qunarcorp / qmq

qmq/qmq-metaserver/src/main/java/qunar/tc/qmq/meta/web/MetaManagementServlet.java

Lines 39 to 52 in a285a88

    
           protected void doPost(final HttpServletRequest req, final HttpServletResponse resp) throws IOException { 
        
               final String actionName = req.getParameter("action"); 
        
               if (Strings.isNullOrEmpty(actionName)) { 
        
                   resp.setStatus(HttpServletResponse.SC_OK); 
        
                   resp.getWriter().println("need provide action param"); 
        
                   return; 
        
               } 
        
               final MetaManagementAction action = actions.getAction(actionName); 
        
               if (action == null) { 
        
                   resp.setStatus(HttpServletResponse.SC_OK); 
        
                   resp.getWriter().println("不支持的 action: " + actionName); 
        
                   return; 
        
               }

Sending unvalidated data to a web browser can result in the browser executing malicious code.

In line 40，‘actionName’ was Contaminated，It could affect line 50

	protected void doPost(final HttpServletRequest req, final HttpServletResponse resp) throws IOException {
	final String actionName = req.getParameter("action");
	if (Strings.isNullOrEmpty(actionName)) {
	resp.setStatus(HttpServletResponse.SC_OK);
	resp.getWriter().println("need provide action param");
	return;
	}

	final MetaManagementAction action = actions.getAction(actionName);
	if (action == null) {
	resp.setStatus(HttpServletResponse.SC_OK);
	resp.getWriter().println("不支持的 action: " + actionName);
	return;
	}

Cross-Site Scripting: Reflected