machines