如果網站出現這種“萬能密碼”漏洞該怎麼辦呢
'or'='or' 漏洞修複 方法有很多在這裡介紹兩種,咱們使用第2種
方法1: Replace過濾字元
解決方案:尋找login.asp下的
| 代碼如下 |
複製代碼 |
username=request.Form("name") pass=request.Form("pass") |
修改為:
| 代碼如下 |
複製代碼 |
username=Replace(request.Form("name"), "'", "''") pass=Replace(request.Form("pass"), "'", "''") |
文法是屏蔽'和''字元來達到效果.
下面我把一個有萬能密碼的bug程式進行修改
| 代碼如下 |
複製代碼 |
public String login()
{
String str1 = (String)getParamenterValue("username");
String str2 = (String)getParamenterValue("password");
List localList = this.entityManager.findByHQL("from AdminUser where username='" + str1 + "' and password='" + str2 + "'", false, -1, -1);
if ((localList != null) && (localList.size() > 0))
{
HttpSession localHttpSession = getHttpSession();
localHttpSession.setAttribute("adminuser", localList.get(0));
setToJsp("/managers/index.jsp");
return "toJsp";
}
setToJsp("/adminlogin.jsp");
return "toJsp";
} |
修複之後的代碼:
| 代碼如下 |
複製代碼 |
public String login()
{
String str1 = (String)getParamenterValue("username");
String str2 = (String)getParamenterValue("password");
List localList = this.entityManager.findByHQL("from AdminUser where username='" + str1 + "' and password='" + str2 + "'", false, -1, -1);
if ((localList != null) && (localList.size() == 1))
{
//if size > 1, don't login.
AdminUser loginUser = (AdminUser)localList.get(0);
if(loginUser.getUsername().equals(str1) && loginUser.getPassword().equals(str2)){
HttpSession localHttpSession = getHttpSession();
localHttpSession.setAttribute("adminuser", localList.get(0));
setToJsp("/managers/index.jsp");
}else{
setToJsp("/adminlogin.jsp");
}
return "toJsp";
}
setToJsp("/adminlogin.jsp");
return "toJsp";
} |
