New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
发现几处安全问题 #6
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1.两处文件上传绕过:
由于在代码中采用了黑名单过滤后缀“.jsp”和“.asp”,攻击者可以利用windows自动去除后缀“.”,"::$DATA”等,来进行绕过。如下:
/uploadFileList 接口:
代码分析:
漏洞复现:
/upFile 接口:
代码分析:
漏洞复现:
建议修复方案:采用白名单防御,仅允许上传.txt,.zip,.png,.mp3等常见后缀,禁止上传脚本格式,,如:.html(可导致产生存储型XSS),.jsp,.jspx, .php .asp等,可导致代码执行!!!
2.两处SQL注入,由于采用了"${"的方式进行拼接,所以导致产生SQL注入问题,如下:
漏洞产生位置:
com/rawchen/mapper/ContentMapper.xml:
com/rawchen/mapper/TagMapper.xml:
漏洞复现:
建议修复方案:
The text was updated successfully, but these errors were encountered: