psiinon / bodgeit

The BodgeIt Store is a vulnerable web application which is currently aimed at people who are new to pen testing.
264 stars 195 forks source link

search.jsp throws an error #2

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1.Install Tomcat 7.0.28
2.Load Bodgeit 1.3.0
3.place search.jsp code in the bodgeit store app.

What is the expected output? What do you see instead?
I expect the search page.

org.apache.jasper.JasperException: Unable to compile class for JSP: 

An error occurred at line: 15 in the generated java file
Only a type can be imported. org.apache.commons.lang3.StringEscapeUtils 
resolves to a package

An error occurred at line: 48 in the jsp file: /search.jsp
StringEscapeUtils cannot be resolved
45: <%    
46:     Statement stmt = conn.createStatement();
47:     ResultSet rs = null;
48:         query = StringEscapeUtils.escapeHtml4(query).replaceAll("'", 
"&#39");
49: 
50:     try {
51:                 String sql = "SELECT PRODUCT, DESC, TYPE, TYPEID, PRICE " +

What version of the product are you using? On what operating system?
1.3.0, OSX Lion

Please provide any additional information below.
I think this is related to the fact that search.jsp isn't part of the app WAR 
but I am not sure.

Original issue reported on code.google.com by jke...@qualys.com on 25 Jun 2012 at 1:04

GoogleCodeExporter commented 9 years ago
Bodgeit 1.4 is the fix for this issue.

Original comment by jke...@qualys.com on 31 Jul 2012 at 4:01