Want to know webstudy? we have a huge selection of webstudy information on alibabacloud.com
. getOutputStream (). write (g ); } Publicvoid doPost (HttpServletRequest request, HttpServletResponse response) ThrowsServletException, IOException { DoGet (request, response ); } } Modify web. xml as follows: 2. Running result Browser: 123456789012345678901234... It seems that there is no effect. 3. Test the compression method. The access URL on the browser is: http: // localhost: 8080/webStudy/encode All the data is normal, but it seems
"); enumerationString> Reqheadinfos =Request. Getheadernames ();inti =0; while(Reqheadinfos.hasmoreelements ()) {StringHeadname = (String) reqheadinfos.nextelement ();StringHeadvalue =Request. GetHeader (Headname);//Gets the value of the corresponding request header based on the name of the request header Out.write (Headname +":"+ Headvalue); Out.write (");if(Headname.equals ("Referer") (Headvalue.equals ("admin.jsp"))) {i =1; Login Successful}} out.write ("); Out.write (");if(i = =1) {Out.writ
filter, and then select Disable.3. A page that can be injected into an XSS vulnerabilityxssreflect.jsp"java" import="java.util.*" pageencoding= "UTF-8"%>html>head>title>Watch your door,-ah, classmate.title>meta name="Author" content ="Fan Fangming">head> body>Your address:String)request. GETREMOTEADDR ()%> br>Announcement message:String)request. GetParameter ("message")%> br> body>html>4. Normal access and use of XSS simple attacksNormal accessHttp://127.0.0.1:8080/
passed to the user's browsing product directory, the system usually assigns a URL to the user, similar to the following: http://127.0.0.1:8080/webStudy/url.jsp?price=2199code=p7 Of course, if the URL containing the parameter is displayed in the browser address bar, many people know that this seems unsafe. Of course, we also need to believe that there must be a few such cases. In many cases, we do not want users to directly view them. We will use some
= (String)Request. GetParameter ("Money");String to= (String)Request. GetParameter ("to");StringCheck = (String)Request. GetParameter ("Check");if(Check = =NULL) {check ="0"; }if(Check.equals ("1") {Out.write ("Ok,show me the money." "); }Else{Out.write ("Send money to:"+ to); }%> br> body>html>3. A typical case of soap injection attacksAccording to the normal input of the document if:http://127.0.0.1:8080/webStudy/httpAddParam.jsp?from=andsonto=ir
google, Baidu, or other websites. This is a simple and crude method, such as using chrome. Open the chrome browser, enter the keyword "", select a result, right-click "review elements", and you will see a string similar to: href = http://www.baidu.com/link?url=WzFUXPfNYdPlOwgYv0365ygF8PyiQkei6N9oih9v8WvgM_pnUHavjdgfJ6RVd_-1GWkZrYzVnGcCrDd5cF5MOqwd=%E6%81%AD%E5%96%9C%E5%8F%91%E8%B4%A2issp=1f=8ie=utf-8tn=baiduhome_pginputT=4466 Right-click to modify attributes. Change to: href =" http://127.0.0.1
= "wkiol1o7zbuqpycjaaebrinh_1m415.jpg"/> Virtualization software API APIs and other virtualization software in hypervisor, such as VMware vsphere, virtualization servers, storage and network resources, can be centrally and distributed to various applications as needed. These tools include tools that can define resource pools and business tools that define service levels, and automatically enforce service levels to ensure application availability, performance, security, and scalability. Referenc
Projects into Workspace"If you do not perform this step, you cannot import it in project mode. Web Project 1. NBSP;MVN Archetype:generate-dgroupid=com.oscar999-dartifactid=webstudy- Darchetypeartifactid=maven-archetype-webapp-dinteractivemode=false Generate project Structure 2. Import Eclipse The mvn eclipse:eclipse-dwtpversion=2.0 -dwtpversion=2.0 tells Maven to convert the project to Eclipse's Web project (WAR) instead of the default Ja
, can be ServletRequest object creation and destruction of these two actions to listen. * @author Fan Fangming * * Public class Easyservletrequestlistenerimplements Servletrequestlistener { @Override Public void requestinitialized(Servletrequestevent SRE) {System.out.println ("-----------"+ sre.getservletrequest () +", ServletRequest create"); }@Override Public void requestdestroyed(Servletrequestevent SRE) {System.out.println ("-----------"+ sre.getservletrequest () +", Servle
>Gzipfilterfilter-name> filter-class>Com.filter.EasyResponseGzipFilterfilter-class> filter> filter-mapping> filter-name>Gzipfilterfilter-name> url-pattern>*.jspurl-pattern> )-- dispatcher>FORWARDDispatcher> dispatcher>REQUESTDispatcher> filter-mapping> The output of the filter-mapping> filter-name>Gzipfilterfilter-name> url-pattern>*.jsurl-pattern> filter-mapping> filter-mapping> filter-name>Gzipfilterfilter-name> url-pattern>*
) {System.out.println (name+", the session is removed. "); } PublicStringGetName() {returnName }}4. session.jsp for testing"java" pageencoding="UTF-8"%>"com.servlet.listener.EasyLisenterSelf" %>html> head> title>Simple testtitle> head> body> "Bean",new easylisenterself (" JavaBean monitoring itself ")); Removes the JavaBean object Session.removeattribute ("Bean") from the session; %> body>html>5. Operation ResultStart Web middleware, access from URL:http://127.0.0.1:8080/
simulate brute force attacks for web security only examples. * * @author Fan Fangming * * Public class easyattacklogin { //Common password list, for example only StaticString[] passwords = {"123","Qwert"};//has acquired a username, assuming this information we already know StaticString username ="Admin"; Public Static void Main(string[] args)throwsException {closeablehttpclient httpclient = Httpclients.createdefault ();Try{//impersonate user loginHttpPost HttpPost =NewHttpPost ("Http:
JSP page.br>To access the JSP page, the HttpSession is created with the following ID: ${pagecontext.session.id}body>html>4. Operation resultStart Web middleware, access from URL:http://127.0.0.1:8080/webStudy/index.jspSee the output on the page:This is my JSP page.To access the JSP page, the HttpSession is created with the following ID: d18a1e95ae0a58c82e5984f6d6e12ae3Look at the console:--[email Protected],httpsession Object creationBecause we set t
;body>HttpSession after the creation of the ID is: ${pagecontext.session.id}br> "name", "FFM") to the application domain object; Replace the value of the name attribute in the application domain object Application.setattribute ("name", "123"); Remove the name attribute Application.removeattribute ("name") from the application domain object; %>body>html>7. Operation ResultStart Web middleware, access from URL:http://127.0.0.1:8080/webStudy
. ");return "Success"; }}5, with the test login.jsp"java" import="java.util.*" pageencoding= "GBK"%>html>head>title>My JSP ' index.jsp ' starting pagetitle>head> body> form Action="Alogin.action" method="POST" Name="Form1"> table Width="392" border="1"> tr Align="center"> TD colspan="2" bgcolor= "#FFCCFF">input type="Submit" value="Login" /> td> tr> table> form> body>html>6. Modification of STRUTS.XM 7. Operation ResultStart Middleware,
="Alogin.action" method="POST" name ="Form1"> table Width="392" border="1"> tr Align="center"> TD colspan="2" bgcolor= "#FFCCFF">input type="Submit" value="I will be intercepted and logged in" /> td> tr> table> form> form Action="Getexcludemethod.action" method="POST" name ="Form1"> table Width="392" border="1"> tr Align="center"> TD colspan="2" bgcolor= "#FFCCFF">input type="Submit" value="I don't want to be intercepted" />
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
