Home Jsp JSP Buffer Overflow

JSP Buffer Overflow
Posted on: February 3, 2009 at 12:00 AM

JSP Buffer Overflow is said to be overflow when the attribute 'autoFlush' of buffer is set to false.

JSP Buffer Overflow

JSP Buffer Overflow is said to be overflow when the attribute 'autoFlush' of buffer is set to false. As you know that anything generated by the JSP page is stored in a buffer. When the buffer is full, it is sent back to the browser. The autoFlush attribute provides control over the flushing of buffer. It tells when the buffer should be flushed. Incase you the set this attribute to false and buffer become full, an exception will be thrown which will be seen in the given below example.

Understand with Example

In this section, we are going to overflow the buffer and display the error message on the browser. To grasp the example we import a page buffer directive, that set to "1kb" and attribute autoFlush to "false". As we are aware that anything generated by the JSP page is stored in a buffer. When the buffer storage capacity reach to 1 kb, it's sent back to the browser. Here, we have create a for loop to display the image 500 times. Once the image displayed in the buffer is reached to1kb, an exception will be thrown and error message print on browser.

Here is the code of bufferOverflow.jsp

<%@page buffer="1kb" autoFlush="false" %>
<%
for(int i = 0; i < 500; i++){
out.println("<html><body><img src='miniature-rose-1.jpg'/></body></html>");
}
%>

Output will be displayed as:

Download Source Code:

Related Tags for JSP Buffer Overflow:
jsp, page, buffer, attribute, overflow, id, ai, set, js, flush, to, store, flow, sh, generate, auto, e, ls, in, no, as, tr, thin, j, false, age, over, rate, stored, tor, when, s, sp, at, any, k, is, ha, sa, uf, tt, s, s, ri, th, st, autoflush, hat, fe, o

«Previous Index Next»