Tag Archives: JSF

JSF ViewState Hack Attempt: java.lang.StringIndexOutOfBoundsException: String index out of range: -1 – com.sun.faces.renderkit.ServerSideStateHelper.getState (ServerSideStateHelper.java:313)

Hack Attempt on JSF ViewState

This article explains why the error¬†java.lang.StringIndexOutOfBoundsException: String index out of range: -1 in the class ServerSideStateHelper in the method getState¬†(313) might be someone trying to hack your application server. It is getting quite technical in here… but bear with me… it’s really interesting. I also break down the actual attack to demonstrate what the attacker was trying to do.

Continue reading