问题详情
描述
1.XSS注入
web.xml 加入下面过滤器, 加入sql filter
<filter>
<filter-name>SqlFilter</filter-name>
<filter-class>com.liveneo.msplatform.common.filter.SqlFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>SqlFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
2. HTML表单未进行CSRF防护
3.表单CSRF防护缺失
https://blog.csdn.net/u010981786/article/details/51012782
4.点击劫持:无X-Frame-Options头信息
https://blog.csdn.net/ylf20131001/article/details/88550243
tomcat web.xml 添加下面过滤器
<filter>
<filter-name>httpHeaderSecurity</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<init-param>
<param-name>antiClickJackingEnabled</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>antiClickJackingOption</param-name>
<param-value> SAMEORIGIN</param-value>
</init-param>
<async-supported>true</async-supported>
</filter>
<filter-mapping>
<filter-name>httpHeaderSecurity</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
5.登录页面密码猜解
推荐当某账户尝试数次错误密码后,则将账户锁定。
6.脆弱的Javascript库
升级JavaScript库到最新版本。
7.发现应用程序错误信息
删除或升级插件版本
活动
字段 | 原值 | 新值 |
---|---|---|
附件 | screenshot-1.png [ 18289 ] |
附件 | screenshot-2.png [ 18290 ] |
附件 | 附件1、漏洞检测总报告.docx [ 18291 ] |
描述 | 1.XSS注入 |
描述 | 1.XSS注入 |
1.XSS注入
web.xml <filter> <filter-name>SqlFilter</filter-name> <filter-class>com.liveneo.msplatform.common.filter.SqlFilter</filter-class> </filter> <filter-mapping> <filter-name>SqlFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> |
附件 | SqlFilter.java [ 18292 ] |
描述 |
1.XSS注入
web.xml <filter> <filter-name>SqlFilter</filter-name> <filter-class>com.liveneo.msplatform.common.filter.SqlFilter</filter-class> </filter> <filter-mapping> <filter-name>SqlFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> |
1.XSS注入
web.xml 加入下面过滤器, 加入sql filter <filter> <filter-name>SqlFilter</filter-name> <filter-class>com.liveneo.msplatform.common.filter.SqlFilter</filter-class> </filter> <filter-mapping> <filter-name>SqlFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> |
经办人 | 蒋晓佳 [ jiangxj ] | 赵野 [ zhaoye ] |
描述 |
1.XSS注入
web.xml 加入下面过滤器, 加入sql filter <filter> <filter-name>SqlFilter</filter-name> <filter-class>com.liveneo.msplatform.common.filter.SqlFilter</filter-class> </filter> <filter-mapping> <filter-name>SqlFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> |
1.XSS注入
web.xml 加入下面过滤器, 加入sql filter <filter> <filter-name>SqlFilter</filter-name> <filter-class>com.liveneo.msplatform.common.filter.SqlFilter</filter-class> </filter> <filter-mapping> <filter-name>SqlFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> 2. HTML表单未进行CSRF防护 3.表单CSRF防护缺失 http://www.javashuo.com/article/p-wkurkowm-x.html 4. |
描述 |
1.XSS注入
web.xml 加入下面过滤器, 加入sql filter <filter> <filter-name>SqlFilter</filter-name> <filter-class>com.liveneo.msplatform.common.filter.SqlFilter</filter-class> </filter> <filter-mapping> <filter-name>SqlFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> 2. HTML表单未进行CSRF防护 3.表单CSRF防护缺失 http://www.javashuo.com/article/p-wkurkowm-x.html 4. |
1.XSS注入
web.xml 加入下面过滤器, 加入sql filter <filter> <filter-name>SqlFilter</filter-name> <filter-class>com.liveneo.msplatform.common.filter.SqlFilter</filter-class> </filter> <filter-mapping> <filter-name>SqlFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> 2. HTML表单未进行CSRF防护 3.表单CSRF防护缺失 http://www.javashuo.com/article/p-wkurkowm-x.html 4.点击劫持:无X-Frame-Options头信息 https://blog.csdn.net/ylf20131001/article/details/88550243 5.登录页面密码猜解 推荐当某账户尝试数次错误密码后,则将账户锁定。 |
描述 |
1.XSS注入
web.xml 加入下面过滤器, 加入sql filter <filter> <filter-name>SqlFilter</filter-name> <filter-class>com.liveneo.msplatform.common.filter.SqlFilter</filter-class> </filter> <filter-mapping> <filter-name>SqlFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> 2. HTML表单未进行CSRF防护 3.表单CSRF防护缺失 http://www.javashuo.com/article/p-wkurkowm-x.html 4.点击劫持:无X-Frame-Options头信息 https://blog.csdn.net/ylf20131001/article/details/88550243 5.登录页面密码猜解 推荐当某账户尝试数次错误密码后,则将账户锁定。 |
1.XSS注入
web.xml 加入下面过滤器, 加入sql filter <filter> <filter-name>SqlFilter</filter-name> <filter-class>com.liveneo.msplatform.common.filter.SqlFilter</filter-class> </filter> <filter-mapping> <filter-name>SqlFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> 2. HTML表单未进行CSRF防护 3.表单CSRF防护缺失 http://www.javashuo.com/article/p-wkurkowm-x.html 4.点击劫持:无X-Frame-Options头信息 https://blog.csdn.net/ylf20131001/article/details/88550243 5.登录页面密码猜解 推荐当某账户尝试数次错误密码后,则将账户锁定。 6.脆弱的Javascript库 升级JavaScript库到最新版本。 |
描述 |
1.XSS注入
web.xml 加入下面过滤器, 加入sql filter <filter> <filter-name>SqlFilter</filter-name> <filter-class>com.liveneo.msplatform.common.filter.SqlFilter</filter-class> </filter> <filter-mapping> <filter-name>SqlFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> 2. HTML表单未进行CSRF防护 3.表单CSRF防护缺失 http://www.javashuo.com/article/p-wkurkowm-x.html 4.点击劫持:无X-Frame-Options头信息 https://blog.csdn.net/ylf20131001/article/details/88550243 5.登录页面密码猜解 推荐当某账户尝试数次错误密码后,则将账户锁定。 6.脆弱的Javascript库 升级JavaScript库到最新版本。 |
1.XSS注入
web.xml 加入下面过滤器, 加入sql filter <filter> <filter-name>SqlFilter</filter-name> <filter-class>com.liveneo.msplatform.common.filter.SqlFilter</filter-class> </filter> <filter-mapping> <filter-name>SqlFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> 2. HTML表单未进行CSRF防护 3.表单CSRF防护缺失 http://www.javashuo.com/article/p-wkurkowm-x.html 4.点击劫持:无X-Frame-Options头信息 https://blog.csdn.net/ylf20131001/article/details/88550243 5.登录页面密码猜解 推荐当某账户尝试数次错误密码后,则将账户锁定。 6.脆弱的Javascript库 升级JavaScript库到最新版本。 7.发现应用程序错误信息 ??????/ |
描述 |
1.XSS注入
web.xml 加入下面过滤器, 加入sql filter <filter> <filter-name>SqlFilter</filter-name> <filter-class>com.liveneo.msplatform.common.filter.SqlFilter</filter-class> </filter> <filter-mapping> <filter-name>SqlFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> 2. HTML表单未进行CSRF防护 3.表单CSRF防护缺失 http://www.javashuo.com/article/p-wkurkowm-x.html 4.点击劫持:无X-Frame-Options头信息 https://blog.csdn.net/ylf20131001/article/details/88550243 5.登录页面密码猜解 推荐当某账户尝试数次错误密码后,则将账户锁定。 6.脆弱的Javascript库 升级JavaScript库到最新版本。 7.发现应用程序错误信息 ??????/ |
1.XSS注入
web.xml 加入下面过滤器, 加入sql filter <filter> <filter-name>SqlFilter</filter-name> <filter-class>com.liveneo.msplatform.common.filter.SqlFilter</filter-class> </filter> <filter-mapping> <filter-name>SqlFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> 2. HTML表单未进行CSRF防护 3.表单CSRF防护缺失 https://blog.csdn.net/u010981786/article/details/51012782 4.点击劫持:无X-Frame-Options头信息 https://blog.csdn.net/ylf20131001/article/details/88550243 5.登录页面密码猜解 推荐当某账户尝试数次错误密码后,则将账户锁定。 6.脆弱的Javascript库 升级JavaScript库到最新版本。 7.发现应用程序错误信息 ??????/ |
描述 |
1.XSS注入
web.xml 加入下面过滤器, 加入sql filter <filter> <filter-name>SqlFilter</filter-name> <filter-class>com.liveneo.msplatform.common.filter.SqlFilter</filter-class> </filter> <filter-mapping> <filter-name>SqlFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> 2. HTML表单未进行CSRF防护 3.表单CSRF防护缺失 https://blog.csdn.net/u010981786/article/details/51012782 4.点击劫持:无X-Frame-Options头信息 https://blog.csdn.net/ylf20131001/article/details/88550243 5.登录页面密码猜解 推荐当某账户尝试数次错误密码后,则将账户锁定。 6.脆弱的Javascript库 升级JavaScript库到最新版本。 7.发现应用程序错误信息 ??????/ |
1.XSS注入
web.xml 加入下面过滤器, 加入sql filter <filter> <filter-name>SqlFilter</filter-name> <filter-class>com.liveneo.msplatform.common.filter.SqlFilter</filter-class> </filter> <filter-mapping> <filter-name>SqlFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> 2. HTML表单未进行CSRF防护 3.表单CSRF防护缺失 https://blog.csdn.net/u010981786/article/details/51012782 4.点击劫持:无X-Frame-Options头信息 https://blog.csdn.net/ylf20131001/article/details/88550243 tomcat web.xml 添加下面过滤器 <filter> <filter-name>httpHeaderSecurity</filter-name> <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class> <init-param> <param-name>antiClickJackingEnabled</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>antiClickJackingOption</param-name> <param-value> SAMEORIGIN</param-value> </init-param> <async-supported>true</async-supported> </filter> <filter-mapping> <filter-name>httpHeaderSecurity</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> </filter-mapping> 5.登录页面密码猜解 推荐当某账户尝试数次错误密码后,则将账户锁定。 6.脆弱的Javascript库 升级JavaScript库到最新版本。 7.发现应用程序错误信息 ??????/ |
描述 |
1.XSS注入
web.xml 加入下面过滤器, 加入sql filter <filter> <filter-name>SqlFilter</filter-name> <filter-class>com.liveneo.msplatform.common.filter.SqlFilter</filter-class> </filter> <filter-mapping> <filter-name>SqlFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> 2. HTML表单未进行CSRF防护 3.表单CSRF防护缺失 https://blog.csdn.net/u010981786/article/details/51012782 4.点击劫持:无X-Frame-Options头信息 https://blog.csdn.net/ylf20131001/article/details/88550243 tomcat web.xml 添加下面过滤器 <filter> <filter-name>httpHeaderSecurity</filter-name> <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class> <init-param> <param-name>antiClickJackingEnabled</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>antiClickJackingOption</param-name> <param-value> SAMEORIGIN</param-value> </init-param> <async-supported>true</async-supported> </filter> <filter-mapping> <filter-name>httpHeaderSecurity</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> </filter-mapping> 5.登录页面密码猜解 推荐当某账户尝试数次错误密码后,则将账户锁定。 6.脆弱的Javascript库 升级JavaScript库到最新版本。 7.发现应用程序错误信息 ??????/ |
1.XSS注入
web.xml 加入下面过滤器, 加入sql filter <filter> <filter-name>SqlFilter</filter-name> <filter-class>com.liveneo.msplatform.common.filter.SqlFilter</filter-class> </filter> <filter-mapping> <filter-name>SqlFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> 2. HTML表单未进行CSRF防护 3.表单CSRF防护缺失 https://blog.csdn.net/u010981786/article/details/51012782 4.点击劫持:无X-Frame-Options头信息 https://blog.csdn.net/ylf20131001/article/details/88550243 tomcat web.xml 添加下面过滤器 <filter> <filter-name>httpHeaderSecurity</filter-name> <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class> <init-param> <param-name>antiClickJackingEnabled</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>antiClickJackingOption</param-name> <param-value> SAMEORIGIN</param-value> </init-param> <async-supported>true</async-supported> </filter> <filter-mapping> <filter-name>httpHeaderSecurity</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> </filter-mapping> 5.登录页面密码猜解 推荐当某账户尝试数次错误密码后,则将账户锁定。 6.脆弱的Javascript库 升级JavaScript库到最新版本。 7.发现应用程序错误信息 ?????? |
描述 |
1.XSS注入
web.xml 加入下面过滤器, 加入sql filter <filter> <filter-name>SqlFilter</filter-name> <filter-class>com.liveneo.msplatform.common.filter.SqlFilter</filter-class> </filter> <filter-mapping> <filter-name>SqlFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> 2. HTML表单未进行CSRF防护 3.表单CSRF防护缺失 https://blog.csdn.net/u010981786/article/details/51012782 4.点击劫持:无X-Frame-Options头信息 https://blog.csdn.net/ylf20131001/article/details/88550243 tomcat web.xml 添加下面过滤器 <filter> <filter-name>httpHeaderSecurity</filter-name> <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class> <init-param> <param-name>antiClickJackingEnabled</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>antiClickJackingOption</param-name> <param-value> SAMEORIGIN</param-value> </init-param> <async-supported>true</async-supported> </filter> <filter-mapping> <filter-name>httpHeaderSecurity</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> </filter-mapping> 5.登录页面密码猜解 推荐当某账户尝试数次错误密码后,则将账户锁定。 6.脆弱的Javascript库 升级JavaScript库到最新版本。 7.发现应用程序错误信息 ?????? |
1.XSS注入
web.xml 加入下面过滤器, 加入sql filter <filter> <filter-name>SqlFilter</filter-name> <filter-class>com.liveneo.msplatform.common.filter.SqlFilter</filter-class> </filter> <filter-mapping> <filter-name>SqlFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> 2. HTML表单未进行CSRF防护 3.表单CSRF防护缺失 https://blog.csdn.net/u010981786/article/details/51012782 4.点击劫持:无X-Frame-Options头信息 https://blog.csdn.net/ylf20131001/article/details/88550243 tomcat web.xml 添加下面过滤器 <filter> <filter-name>httpHeaderSecurity</filter-name> <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class> <init-param> <param-name>antiClickJackingEnabled</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>antiClickJackingOption</param-name> <param-value> SAMEORIGIN</param-value> </init-param> <async-supported>true</async-supported> </filter> <filter-mapping> <filter-name>httpHeaderSecurity</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> </filter-mapping> 5.登录页面密码猜解 推荐当某账户尝试数次错误密码后,则将账户锁定。 6.脆弱的Javascript库 升级JavaScript库到最新版本。 7.发现应用程序错误信息 删除或升级插件版本 |
issue.field.resolutiondate | 2021-05-06 09:40:11.0 | 2021-05-06 09:40:10.997 |
预估剩余时间 | 0 minutes [ 0 ] | |
已耗费时间 | 1 minute [ 60 ] | |
工作日志 Id | 11907 [ 11907 ] |
状态 | Open [ 1 ] | Closed [ 6 ] |
解决结果 | Fixed [ 1 ] |