webstudy

Want to know webstudy? we have a huge selection of webstudy information on alibabacloud.com

It is not as good as the 16-http protocol (2) of bad pen headers and the transfer of page data compression.

. getOutputStream (). write (g ); } Publicvoid doPost (HttpServletRequest request, HttpServletResponse response) ThrowsServletException, IOException { DoGet (request, response ); } } Modify web. xml as follows: 2. Running result Browser: 123456789012345678901234... It seems that there is no effect. 3. Test the compression method. The access URL on the browser is: http: // localhost: 8080/webStudy/encode All the data is normal, but it seems

Watch your door.-Client Pass Data (3)-http information header

"); enumerationString> Reqheadinfos =Request. Getheadernames ();inti =0; while(Reqheadinfos.hasmoreelements ()) {StringHeadname = (String) reqheadinfos.nextelement ();StringHeadvalue =Request. GetHeader (Headname);//Gets the value of the corresponding request header based on the name of the request header Out.write (Headname +":"+ Headvalue); Out.write (");if(Headname.equals ("Referer") (Headvalue.equals ("admin.jsp"))) {i =1; Login Successful}} out.write ("); Out.write (");if(i = =1) {Out.writ

Watch your door.-xss Attack (1)-Use reflective XSS vulnerability Cottage Red flag

filter, and then select Disable.3. A page that can be injected into an XSS vulnerabilityxssreflect.jsp"java" import="java.util.*" pageencoding= "UTF-8"%>html>head>title>Watch your door,-ah, classmate.title>meta name="Author" content ="Fan Fangming">head> body>Your address:String)request. GETREMOTEADDR ()%> br>Announcement message:String)request. GetParameter ("message")%> br> body>html>4. Normal access and use of XSS simple attacksNormal accessHttp://127.0.0.1:8080/

Optimistic about your portal-data transmission on the client-insecure URL parameters

passed to the user's browsing product directory, the system usually assigns a URL to the user, similar to the following: http://127.0.0.1:8080/webStudy/url.jsp?price=2199code=p7 Of course, if the URL containing the parameter is displayed in the browser address bar, many people know that this seems unsafe. Of course, we also need to believe that there must be a few such cases. In many cases, we do not want users to directly view them. We will use some

Look at your door.-Attack Server (4)-http parameter injection attack

= (String)Request. GetParameter ("Money");String to= (String)Request. GetParameter ("to");StringCheck = (String)Request. GetParameter ("Check");if(Check = =NULL) {check ="0"; }if(Check.equals ("1") {Out.write ("Ok,show me the money." "); }Else{Out.write ("Send money to:"+ to); }%> br> body>html>3. A typical case of soap injection attacksAccording to the normal input of the document if:http://127.0.0.1:8080/webStudy/httpAddParam.jsp?from=andsonto=ir

Optimistic about your portal-data transmission on the client-adjust the http referer using the browser

google, Baidu, or other websites. This is a simple and crude method, such as using chrome. Open the chrome browser, enter the keyword "", select a result, right-click "review elements", and you will see a string similar to: href = http://www.baidu.com/link?url=WzFUXPfNYdPlOwgYv0365ygF8PyiQkei6N9oih9v8WvgM_pnUHavjdgfJ6RVd_-1GWkZrYzVnGcCrDd5cF5MOqwd=%E6%81%AD%E5%96%9C%E5%8F%91%E8%B4%A2issp=1f=8ie=utf-8tn=baiduhome_pginputT=4466 Right-click to modify attributes. Change to: href =" http://127.0.0.1

Six ways to implement SDN

= "wkiol1o7zbuqpycjaaebrinh_1m415.jpg"/> Virtualization software API APIs and other virtualization software in hypervisor, such as VMware vsphere, virtualization servers, storage and network resources, can be centrally and distributed to various applications as needed. These tools include tools that can define resource pools and business tools that define service levels, and automatically enforce service levels to ensure application availability, performance, security, and scalability. Referenc

Maven creates Java and Web Project and imports Eclipse__java

Projects into Workspace"If you do not perform this step, you cannot import it in project mode. Web Project 1. NBSP;MVN Archetype:generate-dgroupid=com.oscar999-dartifactid=webstudy- Darchetypeartifactid=maven-archetype-webapp-dinteractivemode=false Generate project Structure 2. Import Eclipse The mvn eclipse:eclipse-dwtpversion=2.0 -dwtpversion=2.0 tells Maven to convert the project to Eclipse's Web project (WAR) instead of the default Ja

A good memory is better than a bad pen. 41-javaweb application in ServletRequest domain monitoring (5)

, can be ServletRequest object creation and destruction of these two actions to listen. * @author Fan Fangming * * Public class Easyservletrequestlistenerimplements Servletrequestlistener { @Override Public void requestinitialized(Servletrequestevent SRE) {System.out.println ("-----------"+ sre.getservletrequest () +", ServletRequest create"); }@Override Public void requestdestroyed(Servletrequestevent SRE) {System.out.println ("-----------"+ sre.getservletrequest () +", Servle

Better than a bad memory. 33-Compress response body content with Java filters

>Gzipfilterfilter-name> filter-class>Com.filter.EasyResponseGzipFilterfilter-class> filter> filter-mapping> filter-name>Gzipfilterfilter-name> url-pattern>*.jspurl-pattern> )-- dispatcher>FORWARDDispatcher> dispatcher>REQUESTDispatcher> filter-mapping> The output of the filter-mapping> filter-name>Gzipfilterfilter-name> url-pattern>*.jsurl-pattern> filter-mapping> filter-mapping> filter-name>Gzipfilterfilter-name> url-pattern>*

A good memory is better than a bad writer. 43-javaweb Session Event Listener (7)

) {System.out.println (name+", the session is removed. "); } PublicStringGetName() {returnName }}4. session.jsp for testing"java" pageencoding="UTF-8"%>"com.servlet.listener.EasyLisenterSelf" %>html> head> title>Simple testtitle> head> body> "Bean",new easylisenterself (" JavaBean monitoring itself ")); Removes the JavaBean object Session.removeattribute ("Bean") from the session; %> body>html>5. Operation ResultStart Web middleware, access from URL:http://127.0.0.1:8080/

Watch your door.-Authentication mechanism is attacked (2)-java brute force attack landing

simulate brute force attacks for web security only examples. * * @author Fan Fangming * * Public class easyattacklogin { //Common password list, for example only StaticString[] passwords = {"123","Qwert"};//has acquired a username, assuming this information we already know StaticString username ="Admin"; Public Static void Main(string[] args)throwsException {closeablehttpclient httpclient = Httpclients.createdefault ();Try{//impersonate user loginHttpPost HttpPost =NewHttpPost ("Http:

A good memory is better than a bad pen. 40-javaweb application in HttpSession domain monitoring (4)

JSP page.br>To access the JSP page, the HttpSession is created with the following ID: ${pagecontext.session.id}body>html>4. Operation resultStart Web middleware, access from URL:http://127.0.0.1:8080/webStudy/index.jspSee the output on the page:This is my JSP page.To access the JSP page, the HttpSession is created with the following ID: d18a1e95ae0a58c82e5984f6d6e12ae3Look at the console:--[email Protected],httpsession Object creationBecause we set t

A good memory is better than a bad pen. 42-javaweb Listener Object Domain property changes (6)

;body>HttpSession after the creation of the ID is: ${pagecontext.session.id}br> "name", "FFM") to the application domain object; Replace the value of the name attribute in the application domain object Application.setattribute ("name", "123"); Remove the name attribute Application.removeattribute ("name") from the application domain object; %>body>html>7. Operation ResultStart Web middleware, access from URL:http://127.0.0.1:8080/webStudy

A good memory is better than a bad writer. 49-javaweb in frame struts2 (4)

. ");return "Success"; }}5, with the test login.jsp"java" import="java.util.*" pageencoding= "GBK"%>html>head>title>My JSP ' index.jsp ' starting pagetitle>head> body> form Action="Alogin.action" method="POST" Name="Form1"> table Width="392" border="1"> tr Align="center"> TD colspan="2" bgcolor= "#FFCCFF">input type="Submit" value="Login" /> td> tr> table> form> body>html>6. Modification of STRUTS.XM 7. Operation ResultStart Middleware,

A good memory is better than a bad writer. 50-javaweb method interceptors in frame struts2 (5)

="Alogin.action" method="POST" name ="Form1"> table Width="392" border="1"> tr Align="center"> TD colspan="2" bgcolor= "#FFCCFF">input type="Submit" value="I will be intercepted and logged in" /> td> tr> table> form> form Action="Getexcludemethod.action" method="POST" name ="Form1"> table Width="392" border="1"> tr Align="center"> TD colspan="2" bgcolor= "#FFCCFF">input type="Submit" value="I don't want to be intercepted" />

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.