如果网站出现这种“万能密码”漏洞该怎么办呢
'or'='or' 漏洞修复 方法有很多在这里介绍两种,咱们使用第2种
方法1: Replace过滤字符
解决方法:查找login.asp下的
代码如下 | 复制代码 |
username=request.Form("name") pass=request.Form("pass") |
修改为:
代码如下 | 复制代码 |
username=Replace(request.Form("name"), "'", "''") pass=Replace(request.Form("pass"), "'", "''") |
语法是屏蔽'和''字符来达到效果.
下面我把一个有万能密码的bug程序进行修改
代码如下 | 复制代码 |
public String login() { String str1 = (String)getParamenterValue("username"); String str2 = (String)getParamenterValue("password"); List localList = this.entityManager.findByHQL("from AdminUser where username='" + str1 + "' and password='" + str2 + "'", false, -1, -1); if ((localList != null) && (localList.size() > 0)) { HttpSession localHttpSession = getHttpSession(); localHttpSession.setAttribute("adminuser", localList.get(0)); setToJsp("/managers/index.jsp"); return "toJsp"; } setToJsp("/adminlogin.jsp"); return "toJsp"; } |
修复之后的代码:
代码如下 | 复制代码 |
public String login() { String str1 = (String)getParamenterValue("username"); String str2 = (String)getParamenterValue("password"); List localList = this.entityManager.findByHQL("from AdminUser where username='" + str1 + "' and password='" + str2 + "'", false, -1, -1); if ((localList != null) && (localList.size() == 1)) { //if size > 1, don't login. AdminUser loginUser = (AdminUser)localList.get(0); if(loginUser.getUsername().equals(str1) && loginUser.getPassword().equals(str2)){ HttpSession localHttpSession = getHttpSession(); localHttpSession.setAttribute("adminuser", localList.get(0)); setToJsp("/managers/index.jsp"); }else{ setToJsp("/adminlogin.jsp"); } return "toJsp"; } setToJsp("/adminlogin.jsp"); return "toJsp"; } |
时间: 2024-10-31 10:55:47