Patching DWR to hide exception error message

by Ye Yint Min Thu Htut 

Over the years,  we have been feeling itchy with Direct Web Remoting framework (DWR - 's infamous error message:

From compliance perspective, this may trigger disclosure of detailed error messages.  Yet developers are NOT in any control over it in any means.  

We realised the only way to fix it is to directly modify the source.  We managed to fix it.

Watch the video below to patch it yourself just to make our claims work.  We will not distribute JAR file as this may lead some guys to accuse us of  distributing potentially backdoored JAR files.

Video: Patching DWR 3.0.1  / Video: Patching DWR 2.11 -


Popular posts from this blog

XSS: Gaining access to HttpOnly Cookie in 2012

secure configurations for Laravel - The PHP Framework

HttpOnly Session ID in URL and Page Body | Cross Site Scripting