【www.bbyears.com--js教程】
如果网站出现这种“万能密码”漏洞该怎么办呢
"or"="or" 漏洞修复 方法有很多在这里介绍两种,咱们使用第2种
方法1: Replace过滤字符
解决方法:查找login.asp下的
代码如下username=request.Form("name")
pass=request.Form("pass")
修改为:
代码如下username=Replace(request.Form("name"), """, """")
pass=Replace(request.Form("pass"), """, """")
语法是屏蔽"和""字符来达到效果.
下面我把一个有万能密码的bug程序进行修改
public String login()
{
String str1 = (String)getParamenterValue("username");
String str2 = (String)getParamenterValue("password");
List localList = this.entityManager.findByHQL("from AdminUser where username="" + str1 + "" and password="" + str2 + """, false, -1, -1);
if ((localList != null) && (localList.size() > 0))
{
HttpSession localHttpSession = getHttpSession();
localHttpSession.setAttribute("adminuser", localList.get(0));
setToJsp("/managers/index.jsp");
return "toJsp";
}
setToJsp("/adminlogin.jsp");
return "toJsp";
}
修复之后的代码:
代码如下public String login()
{
String str1 = (String)getParamenterValue("username");
String str2 = (String)getParamenterValue("password");
List localList = this.entityManager.findByHQL("from AdminUser where username="" + str1 + "" and password="" + str2 + """, false, -1, -1);
if ((localList != null) && (localList.size() == 1))
{
//if size > 1, don"t login.
AdminUser loginUser = (AdminUser)localList.get(0);
if(loginUser.getUsername().equals(str1) && loginUser.getPassword().equals(str2)){
HttpSession localHttpSession = getHttpSession();
localHttpSession.setAttribute("adminuser", localList.get(0));
setToJsp("/managers/index.jsp");
}else{
setToJsp("/adminlogin.jsp");
}
return "toJsp";
}
setToJsp("/adminlogin.jsp");
return "toJsp";
}