• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Junilu Lacar
  • Jeanne Boyarsky
  • Bear Bibeault
Sheriffs:
  • Knute Snortum
  • Tim Cooke
  • Devaka Cooray
Saloon Keepers:
  • Ron McLeod
  • Stephan van Hulst
  • Tim Moores
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Piet Souris
  • Frits Walraven
  • Ganesh Patekar

DWR issues in HP webinspect

 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Currently i am working on a webapplication which uses DWR tool in it. We are using HP Webinspect for checking the security related threats in the application.The Webinspect catches the following issue in the application.

The server is recieving some error responses mostly 500 error response . These error messages are coming from DWR as given below.


/dwr/interface/adm/phpPgAdmin/badfile123
/dwr/interface/phpMyAdmin/WS_FTP.LOG.orig
/dwr/interface/phpMyAdmin/core.temp
/dwr/interface/phpMyAdmin/core.sav
/dwr/interface/phpMyAdmin/password.dat.temp


So can you please provide some solution that the error response can be handled and the following error responsse won't be caught in the HP webinspect.

There is one more issue which is being found in Webinspect.

There are some servlets which are getting invoked by DWR as given below which can cause some security threats.

/dwr/interface/phpMyAdmin/adm/servlet
/dwr/interface/scripts/admin/servlet
/dwr/interface/adm/phpPgAdmin/servlet

So is there any way that the following issue can be resolved.


 
author
Posts: 3281
8
Mac OS X Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi sagyana mohapatro and welcome to Javaranch!

You'll want to start with finding out why you are getting the 500 errors, what does your web app server say when these resources are accessed?
 
We don't have time for this. We've gotta save the moon! Or check this out:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!