Uploaded image for project: 'Infrastructure'
  1. Infrastructure
  2. INFRA-2174

'%' char sent in a raw request on the auth web page produce internal server error

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      During a pentest I see that modifying the authentication request by putting a '%' character in the POST parameters made the jenkins web server try to URL decode the two characters right after the '%' and it produces a 500 server error with a precise stack error trace.

      Also, it is possible to insert a reflected value in the error message, but the sensitive characters are well escaped, so no XSS was possible through this way.

       

        Attachments

          Activity

          There are no comments yet on this issue.

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            sibwara David Soria
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: