记录一下JSP万能密码漏洞修复方案,预编译其实就可以解决哇,无奈代码用Hibernate,太菜了,瞬间就不知道咋写预编译的了。只好用最笨的办法,记录之,漏洞代码如下:
public String login()
{
String str1 = (String)getParamenterValue("username");
String str2 = (String)getParamenterValue("password");
List localList = this.entityManager.findByHQL("from AdminUser where username='" + str1 + "' and password='" + str2 + "'", false, -1, -1);
if ((localList != null) && (localList.size() > 0))
{
HttpSession localHttpSession = getHttpSession();
localHttpSession.setAttribute("adminuser", localList.get(0));
setToJsp("/managers/index.jsp");
return "toJsp";
}
setToJsp("/adminlogin.jsp");
return "toJsp";
}
修复之后的代码:
public String login()
{
String str1 = (String)getParamenterValue("username");
String str2 = (String)getParamenterValue("password");
List localList = this.entityManager.findByHQL("from AdminUser where username='" + str1 + "' and password='" + str2 + "'", false, -1, -1);
if ((localList != null) && (localList.size() == 1))
{
//if size > 1, don't login.
AdminUser loginUser = (AdminUser)localList.get(0);
if(loginUser.getUsername().equals(str1) && loginUser.getPassword().equals(str2)){
HttpSession localHttpSession = getHttpSession();
localHttpSession.setAttribute("adminuser", localList.get(0));
setToJsp("/managers/index.jsp");
}else{
setToJsp("/adminlogin.jsp");
}
return "toJsp";
}
setToJsp("/adminlogin.jsp");
return "toJsp";
}
Related Posts
- 本文固定链接: http://www.nxadmin.com/system/1247.html
- 转载请注明: admin 于 阿德马Web安全 发表
可以这样:
String hql = "from Emp where ename=?";
String hql = "from Emp where ename=:ename"; //使用参数名称动态绑定!(推荐使用!)
Query q = session.createQuery(hql);
// q.setString(0, "SMITH"); //参数索引从0开始计数,而不像jdbc一样从1开始。
q.setString("ename", "SMITH");
也可以这样:
String hql = "from Emp e where e.dept.deptno=? ";
Query q = session.createQuery(hql);
q.setInteger(0, 10);
其实就是占位
博客真不错,不懂安全的小菜飘过