zoukankan      html  css  js  c++  java
  • 第六章 OWASP Top 10 2017 之外常见漏洞代码审计

    1.CSRF

    Referer过滤不严

    if((referer!=null) && (referer.trim().startsWith("www.testdomain.com"))){}
    

      

    2.SSRF

    String url=request.getParameter("url");
        URL u=new URL(url);
        URLConnection urlConnection=u.openConnection();
        HttpURLConnection httpURLConnection=(HttpURLConnection)urlConnection;
        BufferedReader base=new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream(),"UTF-8"));
    

      

    函数
    HttpClient.execute()
    HttpClient.executeMethod()
    HttpURLConnection.concert()
    HttpURLConnection.getInputStream()
    URL.openStream()
    HttpServletRequest()
    BasicHttpEntityEnclosingRequest()
    DefaultBHttpClientConnection()
    BasicHttpRequest

    3.URL跳转

    response.sendRedirect(url);
    

      

    错误的限制url=http://www.baidu.com@renren.com

    String trustUrl="http://www.baidu.com";
        String url=request.getParameter("url");
        String getUrl=url.substring(0, trustUrl.length());
        if (getUrl.equals(trustUrl)){
            response.sendRedirect(url);
        }
    

      

    4.文件上传

    错误判断文件名后缀

    String suffixName=fileName.substring(fileName.indexOf("."),fileName.length());
    

      

    重点关注的类

    函数或类名
    File
    lastIndexOf
    indexOf
    Fileupload
    getRealPath
    getServletPath
    getPathInfo
    getContentType
    equalsIgnoredCase
    FileUtils
    MultipartFile
    MultipartRequestEntity
    UploadHandleServlet
    FileLoadServlet
    getInputStream
    DiskFileItemFactory

    任意文件下载

    主要关注

    FileInputStream
    String filename=request.getParameter("filename");
        InputStream inputStream=new FileInputStream(filename);
        byte[] b =new byte[1024];
        int len=0;
        while ((len= inputStream.read(b))>0){
            response.getOutputStream().write(b,0,len);
        }
        response.getOutputStream().close();
        inputStream.close();
    

      

    6.5WEB后门

    java.lang.Runtime.exec()

    java.lang.ProcessBuilder.start()

    6.6逻辑漏洞

    6.7前端不安全配置

    6.8拒绝服务

    6.9点击劫持

    6.10 http参数污染

  • 相关阅读:
    GitHub(二)之修改项目语言类型
    GitHub(一)之图片上传问题
    Git入门操作(一)
    树莓派小白教程六部曲
    关于Ajax请求的JS封装函数
    JavaScript运动_封装模板(支持链式运动、完美运动)
    NAT-地址转换技术的配置
    JAVA连接Sql-Server教程
    Kibana对数据的可视化
    浏览器渲染机制
  • 原文地址:https://www.cnblogs.com/fczlm/p/15320592.html
Copyright © 2011-2022 走看看