Question
I am working in client-server application in which client is written in java and server in C++. We detect a HTML injection vulnerability as we give in URL the HTML code along with the valid URL as :https:\[ip of server]:[port no]\?, Our application processes this url and return some garbage.
Now i am in process of finding how URL in handled first time means where we send a reply first time to the request https:\[ip of server]:[port no].
As i know C++ does not have Socket or URLConnection library in-built, i saw there is SOCKET.CPP file in our projcet that is copyright to BMC software and this file has methods read,write,close,enableBlocking,disableBlocking,initializeInterface,uninitializeInterface.
I know java but have a very little knowledge in C++. Could anyone please guide to find the where we send response to the above mentioned URL. I need a approach to find that place in this huge project. Thanks in advance...
Solution
I had written a c++ server to process client requests.
I would parse the request url after I get the request, and check whether the request url is valid, for example, the request is a invalid one if it does not start with "/temp".
afterwards I used nginx to stop these invalid request(you could set the valid request url format in the nginx.conf) before sending to the c++ server, and it worked well.
maybe you could try nginx.
https://stackoverflow.com/questions/17165448
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian