第六章 OWASP Top 10 2017 之外常見漏洞程式碼審計
阿新 • • 發佈:2021-09-22
1.CSRF
Referer過濾不嚴
if((referer!=null) && (referer.trim().startsWith("www.testdomain.com"))){}
2.SSRF
String url=request.getParameter("url"); URL u=new URL(url); URLConnection urlConnection=u.openConnection(); HttpURLConnection httpURLConnection=(HttpURLConnection)urlConnection; BufferedReader base=new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream(),"UTF-8"));
函式 |
HttpClient.execute() |
HttpClient.executeMethod() |
HttpURLConnection.concert() |
HttpURLConnection.getInputStream() |
URL.openStream() |
HttpServletRequest() |
BasicHttpEntityEnclosingRequest() |
DefaultBHttpClientConnection() |
BasicHttpRequest |
3.URL跳轉
response.sendRedirect(url);
錯誤的限制url=http://[email protected]
String trustUrl="http://www.baidu.com"; String url=request.getParameter("url"); String getUrl=url.substring(0, trustUrl.length()); if (getUrl.equals(trustUrl)){ response.sendRedirect(url); }
4.檔案上傳
錯誤判斷檔名字尾
String suffixName=fileName.substring(fileName.indexOf("."),fileName.length());
重點關注的類
函式或類名 |
File |
lastIndexOf |
indexOf |
Fileupload |
getRealPath |
getServletPath |
getPathInfo |
getContentType |
equalsIgnoredCase |
FileUtils |
MultipartFile |
MultipartRequestEntity |
UploadHandleServlet |
FileLoadServlet |
getInputStream |
DiskFileItemFactory |
任意檔案下載
主要關注
FileInputStream
String filename=request.getParameter("filename"); InputStream inputStream=new FileInputStream(filename); byte[] b =new byte[1024]; int len=0; while ((len= inputStream.read(b))>0){ response.getOutputStream().write(b,0,len); } response.getOutputStream().close(); inputStream.close();
6.5WEB後門
java.lang.Runtime.exec()
java.lang.ProcessBuilder.start()
6.6邏輯漏洞
略
6.7前端不安全配置
略
6.8拒絕服務
略
6.9點選劫持
略
6.10 http引數汙染
略