zoukankan      html  css  js  c++  java
  • 正则表达式攻击

    今天在线上环境发现cpu利用率100%问题,top出来确实有个进程一直占着100%CPU,记下这个pid然后Shift+H查看线程占用资源情况,记下pid,这时pid其实是线程ID,到java堆栈去找要转为十六进制;

    jstack [pid] |grep -n 'nid=0x249c' 这一行就是占用资源的线程

    "New I/O server worker #1-11" prio=10 tid=0x000000005d8e8000 nid=0x249c runnable [0x0000000042216000]
       java.lang.Thread.State: RUNNABLE
    	at java.util.regex.Pattern$CharProperty$1.isSatisfiedBy(Pattern.java:3337)
    	at java.util.regex.Pattern$CharProperty.match(Pattern.java:3345)
    	at java.util.regex.Pattern$Curly.match0(Pattern.java:3770)
    	at java.util.regex.Pattern$Curly.match(Pattern.java:3744)
    	at java.util.regex.Pattern$BmpCharProperty.match(Pattern.java:3366)
    	at java.util.regex.Pattern$GroupHead.match(Pattern.java:4168)
    	at java.util.regex.Pattern$Loop.match(Pattern.java:4295)
    	at java.util.regex.Pattern$GroupTail.match(Pattern.java:4227)
    	at java.util.regex.Pattern$Curly.match0(Pattern.java:3782)
    	at java.util.regex.Pattern$Curly.match(Pattern.java:3744)
    	at java.util.regex.Pattern$BmpCharProperty.match(Pattern.java:3366)
    	at java.util.regex.Pattern$GroupHead.match(Pattern.java:4168)
    	at java.util.regex.Pattern$Loop.match(Pattern.java:4295)
    	at java.util.regex.Pattern$GroupTail.match(Pattern.java:4227)
    	at java.util.regex.Pattern$Curly.match0(Pattern.java:3782)
    	at java.util.regex.Pattern$Curly.match(Pattern.java:3744)
    	at java.util.regex.Pattern$BmpCharProperty.match(Pattern.java:3366)
    	at java.util.regex.Pattern$GroupHead.match(Pattern.java:4168)
    	at java.util.regex.Pattern$Loop.match(Pattern.java:4295)
    .........
    

      通过上下文可以看到是在用户登录时,调用了一个正则运算,通过日志查看到这一行不正常信息

    request.body:{"login_name":"..\\/...\\/..\\/.\\/..\\/...\\/..\\/.\\/..\\/...\\/..\\/.\\/..\\/...\\/..\\/.\\/..\\/...\\/..\\/.\\/..\\/...\\/..\\/.\\/etc\\/passwd","password":"***"}
    

      在本地试了下,果然重现了!

    后来把正则表达式换成“^[\\w-]+(\\.[\\w-]+)*@[\\w-]+(\\.[\\w-]+)+$”就正常了...

  • 相关阅读:
    KDJ回测
    利用网易获取所有股票数据
    利用东方财富网获取股票代码
    python发邮件
    用指针向数组插入元素
    冒泡排序
    Hadoop的安装与配置
    关于执行memcached报错问题
    tomcat Linux安装
    网易CentOS yum源
  • 原文地址:https://www.cnblogs.com/langke93/p/2520526.html
Copyright © 2011-2022 走看看