blog-ssm
blog-ssm copied to clipboard
rawchen
一个简单漂亮的SSM博客系统。
## Unrestricted Upload of File with Dangerous Type In /upFile #### [Suggested description] blog-ssm v1.0 was found to contain an arbitrary file upload vulnerability via the component /upFile. This vulnerability...
## Improper Authorization In /adminGetUserList #### [Suggested description] blog-ssm v1.0 was found to contain an unauthorized access vulnerability through the component /adminGetUserList. This vulnerability allows an attacker to obtain sensitive...
## Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In /comment #### [Suggested description] blog-ssm v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component...
## Unrestricted Upload of File with Dangerous Type In /uploadFileList #### [Suggested description] blog-ssm v1.0 was found to contain an arbitrary file upload vulnerability via the component /uploadFileList. This vulnerability...
1.两处文件上传绕过: 由于在代码中采用了黑名单过滤后缀“.jsp”和“.asp”,攻击者可以利用windows自动去除后缀“.”,"::$DATA”等,来进行绕过。如下: /uploadFileList 接口: 代码分析:   漏洞复现:   /upFile 接口: 代码分析:     漏洞复现:   建议修复方案:采用白名单防御,仅允许上传.txt,.zip,.png,.mp3等常见后缀,禁止上传脚本格式,,如:.html(可导致产生存储型XSS),.jsp,.jspx, .php .asp等,可导致代码执行!!! 2.两处SQL注入,由于采用了"${"的方式进行拼接,所以导致产生SQL注入问题,如下: 漏洞产生位置: com/rawchen/mapper/ContentMapper.xml:  com/rawchen/mapper/TagMapper.xml:  漏洞复现:...
