Patching DWR to hide exception error message

by Ye Yint Min Thu Htut 

Over the years,  we have been feeling itchy with Direct Web Remoting framework (DWR - http://directwebremoting.org/dwr/index.html) 's infamous error message:




From compliance perspective, this may trigger disclosure of detailed error messages.  Yet developers are NOT in any control over it in any means.  

We realised the only way to fix it is to directly modify the source.  We managed to fix it.

Watch the video below to patch it yourself just to make our claims work.  We will not distribute JAR file as this may lead some guys to accuse us of  distributing potentially backdoored JAR files.

Video: Patching DWR 3.0.1  / Video: Patching DWR 2.11 -

https://github.com/yehgdotnet/DWR-Custom-Error-Patching




Comments

Popular posts from this blog

Bypassing referrer check with no script involved

Jumping out of Touch Screen Kiosks