We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
1.两处文件上传绕过: 由于在代码中采用了黑名单过滤后缀“.jsp”和“.asp”,攻击者可以利用windows自动去除后缀“.”,"::$DATA”等,来进行绕过。如下: /uploadFileList 接口: 代码分析: 漏洞复现: /upFile 接口: 代码分析: 漏洞复现:
建议修复方案:采用白名单防御,仅允许上传.txt,.zip,.png,.mp3等常见后缀,禁止上传脚本格式,,如:.html(可导致产生存储型XSS),.jsp,.jspx, .php .asp等,可导致代码执行!!!
2.两处SQL注入,由于采用了"${"的方式进行拼接,所以导致产生SQL注入问题,如下: 漏洞产生位置: com/rawchen/mapper/ContentMapper.xml: com/rawchen/mapper/TagMapper.xml: 漏洞复现:
建议修复方案:
The text was updated successfully, but these errors were encountered:
No branches or pull requests
1.两处文件上传绕过:
由于在代码中采用了黑名单过滤后缀“.jsp”和“.asp”,攻击者可以利用windows自动去除后缀“.”,"::$DATA”等,来进行绕过。如下:
/uploadFileList 接口:
代码分析:
漏洞复现:
/upFile 接口:
代码分析:
漏洞复现:
建议修复方案:采用白名单防御,仅允许上传.txt,.zip,.png,.mp3等常见后缀,禁止上传脚本格式,,如:.html(可导致产生存储型XSS),.jsp,.jspx, .php .asp等,可导致代码执行!!!
2.两处SQL注入,由于采用了"${"的方式进行拼接,所以导致产生SQL注入问题,如下:
漏洞产生位置:
com/rawchen/mapper/ContentMapper.xml:
com/rawchen/mapper/TagMapper.xml:
漏洞复现:
建议修复方案:
The text was updated successfully, but these errors were encountered: