记录一下JSP万能密码漏洞修复方案,预编译其实就可以解决哇,无奈代码用Hibernate,太菜了,瞬间就不知道咋写预编译的了。只好用最笨的办法,记录之,漏洞代码如下:
public String login() { String str1 = (String)getParamenterValue("username"); String str2 = (String)getParamenterValue("password"); List localList = this.entityManager.findByHQL("from AdminUser where username='" + str1 + "' and password='" + str2 + "'", false, -1, -1); if ((localList != null) && (localList.size() > 0)) { HttpSession localHttpSession = getHttpSession(); localHttpSession.setAttribute("adminuser", localList.get(0)); setToJsp("/managers/index.jsp"); return "toJsp"; } setToJsp("/adminlogin.jsp"); return "toJsp"; }
修复之后的代码:
public String login() { String str1 = (String)getParamenterValue("username"); String str2 = (String)getParamenterValue("password"); List localList = this.entityManager.findByHQL("from AdminUser where username='" + str1 + "' and password='" + str2 + "'", false, -1, -1); if ((localList != null) && (localList.size() == 1)) { //if size > 1, don't login. AdminUser loginUser = (AdminUser)localList.get(0); if(loginUser.getUsername().equals(str1) && loginUser.getPassword().equals(str2)){ HttpSession localHttpSession = getHttpSession(); localHttpSession.setAttribute("adminuser", localList.get(0)); setToJsp("/managers/index.jsp"); }else{ setToJsp("/adminlogin.jsp"); } return "toJsp"; } setToJsp("/adminlogin.jsp"); return "toJsp"; }
- 本文固定链接: http://www.nxadmin.com/system/1247.html
- 转载请注明: admin 于 阿德马Web安全 发表