The first request I sent, was the following one:
[code]
POST /vaadin_vulnerabilities/UIDL/?v-uiId=0 HTTP/1.1
Host: localhost:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:43.0) Gecko/20100101 Firefox/43.0 Iceweasel/43.0.4
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json; charset=UTF-8
Referer: http://localhost:8080/vaadin_vulnerabilities/
Content-Length: 297
Cookie: JSESSIONID=ECA0E675E5C8F416C6D0C13FD9776865
Connection: close
{“csrfToken”:“f4266a0d-6a78-4652-9d9e-6c00022165df”,“rpc”:[[“15”,“com.vaadin.shared.ui.button.ButtonServerRpc”,“click”,[{“altKey”:false,“button”:“LEFT”,“clientX”:122,“clientY”:697,“ctrlKey”:false,“metaKey”:false,“relativeX”:85,“relativeY”:6,“shiftKey”:false,“type”:1}]
]],“syncId”:30,“clientId”:49}
[/code]I received no error messages. I looked in the response and everything was fine.
After that, I sent another request which was a little different to the previous one:
[code]
POST /vaadin_vulnerabilities/UIDL/?v-uiId=0 HTTP/1.1
Host: localhost:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:43.0) Gecko/20100101 Firefox/43.0 Iceweasel/43.0.4
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json; charset=UTF-8
Referer: http://localhost:8080/vaadin_vulnerabilities/
Content-Length: 421
Cookie: JSESSIONID=ECA0E675E5C8F416C6D0C13FD9776865
Connection: close
{“csrfToken”:“f4266a0d-6a78-4652-9d9e-6c00022165df”,“rpc”:[[“0”,“com.vaadin.shared.ui.ui.UIServerRpc”,“scroll”,[132,0]
],[“14”,“v”,“v”,[“text”,[“s”,“ls”]
]],[“14”,“v”,“v”,[“c”,[“i”,2]
]],[“15”,“com.vaadin.shared.ui.button.ButtonServerRpc”,“click”,[{“altKey”:false,“button”:“LEFT”,“clientX”:114,“clientY”:723,“ctrlKey”:false,“metaKey”:false,“relativeX”:77,“relativeY”:21,“shiftKey”:false,“type”:1}]
]],“syncId”:6,“clientId”:50}
[/code]This request caused an error message. Here is my stacktrace:
Nov 09, 2016 5:10:57 AM com.vaadin.server.communication.UidlRequestHandler synchronizedHandleRequest
SEVERE: Error writing JSON to response
elemental.json.JsonException: Invalid object: expecting } or ,
at elemental.json.impl.JsonTokenizer.parseObject(JsonTokenizer.java:236)
at elemental.json.impl.JsonTokenizer.nextValue(JsonTokenizer.java:171)
at elemental.json.impl.JreJsonFactory.parse(JreJsonFactory.java:64)
at elemental.json.impl.JsonUtil.parse(JsonUtil.java:200)
at com.vaadin.server.communication.ServerRpcHandler$RpcRequest.<init>(ServerRpcHandler.java:86)
at com.vaadin.server.communication.ServerRpcHandler.handleRpc(ServerRpcHandler.java:231)
at com.vaadin.server.communication.UidlRequestHandler.synchronizedHandleRequest(UidlRequestHandler.java:90)
at com.vaadin.server.SynchronizedRequestHandler.handleRequest(SynchronizedRequestHandler.java:41)
at com.vaadin.server.VaadinService.handleRequest(VaadinService.java:1414)
at com.vaadin.server.VaadinServlet.service(VaadinServlet.java:365)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:108)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:620)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:784)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:802)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1452)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Can anyone explain this to me?
Best regards,
Nazar