首页 > 编程语言 > 详细


时间:2015-12-27 23:22:35      阅读:237      评论:0      收藏:0      [点我收藏+]







 1 <%@page import="java.sql.*"%>
 2 <%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%>
 3 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 4 <html>
 5 <head>
 6 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 7 <title> </title>
 8 </head>
 9 <body>
10 <% 
11         String user = request.getParameter("user");
12         String pass = request.getParameter("pass");
13         Class.forName("com.mysql.jdbc.Driver");
14         Connection con = (Connection)                                                              
15         DriverManager.getConnection("jdbc:mysql://localhost:3306/mydb", "root" ,"");
16         Statement st= con.createStatement();
17         ResultSet rs=st.executeQuery("select * from users where username=‘"+user+"‘ and password=‘"+pass+"‘ limit 0,1");
18         if(rs.next())
19         {
20                 out.println("Login success");
21         }
22         else
23         {
24                 out.println("Login failed");
25         }
26 %>



 1 <%@page import="java.sql.*"%>
 2 <%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%>
 3 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 4 <html>
 5 <head>
 6 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 7 <title></title>
 8 </head>
 9 <body>
10 <% 
11     String user = request.getParameter("user");
12     String pass = request.getParameter("pass");
13     Class.forName("com.mysql.jdbc.Driver");
14 Connection con = (Connection) 
15 DriverManager.getConnection("jdbc:mysql://localhost:3306/mydb", "root" , "");
16     PreparedStatement ps=(PreparedStatement) con.prepareStatement("select * from users where username=? and password=? limit 0,1");
17     ps.setString(1,user);
18     ps.setString(2,pass);
19     ResultSet rs=ps.executeQuery();
20     if(rs.next())
21     {
22         out.println("Login success");
23     }
24     else
25     {
26         out.println("Login failed");
27     }
28 %>
29 </body>





 1 <%@page import="java.sql.*"%>
 2 <%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%>
 3 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 4 <html>
 5 <head>
 6 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 7 <title></title>
 8 </head>
 9 <body>
10 <%
11 String user=request.getParameter("user");
12 String pass=request.getParameter("pass");
13 Class.forName("com.mysql.jdbc.Driver");
14 Connection con=(Connection)DriverManager.getConnection("jdbc:mysql://localhost:3306/mydb", "root" ,"");
15 PreparedStatement ps = (PreparedStatement) con.prepareStatement("insert into users_crypt values(?,?)");
16 ps.setString(1,user);
17 ps.setString(1,pass);
18 int res = ps.executeUpdate();
19 if(res>0)
20 {
21 out.println("Register success");
22 }
23 else
24 {
25 out.println("Register failed");
26 }
27 %>
28 </body>



 1 <%@page import="java.util.Calendar"%>
 2 <%@page import="java.text.SimpleDateFormat"%>
 3 <%@page import="java.text.DateFormat"%>
 4 <%@page import="java.math.BigInteger"%>
 5 <%@page import="java.security.MessageDigest"%>
 6 <%@page import="java.sql.*"%>
 7 <%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%>
 8 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 9 <html>
10 <head>
11 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
12 <title></title>
13 </head>
14 <body>
15 <%
16     String user=request.getParameter("user");
17     String pass=request.getParameter("pass");
18     DateFormat dateFormat = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss");
19     Calendar cal = Calendar.getInstance();
20     String reg_time = (dateFormat.format(cal.getTime())).toString();
21     String original = pass+reg_time;
22     String s = pass+reg_time;
23     MessageDigest m = MessageDigest.getInstance("MD5");
24     m.update(s.getBytes(),0,s.length());
25     String calc_hash = new BigInteger(1,m.digest()).toString(16);
26     if(calc_hash.length()<32)
27     {
28         calc_hash = "0"+calc_hash;
29     }
30     Class.forName("com.mysql.jdbc.Driver");
31     Connection con=(Connection)DriverManager.getConnection("jdbc:mysql://localhost:3306/mydb", "root" ,"");
32     PreparedStatement ps = (PreparedStatement) con.prepareStatement("insert into users_crypt values(?,?,?)");
33     ps.setString(1,user);
34     ps.setString(2,calc_hash);
35     ps.setString(3,reg_time);
36     int res = ps.executeUpdate();
37     if(res>0)
38     {
39         out.println("Register success");
40     }
41     else
42     {
43         out.println("Register failed");
44     }
45 %>
46 </body>
47 </html>





 1 <%@page import="java.sql.*"%>
 2 <%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%>
 3 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 4 <html>
 5 <head>
 6 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 7 <title> </title>
 8 </head>
 9 <body>
10 <% 
11     String user = request.getParameter("user");
12     String pass = request.getParameter("pass");
13     Class.forName("com.mysql.jdbc.Driver");
14     Connection con = (Connection) DriverManager.getConnection("jdbc:mysql://localhost:3306/mydb", "root" , "");
15     PreparedStatement ps=(PreparedStatement) con.prepareStatement("select * from users where username=? and password=? limit 0,1");
16     ps.setString(1,user);
17     ps.setString(2,pass);
18     ResultSet rs=ps.executeQuery();
19     if(rs.next())
20     {
21         session.setAttribute("useracc", rs.getString("user"));
22         out.println("Login success");
23     }
24     else
25     {
26         out.println("Login failed");
27     }
28 %>
29 </body>


 1 <%@page import="java.sql.*"%>
 2 <%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%>
 3 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 4 <html>
 5 <head>
 6 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 7 <title> </title>
 8 </head>
 9 <body>
10 <% 
11     String user = request.getParameter("user");
12     String pass = request.getParameter("pass");
13     Class.forName("com.mysql.jdbc.Driver");
14     Connection con = (Connection) DriverManager.getConnection("jdbc:mysql://localhost:3306/userdb", "root" , "");
15     PreparedStatement ps=(PreparedStatement) con.prepareStatement("select * from users where username=? and password=? limit 0,1");
16     ps.setString(1,user);
17     ps.setString(2,pass);
18     ResultSet rs=ps.executeQuery();
19     if(rs.next())
20     {
21         session.invalidate();
22         request.getSession(true);
23         session.setAttribute("useracc", rs.getString("user"));
24         out.println("Login success");
25     }
26     else
27     {
28         out.println("Login failed");
29     }
30 %>
31 </body>



Xss漏洞小伙伴们应该都比较熟悉了,攻击者可以向网页中注入恶意的JS或者HTML代码,有反射XSS、存储XSS、DOM XSS三种。


 1 <%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
 3 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 4 <html>
 5 <head>
 6 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
 7 <title>XSS Vulnerable</title>
 8 </head>
 9 <body>
10     <form action="xss-vuln.jsp" method="post">
11         Enter your name: <input type="text" name="name"><input type="submit">
12     </form>
14 <%
15     if(request.getMethod().equalsIgnoreCase("post"))
16     {
17         String name = request.getParameter("name");
18         if(!name.isEmpty())
19         {
20             out.println("<br>Hi "+name+". How are you?");
21         }
22     }
23 %>
25 </body>
26 </html>



 1 <%@page import="org.apache.commons.lang.StringEscapeUtils"%>
 2 <%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
 3 Patch 
 4 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 5 <html>
 6 <head>
 7 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
 8 <title>XSS Patched</title>
 9 </head>
10 <body>
11 <form action="xss-patch.jsp" method="post">
12 Enter your name: <input type="text" name="name"><input type="submit">
13 </form>
15 <%
16     if(request.getMethod().equalsIgnoreCase("post"))
17     {
18         String name =  
19         StringEscapeUtils.escapeHtml(request.getParameter("name"));
20         if(!name.isEmpty())
21         {
22             out.println("<br>Hi "+name+". How are you?");
23         }
24     }
25 %>
26 </body>

上面修复后的代码对用户提交的name参数进行了HTML的编码处理,使用了StringEscapeUtils类的escapeHtml方法,该方法会自动对特殊符号进行HTML编码处理。该类是包含在 commons-lang-2.4.jar包中的。




 1 <%@page import="java.util.Enumeration"%>
 2 <%@ page import="java.sql.*" %>
 3 <%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
 4 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 5 <html>
 6 <head>
 7 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
 8 <title>Account Balance</title>
 9 </head>
10 <body>
11 <%
12     int flag = 0;
13     Enumeration e = session.getAttributeNames();
14     while (e.hasMoreElements())
15     {
16         String name = (String) e.nextElement();
17         String value = session.getAttribute(name).toString();
18         if(name.equals("useracc") && !(value.isEmpty()))
19         {
20             flag = 1;
21             break;
22         }
23     }
24     if(flag == 1)
25     {
26         String accno = request.getParameter("accno");
27         Class.forName("com.mysql.jdbc.Driver");
28         Connection con = (Connection) DriverManager.getConnection("jdbc:mysql://localhost/mydb", "root", "");
29         PreparedStatement ps = (PreparedStatement) con.prepareStatement("select * from account_balance where accno=? limit 0,1");
30         ps.setString(1,accno);
31         ResultSet rs = ps.executeQuery();
32         if(rs.next())
33         {
34             String s = rs.getString("balance");
35             out.println("<h1>Welcome to your account</h1>");
36             out.println("<br>Account Number: "+session.getAttribute("useracc"));
37             out.println("<br>Your current balance is: "+s);
38         }
39         else
40         {
41             out.println("Error: Contact administrator.");
42         }
43     }
44     else
45     {
46         response.sendRedirect("login.jsp");
47     }
48 %>
49 </body>
50 </html>



 1 <%@page import="java.util.Enumeration"%>
 2 <%@ page import="java.sql.*" %>
 3 <%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
 4 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 5 <html>
 6 <head>
 7 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
 8 <title>Account Balance</title>
 9 </head>
10 <body>
11 <%
12     int flag = 0;
13     Enumeration e = session.getAttributeNames();
14     while (e.hasMoreElements())
15     {
16         String name = (String) e.nextElement();
17         String value = session.getAttribute(name).toString();
18         if(name.equals("useracc") && !(value.isEmpty()))
19         {
20             flag = 1;
21             break;
22         }
23     }
25     if(flag == 1)
26     {
27         String sess_accno = session.getAttribute("useracc").toString();
28         String accno = request.getParameter("accno");
29         if(sess_accno.equals(accno))
30         {
31             Class.forName("com.mysql.jdbc.Driver");
32             Connection con = (Connection) DriverManager.getConnection("jdbc:mysql://localhost/mydb", "root", "");
33             PreparedStatement ps = (PreparedStatement) con.prepareStatement("select * from account_balance where accno=? limit 0,1");
34             ps.setString(1,accno);
35             /*
36             This line will be better
37             ps.setString(1,sess_accno);
38             */
39             ResultSet rs = ps.executeQuery();
40             if(rs.next())
41             {
42                 String s = rs.getString("balance");
43                 out.println("<h1>Welcome to your account</h1>");
44                 out.println("<br>Account Number: "+session.getAttribute("useracc"));
45                 out.println("<br>Your current balance is: "+s);
46             }
47             else
48             {
49                 out.println("Error: Contact administrator.");
50             }
51         }
52         else
53         {
54             out.println("Unauthorized Access Detected");
55         }
56     }
57     else
58     {
59         response.sendRedirect("login.jsp");
60     }
61 %>
62 </body>
63 </html>




评论 一句话评论(0
关于我们 - 联系我们 - 留言反馈 - 联系我们:wmxa8@hotmail.com
© 2014 bubuko.com 版权所有