一、 漏洞描述

1. 檢測(cè)到目標(biāo)URL存在SQL注入漏洞

很多WEB應(yīng)用中都存在SQL注入漏洞。SQL注入是一種攻擊者利用代碼缺陷進(jìn)行攻擊的方式，可在任何能夠影響數(shù)據(jù)庫查詢的應(yīng)用程序參數(shù)中利用。例如url本身的參數(shù)、post數(shù)據(jù)或cookie值。

2.檢測(cè)到目標(biāo)URL存在跨站漏洞

跨站腳本攻擊（也稱為XSS）指利用網(wǎng)站漏洞從用戶那里惡意盜取信息。用戶在瀏覽網(wǎng)站、使用即時(shí)通訊軟件、甚至在閱讀電子郵件時(shí)，通常會(huì)點(diǎn)擊其中的鏈接。攻擊者通過在鏈接中插入惡意代碼，就能夠盜取用戶信息或在終端用戶系統(tǒng)上執(zhí)行惡意代碼。

3.檢測(cè)到目標(biāo)URL存在框架注入漏洞

攻擊者有可能注入含有惡意內(nèi)容的 frame 或 iframe 標(biāo)記。如果用戶不夠謹(jǐn)慎，就有可能瀏覽該標(biāo)記，卻意識(shí)不到自己會(huì)離開原始站點(diǎn)而進(jìn)入惡意的站點(diǎn)。之后，攻擊者便可以誘導(dǎo)用戶再次登錄，然后獲取其登錄憑證。

4.檢測(cè)到目標(biāo)URL存在鏈接注入漏洞

“鏈接注入”是修改站點(diǎn)內(nèi)容的行為，其方式為將外部站點(diǎn)的 URL 嵌入其中，或?qū)⒂幸资芄舻恼军c(diǎn)中的腳本 的 URL 嵌入其中。將 URL 嵌入易受攻擊的站點(diǎn)中，攻擊者便能夠以它為平臺(tái)來啟動(dòng)對(duì)其他站點(diǎn)的攻擊，以及攻擊這個(gè)易受攻擊的站點(diǎn)本身。

二、 漏洞描述

1. URL過濾器SessionFilter.java

package cn.sh.steven.filter;import org.apache.commons.lang.StringUtils; import org.apache.log4j.Logger;import javax.servlet.*; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.*; import java.util.ArrayList; import java.util.Iterator; import java.util.Map;public class SessionFilter implements Filter {private static Logger log = Logger.getLogger(SessionFilter.class);public void destroy() { } public void doFilter(ServletRequest servletRequest,ServletResponse servletResponse, FilterChain filterChain)throws IOException, ServletException {HttpServletRequest request = (HttpServletRequest) servletRequest;HttpServletResponse response = (HttpServletResponse) servletResponse;String requestStr = getRequestString(request); System.out.println("requestStr： ======================== " + requestStr); System.out.println("完整的地址是====" + request.getRequestURL().toString()); System.out.println("提交的方式是========" + request.getMethod()); log.info("requestStr： ======================== " + requestStr); log.info("完整的地址是====" + request.getRequestURL().toString()); log.info("提交的方式是========" + request.getMethod()); if ("bingo".equals(guolv2(requestStr)) || "bingo".equals(guolv2(request.getRequestURL().toString()))) {System.out.println("======訪問地址發(fā)現(xiàn)非法字符，已攔截======"); log.info("======訪問地址發(fā)現(xiàn)非法字符，已攔截======其非法地址為："+guolv2(request.getRequestURL().toString()));response.setStatus(403);//response.sendRedirect(request.getContextPath() + "/login.jsp");return; } // 主機(jī)ip和端口 或 域名和端口 String myhosts = request.getHeader("host");String path=request.getSession().getServletContext().getRealPath("/WEB-INF/classes/csrfWhite.txt") ;ArrayList<String> hosts = readFromTextFile(path);if(!hosts.contains(myhosts)){System.out.println("======訪問host非法，已攔截======其非法host為:"+myhosts);log.info("======訪問host非法，已攔截======其非法host為:"+myhosts);response.setStatus(403);return;}String currentURL = request.getRequestURI(); // add by wangsk 過濾請(qǐng)求特殊字符，掃描跨站式漏洞 Map parameters = request.getParameterMap(); if (parameters != null && parameters.size() > 0) { for (Iterator iter = parameters.keySet().iterator(); iter.hasNext();) { String key = (String) iter.next(); String[] values = (String[]) parameters.get(key); for (int i = 0; i < values.length; i++) { values[i] = guolv(values[i]); System.out.println(values[i]); } } } filterChain.doFilter(servletRequest, servletResponse);return;} public void init(FilterConfig filterConfig) throws ServletException {} public static String guolv(String a) { a = a.replaceAll("%22", ""); a = a.replaceAll("%27", ""); a = a.replaceAll("%3E", ""); a = a.replaceAll("%3e", ""); a = a.replaceAll("%3C", ""); a = a.replaceAll("%3c", ""); a = a.replaceAll("<", ""); a = a.replaceAll(">", ""); a = a.replaceAll("\"", ""); a = a.replaceAll("'", ""); a = a.replaceAll("\\+", ""); a = a.replaceAll("\\(", ""); a = a.replaceAll("\\)", ""); a = a.replaceAll(" and ", ""); a = a.replaceAll(" or ", ""); a = a.replaceAll(" 1=1 ", ""); return a; } private String getRequestString(HttpServletRequest req) {String requestPath = req.getServletPath().toString(); String queryString = req.getQueryString(); if (queryString != null) return requestPath + "?" + queryString; else return requestPath; } public String guolv2(String a) { if (StringUtils.isNotEmpty(a)) {if (a.contains("%22") || a.contains("%3E") || a.contains("%3e") || a.contains("%3C") || a.contains("%3c") || a.contains("<") || a.contains(">") || a.contains("\"") || a.contains("'") || a.contains("+") ||a.contains(" and ") || a.contains(" or ") || a.contains("1=1") || a.contains("(") || a.contains(")")) { return "bingo"; } } return a; }public static ArrayList<String> readFromTextFile(String pathname) throws IOException{ArrayList<String> strArray = new ArrayList<String>();File filename = new File(pathname);InputStreamReader reader = new InputStreamReader(new FileInputStream(filename));BufferedReader br = new BufferedReader(reader);String line = "";line = br.readLine();while(line != null) {strArray.add(line);line = br.readLine();}return strArray;}}

2. URL過濾器CookieHttpOnlyFilter.java

package cn.sh.steven.filter;import javax.servlet.*; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import java.io.IOException;/*** 功能描述:* <p>* 1.Cookie 設(shè)置 httpOnly屬性 Cookie * 2.設(shè)置 httpOnly屬性防止js讀取cookie* </p>** @author steven*/ public class CookieHttpOnlyFilter implements Filter {public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)throws IOException, ServletException {if (!(request instanceof HttpServletRequest)) {chain.doFilter(request, response);return;}HttpServletRequest httpReq = (HttpServletRequest) request;HttpServletResponse httpResp = (HttpServletResponse) response;Cookie[] cookies = httpReq.getCookies();if (cookies != null) {Cookie cookie = cookies[0];if (cookie != null) {HttpSession session = httpReq.getSession();if (session != null) {String sessionId = session.getId();// http設(shè)置httpResp.addHeader("Set-Cookie", "JSESSIONID=" + sessionId + "; Path=/fis; HttpOnly");httpResp.addHeader("x-frame-options","SAMEORIGIN");// https設(shè)置 // httpResp.addHeader("Set-Cookie", "JSESSIONID=" + sessionId // + "; Path=/admin;Secure; HttpOnly");}}}chain.doFilter(httpReq, httpResp);}public void destroy() {}public void init(FilterConfig filterConfig) throws ServletException {}}

2. URL過濾器web.xml

<filter><filter-name>XssSqlFilter</filter-name><filter-class>cn.sh.steven.filter.SessionFilter</filter-class></filter><filter-mapping><filter-name>XssSqlFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping><filter><filter-name> CookieHttpOnly</filter-name><filter-class>cn.sh.steven.filter.CookieHttpOnlyFilter</filter-class></filter><filter-mapping><filter-name> CookieHttpOnly</filter-name><url-pattern>/*</url-pattern></filter-mapping> 與50位技術(shù)專家面對(duì)面20年技術(shù)見證，附贈(zèng)技術(shù)全景圖

總結(jié)

以上是生活随笔為你收集整理的Java 过滤器解决URLSQL注入漏洞、跨站漏洞、框架注入漏洞、链接注入漏洞的全部?jī)?nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。