Is this injectable? (JSP)

Is this injectable? (JSP) So, I'm dealing with an injection and can't figure out if I can actually do anything with it or not. The page in question is JSP and takes a GET parameter, appends it to the current domain/path, and adds .html to the end of it. Here's an example of the code: response.sendRedirect(basePath + path + getParam + ".html"); That getParam parameter is not sanitized. I can send it as "someotherfile.jsp#" and that will take care of the html file extension at the end, but this doesn't really get me anywhere other than redirecting to a resource that's already publicly available on the server anyway. If I supply something in the request that it doesn't know what to do with, it just returns "null.html", which is empty. Is there any other way to exploit this? http://sla.ckers.org/forum/read.php?16,43647,43647#msg-43647 Sat, 25 May 2013 13:55:36 -0500 Phorum 5.2.15a http://sla.ckers.org/forum/read.php?16,43647,43661#msg-43661 Re: Is this injectable? (JSP) http://sla.ckers.org/forum/read.php?16,43647,43661#msg-43661 dangerbear SQL and Code Injection Thu, 22 Mar 2012 08:57:44 -0500 http://sla.ckers.org/forum/read.php?16,43647,43649#msg-43649 Re: Is this injectable? (JSP) http://sla.ckers.org/forum/read.php?16,43647,43649#msg-43649 nEUrOO SQL and Code Injection Wed, 21 Mar 2012 14:16:29 -0500 http://sla.ckers.org/forum/read.php?16,43647,43648#msg-43648 Re: Is this injectable? (JSP) http://sla.ckers.org/forum/read.php?16,43647,43648#msg-43648 dangerbear SQL and Code Injection Wed, 21 Mar 2012 09:18:34 -0500 http://sla.ckers.org/forum/read.php?16,43647,43647#msg-43647 Is this injectable? (JSP) http://sla.ckers.org/forum/read.php?16,43647,43647#msg-43647 Here's an example of the code:

response.sendRedirect(basePath + path + getParam + ".html");

That getParam parameter is not sanitized. I can send it as "someotherfile.jsp#" and that will take care of the html file extension at the end, but this doesn't really get me anywhere other than redirecting to a resource that's already publicly available on the server anyway. If I supply something in the request that it doesn't know what to do with, it just returns "null.html", which is empty.

Is there any other way to exploit this?]]> dangerbear SQL and Code Injection Wed, 21 Mar 2012 09:09:52 -0500