Friday, February 26, 2016

Patching DWR to hide exception error message

by Ye Yint Min Thu Htut 

Over the years,  we have been feeling itchy with Direct Web Remoting framework (DWR - http://directwebremoting.org/dwr/index.html) 's infamous error message:




From compliance perspective, this may trigger disclosure of detailed error messages.  Yet developers are NOT in any control over it in any means.  

We realised the only way to fix it is to directly modify the source.  We managed to fix it.

Watch the video below to patch it yourself just to make our claims work.  We will not distribute JAR file as this may lead some guys to accuse us of  distributing potentially backdoored JAR files.

Video: Patching DWR 3.0.1

Video: Patching DWR 2.11




No comments:

Post a Comment