Java代审6:XSS和SSRF
0x01 XSS
package com.example.servlet;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
public class XSSServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
String content = req.getParameter("content");
resp.setContentType("text/html");
PrintWriter out = resp.getWriter();
out.write(content);
out.close();
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
doGet(req, resp);
}
}
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd"
version="4.0">
<servlet>
<servlet-name>XSSServlet</servlet-name>
<servlet-class>com.example.servlet.XSSServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>XSSServlet</servlet-name>
<url-pattern>/test.jsp</url-pattern>
</servlet-mapping>
</web-app>
2.1 将特殊字符实体化编码
public String xssWrapper1(String content) {//利用实体化编码将特殊字符转义
content = StringUtils.replace(content, "&", "&");
content = StringUtils.replace(content, "<", "<");
content = StringUtils.replace(content, ">", ">");
content = StringUtils.replace(content, "\"", """);
content = StringUtils.replace(content, "'", "'");
content = StringUtils.replace(content, "/", "/");
return content;
}
public String xssWrapper2(String content) {
//利用spring自带的编码格式对字符进行编码
return HtmlUtils.htmlEscape(content);
}
0x02 SSRF
package com.example.servlet;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.net.URL;
import java.net.URLConnection;
public class SSRFServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
String file = req.getParameter("file");
String s = URLConnection(file);
resp.setContentType("text/html");
PrintWriter out = resp.getWriter();
out.write(s);
out.close();
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
doGet(req, resp);
}
public static String URLConnection(String url) {
try {
URL u = new URL(url);
URLConnection conn = u.openConnection();
BufferedReader reader = new BufferedReader(new InputStreamReader(conn.getInputStream()));
String content;
StringBuffer html = new StringBuffer();
while ((content = reader.readLine()) != null) {
html.append(content);
}
reader.close();
return html.toString();
} catch (Exception e) {
return e.getMessage();
}
}
}
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd"
version="4.0">
<servlet>
<servlet-name>SSRFServlet</servlet-name>
<servlet-class>com.example.servlet.SSRFServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>SSRFServlet</servlet-name>
<url-pattern>/test.jsp</url-pattern>
</servlet-mapping>
</web-app>
1.3.1 任意文件读取
1.3.2.1 地址存活
1.3.2.2地址不存活
【必须】避免直接访问不可信地址
服务器访问不可信地址时,禁止访问私有地址段及内网域名。
建议通过URL解析函数进行解析,获取host或者domain后通过DNS获取其IP,然后和内网地址进行比较。
对已校验通过地址进行访问时,应关闭跟进跳转功能。
关注公众号:拾黑(shiheibook)了解更多
[广告]赞助链接:
四季很好,只要有你,文娱排行榜:https://www.yaopaiming.com/
让资讯触达的更精准有趣:https://www.0xu.cn/
关注网络尖刀微信公众号
随时掌握互联网精彩
随时掌握互联网精彩
赞助链接
排名
热点
搜索指数
- 1 奋力打开改革发展新天地 7979969
- 2 男子驾车冲撞小学生被判死缓 7982779
- 3 微信可以线上送实体礼物了 7840928
- 4 “冷资源”里的“热经济” 7725331
- 5 刘诗诗方辟谣离婚 7640470
- 6 全球约有1.9亿妇女为内异症患者 7532109
- 7 遭恶犬袭击4岁男童或需全身换血 7466546
- 8 肖战新片射雕英雄传郭靖造型曝光 7328202
- 9 孙颖莎提车 7291446
- 10 蒋欣生图更是妈妈级别 7134261