├── LICENSE
├── README.md
├── VulnWeb.sql
├── VulnWeb.war
└── VulnWeb
├── .classpath
├── .project
├── .settings
├── .jsdtscope
├── org.eclipse.core.resources.prefs
├── org.eclipse.jdt.core.prefs
├── org.eclipse.wst.common.component
├── org.eclipse.wst.common.project.facet.core.xml
├── org.eclipse.wst.jsdt.ui.superType.container
└── org.eclipse.wst.jsdt.ui.superType.name
├── WebContent
├── 404.html
├── META-INF
│ └── MANIFEST.MF
├── WEB-INF
│ ├── haha.txt
│ ├── haha
│ │ ├── haha.txt
│ │ └── web.xml
│ ├── jsp
│ │ ├── login.jsp
│ │ └── register.jsp
│ ├── lib
│ │ ├── commons-beanutils-1.9.3.jar
│ │ ├── commons-dbcp2-2.1.1.jar
│ │ ├── commons-dbutils-1.7.jar
│ │ ├── commons-fileupload-1.3.3.jar
│ │ ├── commons-io-2.6.jar
│ │ ├── commons-logging-1.2.jar
│ │ ├── commons-pool2-2.4.3.jar
│ │ ├── jstl.jar
│ │ ├── mysql-connector-java-5.1.17.jar
│ │ └── standard.jar
│ └── web.xml
├── cmd.jsp
├── downloadfile.jsp
├── index.jsp
├── message.jsp
├── show.jsp
├── uploadfile.jsp
└── xss.jsp
├── Words
└── com
│ └── eveino
│ └── words
│ ├── auditWords.txt
│ ├── bandWords.txt
│ └── remainWords.txt
└── src
├── com
└── eveino
│ ├── dao
│ ├── UserDao.java
│ └── impl
│ │ └── UserDaoImpl.java
│ ├── entity
│ └── User.java
│ ├── exception
│ └── UserExistEception.java
│ ├── service
│ ├── BusinessServer.java
│ └── impl
│ │ └── BusinessServerImpl.java
│ ├── utils
│ ├── HtmlEncode.java
│ ├── JdbcUtils.java
│ ├── WebUtils.java
│ └── XssDefend.java
│ └── web
│ ├── UI
│ ├── LoginServletUI.java
│ └── RegisterServletUI.java
│ ├── controller
│ ├── CmdServlet.java
│ ├── DownloadServlet.java
│ ├── LoginServlet.java
│ ├── RegisterServlet.java
│ ├── UploadServlet.java
│ └── XSSServlet.java
│ ├── filter
│ ├── CharacterEncodingFilter.java
│ ├── HtmlFilter.java
│ ├── WordsFilter.java
│ └── XssFilter.java
│ └── wrapper
│ ├── EncodingRequest.java
│ ├── HtmlEncodeRequest.java
│ └── XssDefendRequest.java
├── dbcp.properties
└── junit
└── test
├── UserDaoTest.java
└── UserTest.java
/LICENSE:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Copyright (c) 2018 小王子
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # VulnWeb
2 | 用于演示Java Web项目中,漏洞的成因及修复方案,可用于黑盒测试和白盒测试,部分修复方案可用于生产环境。
3 |
4 | 更多:[VulnWeb又一个漏洞演示平台](http://eveino.com/180.html)
--------------------------------------------------------------------------------
/VulnWeb.sql:
--------------------------------------------------------------------------------
1 | -- MySQL dump 10.13 Distrib 5.7.21, for Linux (x86_64)
2 | --
3 | -- Host: localhost Database: VulnWeb
4 | -- ------------------------------------------------------
5 | -- Server version 5.7.21-0ubuntu0.16.04.1
6 |
7 | /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
8 | /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
9 | /*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
10 | /*!40101 SET NAMES utf8 */;
11 | /*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */;
12 | /*!40103 SET TIME_ZONE='+00:00' */;
13 | /*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;
14 | /*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
15 | /*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;
16 | /*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;
17 |
18 | --
19 | -- Table structure for table `user`
20 | --
21 |
22 | DROP TABLE IF EXISTS `user`;
23 | /*!40101 SET @saved_cs_client = @@character_set_client */;
24 | /*!40101 SET character_set_client = utf8 */;
25 | CREATE TABLE `user` (
26 | `id` int(16) NOT NULL,
27 | `username` varchar(16) DEFAULT NULL,
28 | `password` varchar(16) DEFAULT NULL,
29 | PRIMARY KEY (`id`)
30 | ) ENGINE=InnoDB DEFAULT CHARSET=latin1;
31 | /*!40101 SET character_set_client = @saved_cs_client */;
32 |
33 | --
34 | -- Dumping data for table `user`
35 | --
36 |
37 | LOCK TABLES `user` WRITE;
38 | /*!40000 ALTER TABLE `user` DISABLE KEYS */;
39 | INSERT INTO `user` VALUES (240480823,'aaa','aaa');
40 | /*!40000 ALTER TABLE `user` ENABLE KEYS */;
41 | UNLOCK TABLES;
42 | /*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;
43 |
44 | /*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
45 | /*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;
46 | /*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */;
47 | /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
48 | /*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
49 | /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
50 | /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
51 |
52 | -- Dump completed on 2018-04-20 21:12:30
53 |
--------------------------------------------------------------------------------
/VulnWeb.war:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mtxiaowangzi/Java-EE-VulnWeb/5ab70032da68e02fdcb1d76aaa3e5ee5530344aa/VulnWeb.war
--------------------------------------------------------------------------------
/VulnWeb/.classpath:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
--------------------------------------------------------------------------------
/VulnWeb/.project:
--------------------------------------------------------------------------------
1 |
2 |
3 | VulnWeb
4 |
5 |
6 |
7 |
8 |
9 | org.eclipse.wst.jsdt.core.javascriptValidator
10 |
11 |
12 |
13 |
14 | org.eclipse.jdt.core.javabuilder
15 |
16 |
17 |
18 |
19 | org.eclipse.wst.common.project.facet.core.builder
20 |
21 |
22 |
23 |
24 | org.eclipse.wst.validation.validationbuilder
25 |
26 |
27 |
28 |
29 |
30 | org.eclipse.jem.workbench.JavaEMFNature
31 | org.eclipse.wst.common.modulecore.ModuleCoreNature
32 | org.eclipse.wst.common.project.facet.core.nature
33 | org.eclipse.jdt.core.javanature
34 | org.eclipse.wst.jsdt.core.jsNature
35 |
36 |
37 |
--------------------------------------------------------------------------------
/VulnWeb/.settings/.jsdtscope:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/VulnWeb/.settings/org.eclipse.core.resources.prefs:
--------------------------------------------------------------------------------
1 | eclipse.preferences.version=1
2 | encoding//WebContent/WEB-INF/jsp/register.jsp=UTF-8
3 | encoding//WebContent/downloadfile.jsp=UTF-8
4 | encoding//src/com/eveino/web/controller/DownloadServlet.java=UTF-8
5 |
--------------------------------------------------------------------------------
/VulnWeb/.settings/org.eclipse.jdt.core.prefs:
--------------------------------------------------------------------------------
1 | eclipse.preferences.version=1
2 | org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
3 | org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.8
4 | org.eclipse.jdt.core.compiler.compliance=1.8
5 | org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
6 | org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
7 | org.eclipse.jdt.core.compiler.source=1.8
8 |
--------------------------------------------------------------------------------
/VulnWeb/.settings/org.eclipse.wst.common.component:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/VulnWeb/.settings/org.eclipse.wst.common.project.facet.core.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/VulnWeb/.settings/org.eclipse.wst.jsdt.ui.superType.container:
--------------------------------------------------------------------------------
1 | org.eclipse.wst.jsdt.launching.baseBrowserLibrary
--------------------------------------------------------------------------------
/VulnWeb/.settings/org.eclipse.wst.jsdt.ui.superType.name:
--------------------------------------------------------------------------------
1 | Window
--------------------------------------------------------------------------------
/VulnWeb/WebContent/404.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | 404
6 |
7 |
8 | 404...
9 |
10 |
--------------------------------------------------------------------------------
/VulnWeb/WebContent/META-INF/MANIFEST.MF:
--------------------------------------------------------------------------------
1 | Manifest-Version: 1.0
2 | Class-Path:
3 |
4 |
--------------------------------------------------------------------------------
/VulnWeb/WebContent/WEB-INF/haha.txt:
--------------------------------------------------------------------------------
1 | hahah
--------------------------------------------------------------------------------
/VulnWeb/WebContent/WEB-INF/haha/haha.txt:
--------------------------------------------------------------------------------
1 | haha
--------------------------------------------------------------------------------
/VulnWeb/WebContent/WEB-INF/haha/web.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | VulTest
4 |
5 | index.html
6 | index.htm
7 | index.jsp
8 | default.html
9 | default.htm
10 | default.jsp
11 |
12 |
--------------------------------------------------------------------------------
/VulnWeb/WebContent/WEB-INF/jsp/login.jsp:
--------------------------------------------------------------------------------
1 | <%@ page language="java" contentType="text/html; charset=UTF-8"
2 | pageEncoding="UTF-8"%>
3 |
4 |
5 |
6 |
7 | 登录
8 |
9 |
10 | 登录
11 |
12 |
18 |
19 |
--------------------------------------------------------------------------------
/VulnWeb/WebContent/WEB-INF/jsp/register.jsp:
--------------------------------------------------------------------------------
1 | <%@page language="java" contentType="text/html; charset=UTF-8"
2 | pageEncoding="UTF-8" %>
3 |
4 |
5 |
6 |
7 | 注册
8 |
9 |
10 | 注册
11 |
12 |
18 |
19 |
--------------------------------------------------------------------------------
/VulnWeb/WebContent/WEB-INF/lib/commons-beanutils-1.9.3.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mtxiaowangzi/Java-EE-VulnWeb/5ab70032da68e02fdcb1d76aaa3e5ee5530344aa/VulnWeb/WebContent/WEB-INF/lib/commons-beanutils-1.9.3.jar
--------------------------------------------------------------------------------
/VulnWeb/WebContent/WEB-INF/lib/commons-dbcp2-2.1.1.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mtxiaowangzi/Java-EE-VulnWeb/5ab70032da68e02fdcb1d76aaa3e5ee5530344aa/VulnWeb/WebContent/WEB-INF/lib/commons-dbcp2-2.1.1.jar
--------------------------------------------------------------------------------
/VulnWeb/WebContent/WEB-INF/lib/commons-dbutils-1.7.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mtxiaowangzi/Java-EE-VulnWeb/5ab70032da68e02fdcb1d76aaa3e5ee5530344aa/VulnWeb/WebContent/WEB-INF/lib/commons-dbutils-1.7.jar
--------------------------------------------------------------------------------
/VulnWeb/WebContent/WEB-INF/lib/commons-fileupload-1.3.3.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mtxiaowangzi/Java-EE-VulnWeb/5ab70032da68e02fdcb1d76aaa3e5ee5530344aa/VulnWeb/WebContent/WEB-INF/lib/commons-fileupload-1.3.3.jar
--------------------------------------------------------------------------------
/VulnWeb/WebContent/WEB-INF/lib/commons-io-2.6.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mtxiaowangzi/Java-EE-VulnWeb/5ab70032da68e02fdcb1d76aaa3e5ee5530344aa/VulnWeb/WebContent/WEB-INF/lib/commons-io-2.6.jar
--------------------------------------------------------------------------------
/VulnWeb/WebContent/WEB-INF/lib/commons-logging-1.2.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mtxiaowangzi/Java-EE-VulnWeb/5ab70032da68e02fdcb1d76aaa3e5ee5530344aa/VulnWeb/WebContent/WEB-INF/lib/commons-logging-1.2.jar
--------------------------------------------------------------------------------
/VulnWeb/WebContent/WEB-INF/lib/commons-pool2-2.4.3.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mtxiaowangzi/Java-EE-VulnWeb/5ab70032da68e02fdcb1d76aaa3e5ee5530344aa/VulnWeb/WebContent/WEB-INF/lib/commons-pool2-2.4.3.jar
--------------------------------------------------------------------------------
/VulnWeb/WebContent/WEB-INF/lib/jstl.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mtxiaowangzi/Java-EE-VulnWeb/5ab70032da68e02fdcb1d76aaa3e5ee5530344aa/VulnWeb/WebContent/WEB-INF/lib/jstl.jar
--------------------------------------------------------------------------------
/VulnWeb/WebContent/WEB-INF/lib/mysql-connector-java-5.1.17.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mtxiaowangzi/Java-EE-VulnWeb/5ab70032da68e02fdcb1d76aaa3e5ee5530344aa/VulnWeb/WebContent/WEB-INF/lib/mysql-connector-java-5.1.17.jar
--------------------------------------------------------------------------------
/VulnWeb/WebContent/WEB-INF/lib/standard.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mtxiaowangzi/Java-EE-VulnWeb/5ab70032da68e02fdcb1d76aaa3e5ee5530344aa/VulnWeb/WebContent/WEB-INF/lib/standard.jar
--------------------------------------------------------------------------------
/VulnWeb/WebContent/WEB-INF/web.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | VulnWeb
4 |
5 | index.html
6 | index.htm
7 | index.jsp
8 | default.html
9 | default.htm
10 | default.jsp
11 |
12 |
13 | 404
14 | /404.html
15 |
16 |
17 | CharacterEncodingFilter
18 | com.eveino.web.filter.CharacterEncodingFilter
19 |
20 | charset
21 | UTF-8
22 |
23 |
24 |
25 | CharacterEncodingFilter
26 | /*
27 |
28 |
36 |
37 | WordsFilter
38 | com.eveino.web.filter.WordsFilter
39 |
40 |
41 | WordsFilter
42 | /*
43 |
44 |
45 | XssFilter
46 | com.eveino.web.filter.XssFilter
47 |
48 |
49 | XssFilter
50 | /*
51 |
52 |
53 |
54 | XSSServlet
55 | XSSServlet
56 | com.eveino.web.controller.XSSServlet
57 |
58 |
59 | XSSServlet
60 | /XSSServlet
61 |
62 |
63 |
64 | LoginServletUI
65 | LoginServletUI
66 | com.eveino.web.UI.LoginServletUI
67 |
68 |
69 | LoginServletUI
70 | /LoginServletUI
71 |
72 |
73 |
74 | RegisterServlet
75 | RegisterServlet
76 | com.eveino.web.controller.RegisterServlet
77 |
78 |
79 | RegisterServlet
80 | /RegisterServlet
81 |
82 |
83 |
84 | RegisterServletUI
85 | RegisterServletUI
86 | com.eveino.web.UI.RegisterServletUI
87 |
88 |
89 | RegisterServletUI
90 | /RegisterServletUI
91 |
92 |
93 |
94 | LoginServlet
95 | LoginServlet
96 | com.eveino.web.controller.LoginServlet
97 |
98 |
99 | LoginServlet
100 | /LoginServlet
101 |
102 |
103 |
104 | uploadFileTest
105 | uploadFileTest
106 | com.eveino.test.uploadFileTest
107 |
108 |
109 | uploadFileTest
110 | /uploadFileTest
111 |
112 |
113 |
114 | DownloadServlet
115 | DownloadServlet
116 | com.eveino.web.controller.DownloadServlet
117 |
118 |
119 | DownloadServlet
120 | /DownloadServlet
121 |
122 |
123 |
124 | CmdServlet
125 | CmdServlet
126 | com.eveino.web.controller.CmdServlet
127 |
128 |
129 | CmdServlet
130 | /CmdServlet
131 |
132 |
133 |
134 | UploadServlet
135 | UploadServlet
136 | com.eveino.web.controller.UploadServlet
137 |
138 |
139 | UploadServlet
140 | /UploadServlet
141 |
142 |
--------------------------------------------------------------------------------
/VulnWeb/WebContent/cmd.jsp:
--------------------------------------------------------------------------------
1 | <%@ page language="java" contentType="text/html; charset=UTF-8"
2 | pageEncoding="UTF-8"%>
3 |
4 |
5 |
6 |
7 | CMD Demo
8 |
9 |
10 |
11 |
15 |
16 |
--------------------------------------------------------------------------------
/VulnWeb/WebContent/downloadfile.jsp:
--------------------------------------------------------------------------------
1 | <%@ page language="java" contentType="text/html; charset=UTF-8"
2 | pageEncoding="UTF-8"%>
3 |
4 |
5 |
6 |
7 | Download file Demo
8 |
9 |
10 |
11 |
15 |
16 |
--------------------------------------------------------------------------------
/VulnWeb/WebContent/index.jsp:
--------------------------------------------------------------------------------
1 | <%@ page language="java" contentType="text/html; charset=UTF-8"
2 | pageEncoding="UTF-8"%>
3 |
4 |
5 |
6 |
7 | VulnWeb
8 |
9 |
10 |
11 |
21 |
22 |
--------------------------------------------------------------------------------
/VulnWeb/WebContent/message.jsp:
--------------------------------------------------------------------------------
1 | <%@ page language="java" contentType="text/html; charset=UTF-8"
2 | pageEncoding="UTF-8"%>
3 | <%@taglib uri="http://java.sun.com/jstl/core_rt" prefix="c" %>
4 |
5 |
6 |
7 |
8 | 全局消息
9 |
10 |
11 | ${message}
12 |
13 | hello idol :
14 | ${user.username}
15 |
16 |
--------------------------------------------------------------------------------
/VulnWeb/WebContent/show.jsp:
--------------------------------------------------------------------------------
1 | <%@ page language="java" contentType="text/html; charset=UTF-8"
2 | pageEncoding="UTF-8"%>
3 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
4 |
5 |
6 |
7 |
8 |
9 |
16 | show1
17 |
18 |
19 |
20 |
21 |
22 | <%-- |
23 | | --%>
24 |
25 | ${entry.key} |
26 | ${entry.value} |
27 |
28 |
29 |
30 |
31 |
--------------------------------------------------------------------------------
/VulnWeb/WebContent/uploadfile.jsp:
--------------------------------------------------------------------------------
1 | <%@ page language="java" contentType="text/html; charset=UTF-8"
2 | pageEncoding="UTF-8"%>
3 |
4 |
5 |
6 |
7 | File Upload Demo
8 |
9 |
10 |
15 |
16 |
--------------------------------------------------------------------------------
/VulnWeb/WebContent/xss.jsp:
--------------------------------------------------------------------------------
1 | <%@ page language="java" contentType="text/html; charset=UTF-8"
2 | pageEncoding="UTF-8"%>
3 |
4 |
5 |
6 |
7 | XSS Demo
8 |
9 |
10 |
16 |
17 |
--------------------------------------------------------------------------------
/VulnWeb/Words/com/eveino/words/auditWords.txt:
--------------------------------------------------------------------------------
1 | 傻逼|3
2 | 都比|3
--------------------------------------------------------------------------------
/VulnWeb/Words/com/eveino/words/bandWords.txt:
--------------------------------------------------------------------------------
1 | 哈哈|1
2 | aa|1
3 | bb|1
--------------------------------------------------------------------------------
/VulnWeb/Words/com/eveino/words/remainWords.txt:
--------------------------------------------------------------------------------
1 | 兔子|2
2 | xss|2
--------------------------------------------------------------------------------
/VulnWeb/src/com/eveino/dao/UserDao.java:
--------------------------------------------------------------------------------
1 | package com.eveino.dao;
2 |
3 | import java.sql.SQLException;
4 | import java.util.List;
5 |
6 | import com.eveino.entity.User;
7 |
8 | public interface UserDao {
9 |
10 | void addUser(User user) throws SQLException;
11 |
12 | void deleteUser(String id) throws SQLException;
13 |
14 | List getAll() throws SQLException;
15 |
16 | User findUser(String username) throws SQLException;
17 |
18 | User findUser(String username, String password) throws SQLException;
19 |
20 | void updateUser(User user) throws SQLException;
21 |
22 | }
--------------------------------------------------------------------------------
/VulnWeb/src/com/eveino/dao/impl/UserDaoImpl.java:
--------------------------------------------------------------------------------
1 | package com.eveino.dao.impl;
2 |
3 | import java.sql.Connection;
4 | import java.sql.ResultSet;
5 | import java.sql.SQLException;
6 | import java.sql.Statement;
7 | import java.util.List;
8 |
9 | import org.apache.commons.dbutils.QueryRunner;
10 | import org.apache.commons.dbutils.handlers.BeanHandler;
11 | import org.apache.commons.dbutils.handlers.BeanListHandler;
12 |
13 | import com.eveino.dao.UserDao;
14 | import com.eveino.entity.User;
15 | import com.eveino.utils.JdbcUtils;
16 |
17 | public class UserDaoImpl implements UserDao {
18 | private QueryRunner qr = new QueryRunner(JdbcUtils.getDataSource());
19 |
20 | /*
21 | * (non-Javadoc)
22 | *
23 | * @see com.eveino.dao.UserDao#addUser(com.eveino.entity.User)
24 | */
25 | @Override
26 | public void addUser(User user) throws SQLException {
27 | String sql = "insert into user(id,username,password) values(?,?,?)";
28 | Object[] params = { user.getId(), user.getUsername(), user.getPassword() };
29 | qr.update(sql, params);
30 | }
31 |
32 | /*
33 | * (non-Javadoc)
34 | *
35 | * @see com.eveino.dao.UserDao#deleteUser(java.lang.String)
36 | */
37 | @Override
38 | public void deleteUser(String id) throws SQLException {
39 | String sql = "delete from user where id=?";
40 | Object[] params = { id };
41 | qr.update(sql, params);
42 | }
43 |
44 | /*
45 | * (non-Javadoc)
46 | *
47 | * @see com.eveino.dao.UserDao#editUser(com.eveino.entity.User)
48 | */
49 | @Override
50 | public void updateUser(User user) throws SQLException {
51 | String sql = "update user set username=?,password=? where id=?";
52 | Object[] params = { user.getUsername(), user.getPassword(), user.getId() };
53 | qr.update(sql, params);
54 | }
55 |
56 | /*
57 | * (non-Javadoc)
58 | *
59 | * @see com.eveino.dao.UserDao#findUser(int)
60 | */
61 | /* @Override
62 | public User findUser(String username) throws SQLException {
63 | String sql = "select id,username,password from user where username=?";
64 | Object[] params = { username };
65 | User user = qr.query(sql, new BeanHandler(User.class), params);
66 | return user;
67 | }*/
68 |
69 | //sqli vul Demo
70 | @Override
71 | public User findUser(String username) throws SQLException {
72 | Connection conn = JdbcUtils.getConnection();
73 | String sql = "select id,username,password from user where username="+"'"+username+"'";
74 | Statement st = conn.createStatement();
75 | ResultSet rs= st.executeQuery(sql);
76 | if(rs.next()){
77 | User user = new User();
78 | user.setId(rs.getInt("id"));
79 | user.setPassword(rs.getString("password"));
80 | user.setUsername(rs.getString("username"));
81 | return user;
82 | }
83 | conn.close();
84 | return null;
85 | }
86 |
87 | @Override
88 | public User findUser(String username, String password) throws SQLException {
89 | String sql = "select id,username,password from user where username=? and password =?";
90 | Object[] params = { username, password };
91 | User user = qr.query(sql, new BeanHandler(User.class), params);
92 | return user;
93 | }
94 |
95 | /*
96 | * (non-Javadoc)
97 | *
98 | * @see com.eveino.dao.UserDao#getAll()
99 | */
100 | @Override
101 | public List getAll() throws SQLException {
102 | String sql = "select id,username,password from user";
103 | List list = qr.query(sql, new BeanListHandler(User.class));
104 | return list;
105 | }
106 |
107 | }
108 |
--------------------------------------------------------------------------------
/VulnWeb/src/com/eveino/entity/User.java:
--------------------------------------------------------------------------------
1 | package com.eveino.entity;
2 |
3 | public class User {
4 | private int id;
5 | private String username;
6 | private String password;
7 |
8 | public int getId() {
9 | return id;
10 | }
11 |
12 | public void setId(int id) {
13 | this.id = id;
14 | }
15 |
16 | public String getUsername() {
17 | return username;
18 | }
19 |
20 | public void setUsername(String username) {
21 | this.username = username;
22 | }
23 |
24 | public String getPassword() {
25 | return password;
26 | }
27 |
28 | public void setPassword(String password) {
29 | this.password = password;
30 | }
31 |
32 | }
33 |
--------------------------------------------------------------------------------
/VulnWeb/src/com/eveino/exception/UserExistEception.java:
--------------------------------------------------------------------------------
1 | package com.eveino.exception;
2 |
3 | public class UserExistEception extends Exception {
4 |
5 | public UserExistEception(String string) {
6 | // TODO Auto-generated constructor stub
7 | }
8 |
9 | /**
10 | *
11 | */
12 | private static final long serialVersionUID = 1L;
13 |
14 | }
15 |
--------------------------------------------------------------------------------
/VulnWeb/src/com/eveino/service/BusinessServer.java:
--------------------------------------------------------------------------------
1 | package com.eveino.service;
2 |
3 | import java.sql.SQLException;
4 |
5 | import com.eveino.entity.User;
6 | import com.eveino.exception.UserExistEception;
7 |
8 | public interface BusinessServer {
9 |
10 | void registerUser(User user) throws SQLException, UserExistEception;
11 |
12 | User loginUser(String username, String password) throws SQLException;
13 |
14 | void deleteUser();
15 |
16 | void updateUser();
17 |
18 | }
--------------------------------------------------------------------------------
/VulnWeb/src/com/eveino/service/impl/BusinessServerImpl.java:
--------------------------------------------------------------------------------
1 | package com.eveino.service.impl;
2 |
3 | import java.sql.SQLException;
4 |
5 |
6 | import com.eveino.dao.UserDao;
7 | import com.eveino.dao.impl.UserDaoImpl;
8 | import com.eveino.entity.User;
9 | import com.eveino.exception.UserExistEception;
10 | import com.eveino.service.BusinessServer;
11 |
12 | public class BusinessServerImpl implements BusinessServer {
13 | private UserDao dao = new UserDaoImpl();
14 |
15 | /*
16 | * (non-Javadoc)
17 | *
18 | * @see
19 | * com.eveino.service.BusinessServerImpl#registerUser(com.eveino.entity.
20 | * User)
21 | */
22 | @Override
23 | public void registerUser(User user) throws SQLException, UserExistEception {
24 | if (dao.findUser(user.getUsername()) != null) {
25 | throw new UserExistEception("用户已存在");
26 | }
27 | dao.addUser(user);
28 | }
29 |
30 | /*
31 | * (non-Javadoc)
32 | *
33 | * @see com.eveino.service.BusinessServerImpl#loginUser(java.lang.String,
34 | * java.lang.String)
35 | */
36 | @Override
37 | public User loginUser(String username, String password) throws SQLException {
38 | return dao.findUser(username, password);
39 | }
40 |
41 | /*
42 | * (non-Javadoc)
43 | *
44 | * @see com.eveino.service.BusinessServerImpl#deleteUser()
45 | */
46 | @Override
47 | public void deleteUser() {
48 | // TODO
49 | }
50 |
51 | /*
52 | * (non-Javadoc)
53 | *
54 | * @see com.eveino.service.BusinessServerImpl#updateUser()
55 | */
56 | @Override
57 | public void updateUser() {
58 | // TODO
59 | }
60 | }
61 |
--------------------------------------------------------------------------------
/VulnWeb/src/com/eveino/utils/HtmlEncode.java:
--------------------------------------------------------------------------------
1 | package com.eveino.utils;
2 |
3 | public class HtmlEncode {
4 | public static String htmlFilter(String value) {
5 | if (value == null)
6 | return null;
7 | char[] content = new char[value.length()];
8 | value.getChars(0, value.length(), content, 0);
9 | StringBuilder result = new StringBuilder(content.length + 50);
10 | for (int i = 0; i < content.length; i++) {
11 | switch (content[i]) {
12 | case '<':
13 | result.append("<");
14 | break;
15 | case '>':
16 | result.append(">");
17 | break;
18 | case '&':
19 | result.append("&");
20 | break;
21 | case '"':
22 | result.append(""");
23 | break;
24 | case '/':
25 | result.append("/");
26 | break;
27 | default:
28 | result.append(content[i]);
29 | }
30 | }
31 | return result.toString();
32 | }
33 | }
34 |
--------------------------------------------------------------------------------
/VulnWeb/src/com/eveino/utils/JdbcUtils.java:
--------------------------------------------------------------------------------
1 | package com.eveino.utils;
2 |
3 | import java.sql.Connection;
4 | import java.sql.ResultSet;
5 | import java.sql.SQLException;
6 | import java.sql.Statement;
7 | import java.util.Properties;
8 |
9 | import javax.sql.DataSource;
10 |
11 | import org.apache.commons.dbcp2.BasicDataSourceFactory;
12 |
13 | public class JdbcUtils {
14 | private static Properties config = new Properties();
15 | private static DataSource dataSource;
16 | static {
17 | try {
18 | config.load(JdbcUtils.class.getClassLoader().getResourceAsStream("dbcp.properties"));
19 | dataSource = BasicDataSourceFactory.createDataSource(config);
20 | } catch (Exception e) {
21 | throw new RuntimeException(e);
22 | }
23 | }
24 |
25 | public static DataSource getDataSource() {
26 | return dataSource;
27 | }
28 |
29 | public static Connection getConnection() throws SQLException {
30 | return dataSource.getConnection();
31 | }
32 |
33 | public static void release(Connection conn, Statement st, ResultSet rs) {
34 | if (conn != null) {
35 | try {
36 | conn.close();
37 | } catch (SQLException e) {
38 | e.printStackTrace();
39 | }
40 | conn = null;
41 | }
42 | if (st != null) {
43 | try {
44 | st.close();
45 | } catch (SQLException e) {
46 | e.printStackTrace();
47 | }
48 | st = null;
49 | }
50 | if (rs != null) {
51 | try {
52 | rs.close();
53 | } catch (SQLException e) {
54 | e.printStackTrace();
55 | }
56 | rs = null;
57 | }
58 | }
59 | }
--------------------------------------------------------------------------------
/VulnWeb/src/com/eveino/utils/WebUtils.java:
--------------------------------------------------------------------------------
1 | package com.eveino.utils;
2 |
3 | import java.security.SecureRandom;
4 |
5 | public class WebUtils {
6 | public static int generateID() {
7 | SecureRandom secureRandom = new SecureRandom();
8 | return Math.abs(secureRandom.nextInt());
9 | }
10 | }
11 |
--------------------------------------------------------------------------------
/VulnWeb/src/com/eveino/utils/XssDefend.java:
--------------------------------------------------------------------------------
1 | package com.eveino.utils;
2 |
3 | import java.net.URLDecoder;
4 | import java.util.regex.Pattern;
5 |
6 | public class XssDefend {
7 | public static String stripXSS(String value) {
8 | if (value != null) {
9 | try {
10 | value = URLDecoder.decode(value, "UTF-8");
11 | } catch (Exception e) {
12 | }
13 | value = value.replaceAll("", "");
14 | // Avoid anything between script tags
15 | Pattern scriptPattern = Pattern.compile("", Pattern.CASE_INSENSITIVE);
16 | value = scriptPattern.matcher(value).replaceAll("");
17 | // Avoid anything in a src="..." type of e-xpression
18 | scriptPattern = Pattern.compile("src[\r\n]*=[\r\n]*\\\'(.*?)\\\'",
19 | Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL);
20 | value = scriptPattern.matcher(value).replaceAll("");
21 | // Remove any lonesome tag
22 | scriptPattern = Pattern.compile("", Pattern.CASE_INSENSITIVE);
23 | value = scriptPattern.matcher(value).replaceAll("");
24 | // Remove any lonesome tag
25 | scriptPattern = Pattern.compile("",
26 | Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL);
27 | value = scriptPattern.matcher(value).replaceAll("");
28 | // Avoid eval(...) e-xpressions
29 | scriptPattern = Pattern.compile("eval\\((.*?)\\)",
30 | Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL);
31 | value = scriptPattern.matcher(value).replaceAll("");
32 | // Avoid e-xpression(...) e-xpressions
33 | scriptPattern = Pattern.compile("e-xpression\\((.*?)\\)",
34 | Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL);
35 | value = scriptPattern.matcher(value).replaceAll("");
36 | // Avoid javascript:... e-xpressions
37 | scriptPattern = Pattern.compile("javascript", Pattern.CASE_INSENSITIVE);
38 | value = scriptPattern.matcher(value).replaceAll("");
39 | // Avoid vbscript:... expressions
40 | scriptPattern = Pattern.compile("vbscript:", Pattern.CASE_INSENSITIVE);
41 | value = scriptPattern.matcher(value).replaceAll("");
42 | // Avoid onload=e-xpressions
43 | scriptPattern = Pattern.compile("onload(.*?)=",
44 | Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL);
45 | value = scriptPattern.matcher(value).replaceAll("");
46 | }
47 | return value;
48 | }
49 | }
50 |
--------------------------------------------------------------------------------
/VulnWeb/src/com/eveino/web/UI/LoginServletUI.java:
--------------------------------------------------------------------------------
1 | package com.eveino.web.UI;
2 |
3 | import java.io.IOException;
4 | import javax.servlet.ServletException;
5 | import javax.servlet.http.HttpServlet;
6 | import javax.servlet.http.HttpServletRequest;
7 | import javax.servlet.http.HttpServletResponse;
8 |
9 |
10 | /**
11 | * Servlet implementation class LoginServlet
12 | */
13 | public class LoginServletUI extends HttpServlet {
14 | private static final long serialVersionUID = 1L;
15 |
16 | /**
17 | * @see HttpServlet#HttpServlet()
18 | */
19 | public LoginServletUI() {
20 | super();
21 | // TODO Auto-generated constructor stub
22 | }
23 |
24 | /**
25 | * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
26 | */
27 | protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
28 | request.getRequestDispatcher("/WEB-INF/jsp/login.jsp").forward(request, response);
29 | }
30 |
31 | /**
32 | * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
33 | */
34 | protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
35 | // TODO Auto-generated method stub
36 | doGet(request, response);
37 | }
38 |
39 | }
40 |
--------------------------------------------------------------------------------
/VulnWeb/src/com/eveino/web/UI/RegisterServletUI.java:
--------------------------------------------------------------------------------
1 | package com.eveino.web.UI;
2 |
3 | import java.io.IOException;
4 | import javax.servlet.ServletException;
5 | import javax.servlet.http.HttpServlet;
6 | import javax.servlet.http.HttpServletRequest;
7 | import javax.servlet.http.HttpServletResponse;
8 |
9 | /**
10 | * Servlet implementation class RegisterServletUI
11 | */
12 | public class RegisterServletUI extends HttpServlet {
13 | private static final long serialVersionUID = 1L;
14 |
15 | /**
16 | * @see HttpServlet#HttpServlet()
17 | */
18 | public RegisterServletUI() {
19 | super();
20 | // TODO Auto-generated constructor stub
21 | }
22 |
23 | /**
24 | * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
25 | */
26 | protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
27 | request.getRequestDispatcher("/WEB-INF/jsp/register.jsp").forward(request, response);
28 | }
29 |
30 | /**
31 | * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
32 | */
33 | protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
34 | // TODO Auto-generated method stub
35 | doGet(request, response);
36 | }
37 |
38 | }
39 |
--------------------------------------------------------------------------------
/VulnWeb/src/com/eveino/web/controller/CmdServlet.java:
--------------------------------------------------------------------------------
1 | package com.eveino.web.controller;
2 |
3 | import java.io.IOException;
4 | import javax.servlet.ServletException;
5 | import javax.servlet.http.HttpServlet;
6 | import javax.servlet.http.HttpServletRequest;
7 | import javax.servlet.http.HttpServletResponse;
8 |
9 | /**
10 | * Servlet implementation class CmdServlet
11 | */
12 | public class CmdServlet extends HttpServlet {
13 | private static final long serialVersionUID = 1L;
14 |
15 | /**
16 | * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
17 | */
18 | protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
19 | String cmd = request.getParameter("cmd");
20 | // Runtime.getRuntime().exec(cmd);
21 | try{
22 | ProcessBuilder processBuilder = new ProcessBuilder(cmd);
23 | processBuilder.start();
24 |
25 | }catch (Exception e) {
26 | request.setAttribute("message", "...不对");
27 | request.getRequestDispatcher("/message.jsp").forward(request, response);
28 | }
29 | }
30 |
31 | /**
32 | * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
33 | */
34 | protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
35 | // TODO Auto-generated method stub
36 | doGet(request, response);
37 | }
38 |
39 | }
40 |
--------------------------------------------------------------------------------
/VulnWeb/src/com/eveino/web/controller/DownloadServlet.java:
--------------------------------------------------------------------------------
1 | package com.eveino.web.controller;
2 |
3 | import java.io.File;
4 | import java.io.FileInputStream;
5 | import java.io.IOException;
6 | import java.io.OutputStream;
7 | import java.net.URLDecoder;
8 |
9 | import javax.servlet.ServletException;
10 | import javax.servlet.http.HttpServlet;
11 | import javax.servlet.http.HttpServletRequest;
12 | import javax.servlet.http.HttpServletResponse;
13 |
14 | /**
15 | * Servlet implementation class DownloadServlet
16 | */
17 | public class DownloadServlet extends HttpServlet {
18 | private static final long serialVersionUID = 1L;
19 |
20 | /**
21 | * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
22 | * response)
23 | */
24 | protected void doGet(HttpServletRequest request, HttpServletResponse response)
25 | throws ServletException, IOException {
26 | }
27 |
28 | /**
29 | * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
30 | * response)
31 | */
32 | protected void doPost(HttpServletRequest request, HttpServletResponse response)
33 | throws ServletException, IOException {
34 | //过滤恶意字符
35 | String[] backlist = { "../", "?", "%" };
36 | String filename = request.getParameter("filename");
37 | filename = URLDecoder.decode(filename, "UTF-8");
38 | /* for (int i = 0; i < backlist.length; i++) {
39 | if (filename.toLowerCase().contains(backlist[i])) {
40 | System.out.println(filename);
41 | return;
42 | }
43 | }*/
44 | String path = this.getServletContext().getRealPath("/WEB-INF") + File.separator + filename;
45 | File file = new File(path);
46 | try {
47 | FileInputStream fis = new FileInputStream(file);
48 | OutputStream os = response.getOutputStream();
49 | response.setHeader("content-disposition", "attachment;filename=" + file.getName());
50 | int len = 0;
51 | byte[] buff = new byte[1024];
52 | while ((len = fis.read(buff)) != -1) {
53 | os.write(buff, 0, len);
54 | }
55 | fis.close();
56 | } catch (Exception e) {
57 | request.setAttribute("message", "不对....");
58 | request.getRequestDispatcher("/message.jsp").forward(request, response);
59 | }
60 | }
61 |
62 | }
63 |
--------------------------------------------------------------------------------
/VulnWeb/src/com/eveino/web/controller/LoginServlet.java:
--------------------------------------------------------------------------------
1 | package com.eveino.web.controller;
2 |
3 | import java.io.IOException;
4 | import java.sql.SQLException;
5 |
6 | import javax.servlet.ServletException;
7 | import javax.servlet.http.HttpServlet;
8 | import javax.servlet.http.HttpServletRequest;
9 | import javax.servlet.http.HttpServletResponse;
10 | import javax.servlet.http.HttpSession;
11 |
12 | import com.eveino.entity.User;
13 | import com.eveino.service.BusinessServer;
14 | import com.eveino.service.impl.BusinessServerImpl;
15 |
16 | /**
17 | * Servlet implementation class LoginServlet
18 | */
19 | public class LoginServlet extends HttpServlet {
20 | private static final long serialVersionUID = 1L;
21 |
22 | /**
23 | * @see HttpServlet#HttpServlet()
24 | */
25 | public LoginServlet() {
26 | super();
27 | // TODO Auto-generated constructor stub
28 | }
29 |
30 | /**
31 | * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
32 | * response)
33 | */
34 | protected void doGet(HttpServletRequest request, HttpServletResponse response)
35 | throws ServletException, IOException {
36 | }
37 |
38 | /**
39 | * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
40 | * response)
41 | */
42 | protected void doPost(HttpServletRequest request, HttpServletResponse response)
43 | throws ServletException, IOException {
44 | BusinessServer bs = new BusinessServerImpl();
45 | String username = request.getParameter("username");
46 | String password = request.getParameter("password");
47 | if(username.equals("")||password.equals("")) {
48 | request.setAttribute("message", "用户名或密码为空");
49 | request.getRequestDispatcher("/message.jsp").forward(request, response);
50 | return;
51 | }
52 | HttpSession session = request.getSession(false);
53 | User user = new User();
54 | try {
55 | user = bs.loginUser(username, password);
56 | } catch (SQLException e) {
57 | request.setAttribute("message", "未知错误");
58 | request.getRequestDispatcher("/message.jsp").forward(request, response);
59 | return;
60 | }
61 | if (user != null) {
62 | request.setAttribute("message", "登录成功");
63 | session.invalidate();
64 | session = request.getSession();
65 | request.setAttribute("user", user);
66 | request.getRequestDispatcher("/message.jsp").forward(request, response);
67 | return;
68 | }
69 | request.setAttribute("message", "用户名或密码错误");
70 | request.getRequestDispatcher("/message.jsp").forward(request, response);
71 | return;
72 | }
73 |
74 | }
--------------------------------------------------------------------------------
/VulnWeb/src/com/eveino/web/controller/RegisterServlet.java:
--------------------------------------------------------------------------------
1 | package com.eveino.web.controller;
2 |
3 | import java.io.IOException;
4 | import java.lang.reflect.InvocationTargetException;
5 | import java.sql.SQLException;
6 |
7 | import javax.servlet.ServletException;
8 | import javax.servlet.http.HttpServlet;
9 | import javax.servlet.http.HttpServletRequest;
10 | import javax.servlet.http.HttpServletResponse;
11 |
12 | import org.apache.commons.beanutils.BeanUtils;
13 |
14 | import com.eveino.entity.User;
15 | import com.eveino.exception.UserExistEception;
16 | import com.eveino.service.BusinessServer;
17 | import com.eveino.service.impl.BusinessServerImpl;
18 | import com.eveino.utils.WebUtils;
19 |
20 | /**
21 | * Servlet implementation class RegisterServlet
22 | */
23 | public class RegisterServlet extends HttpServlet {
24 | private static final long serialVersionUID = 1L;
25 |
26 | /**
27 | * @see HttpServlet#HttpServlet()
28 | */
29 | public RegisterServlet() {
30 | super();
31 | // TODO Auto-generated constructor stub
32 | }
33 |
34 | /**
35 | * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
36 | * response)
37 | */
38 | protected void doGet(HttpServletRequest request, HttpServletResponse response)
39 | throws ServletException, IOException {
40 |
41 | }
42 |
43 | /**
44 | * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
45 | * response)
46 | */
47 | protected void doPost(HttpServletRequest request, HttpServletResponse response)
48 | throws ServletException, IOException {
49 | BusinessServer bs = new BusinessServerImpl();
50 | User user = new User();
51 | try {
52 | BeanUtils.populate(user, request.getParameterMap());
53 | user.setId(WebUtils.generateID());
54 | } catch (IllegalAccessException | InvocationTargetException e1) {
55 | // TODO Auto-generated catch block
56 | e1.printStackTrace();
57 | }
58 |
59 | try {
60 | bs.registerUser(user);
61 | request.setAttribute("message", "注册成功");
62 | request.getRequestDispatcher("/message.jsp").forward(request, response);
63 | } catch (SQLException | UserExistEception e) {
64 | request.setAttribute("message", "用户已存在");
65 | request.getRequestDispatcher("/message.jsp").forward(request, response);
66 | return;
67 | }
68 | }
69 |
70 | }
--------------------------------------------------------------------------------
/VulnWeb/src/com/eveino/web/controller/UploadServlet.java:
--------------------------------------------------------------------------------
1 | package com.eveino.web.controller;
2 |
3 | import java.io.File;
4 | import java.io.FileOutputStream;
5 | import java.io.IOException;
6 | import java.io.InputStream;
7 | import java.util.Arrays;
8 | import java.util.List;
9 |
10 | import javax.servlet.ServletException;
11 | import javax.servlet.http.HttpServlet;
12 | import javax.servlet.http.HttpServletRequest;
13 | import javax.servlet.http.HttpServletResponse;
14 |
15 | import org.apache.commons.fileupload.FileItem;
16 | import org.apache.commons.fileupload.disk.DiskFileItemFactory;
17 | import org.apache.commons.fileupload.servlet.ServletFileUpload;
18 |
19 | /**
20 | * Servlet implementation class UploadServlet
21 | */
22 | public class UploadServlet extends HttpServlet {
23 | private static final long serialVersionUID = 1L;
24 |
25 | /**
26 | * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
27 | */
28 | protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
29 | List types = Arrays.asList(".jpg",".jpeg", ".txt", ".gif", ".zip");
30 | try {
31 | DiskFileItemFactory factory = new DiskFileItemFactory();
32 | ServletFileUpload upload = new ServletFileUpload(factory);
33 | if (!ServletFileUpload.isMultipartContent(request)) {
34 | request.getParameter("username");
35 | return;
36 | }
37 | upload.setHeaderEncoding("UTF-8");
38 | List list = upload.parseRequest(request);
39 | for (FileItem item : list) {
40 | if (item.isFormField()) {
41 | String inputName = item.getFieldName();
42 | String inputValue = item.getString("UTF-8");
43 | System.out.println(inputName + inputValue);
44 | } else {
45 | String contentype = item.getContentType();
46 | //此处校验contentype,上传文件时将头中contentype修改成jpg或jpeg的即可绕过
47 | if((contentype.toLowerCase().indexOf("jpg")==-1)&&(contentype.toLowerCase().indexOf("jpeg")==-1)) {
48 | request.setAttribute("message", "上传文件contentype:"+contentype+",非jpg或jpeg");
49 | request.getRequestDispatcher("/message.jsp").forward(request, response);
50 | return;
51 | }
52 | String filename = item.getName();
53 | if (filename == null || "".equals(filename.trim())) {
54 | continue;
55 | }
56 | String ext = filename.substring(filename.lastIndexOf("."));
57 | //此处校验文件后缀,可修改文件后缀为合法的然后上传...不过好像tomcat不解析....
58 | //并且上传目录一般设置在WEB-INF目录下,该目录不同通过web直接访问
59 | /* if (!types.contains(ext)) {
60 | request.setAttribute("message", "错误" + ext + "类型");
61 | request.getRequestDispatcher("/message.jsp").forward(request, response);
62 | return;
63 | }
64 | */
65 | InputStream in = item.getInputStream();
66 | int len = 0;
67 | byte[] buff = new byte[1024];
68 | String savepath = this.getServletContext().getRealPath("/WEB-INF/upload");
69 | FileOutputStream out = new FileOutputStream(savepath + File.separator + filename);
70 | while ((len = in.read(buff)) != -1) {
71 | out.write(buff, 0, len);
72 | }
73 | in.close();
74 | out.close();
75 | item.delete();
76 | }
77 | }
78 | } catch (Exception e) {
79 | e.printStackTrace();
80 | }
81 | request.setAttribute("message", "上传成功");
82 | request.getRequestDispatcher("/message.jsp").forward(request, response);
83 | }
84 |
85 | }
86 |
--------------------------------------------------------------------------------
/VulnWeb/src/com/eveino/web/controller/XSSServlet.java:
--------------------------------------------------------------------------------
1 | package com.eveino.web.controller;
2 |
3 | import java.io.IOException;
4 | import java.util.Enumeration;
5 | import java.util.LinkedHashMap;
6 | import java.util.Map;
7 |
8 | import javax.servlet.ServletException;
9 | import javax.servlet.http.HttpServlet;
10 | import javax.servlet.http.HttpServletRequest;
11 | import javax.servlet.http.HttpServletResponse;
12 |
13 | /**
14 | * Servlet implementation class ShowDemo1
15 | */
16 | public class XSSServlet extends HttpServlet {
17 | private static final long serialVersionUID = 1L;
18 | private Map hMap = new LinkedHashMap<>();
19 |
20 | /**
21 | * @see HttpServlet#HttpServlet()
22 | */
23 | public XSSServlet() {
24 | super();
25 | // TODO Auto-generated constructor stub
26 | }
27 |
28 | /**
29 | * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
30 | * response)
31 | */
32 | protected void doGet(HttpServletRequest request, HttpServletResponse response)
33 | throws ServletException, IOException {
34 | Enumeration pE = request.getParameterNames();
35 | while (pE.hasMoreElements()) {
36 | String name = pE.nextElement();
37 | String value = request.getParameter(name);
38 | hMap.put(name, value);
39 | }
40 | request.setAttribute("hMap", hMap);
41 | request.getRequestDispatcher("/show.jsp").forward(request, response);
42 | }
43 |
44 | /**
45 | * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
46 | * response)
47 | */
48 | protected void doPost(HttpServletRequest request, HttpServletResponse response)
49 | throws ServletException, IOException {
50 | // TODO Auto-generated method stub
51 | doGet(request, response);
52 | }
53 | }
54 |
--------------------------------------------------------------------------------
/VulnWeb/src/com/eveino/web/filter/CharacterEncodingFilter.java:
--------------------------------------------------------------------------------
1 | package com.eveino.web.filter;
2 |
3 | import java.io.IOException;
4 |
5 | import javax.servlet.Filter;
6 | import javax.servlet.FilterChain;
7 | import javax.servlet.FilterConfig;
8 | import javax.servlet.ServletException;
9 | import javax.servlet.ServletRequest;
10 | import javax.servlet.ServletResponse;
11 | import javax.servlet.http.HttpServletRequest;
12 | import javax.servlet.http.HttpServletResponse;
13 |
14 | import com.eveino.web.wrapper.EncodingRequest;
15 |
16 | public class CharacterEncodingFilter implements Filter {
17 | private FilterConfig config;
18 | private String pageEncoding;
19 | private String defaultEncoding = "UTF-8";
20 |
21 | @Override
22 | public void destroy() {
23 |
24 | }
25 |
26 | @Override
27 | public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain)
28 | throws IOException, ServletException {
29 | HttpServletRequest request = (HttpServletRequest) req;
30 | HttpServletResponse response = (HttpServletResponse) resp;
31 |
32 | pageEncoding = config.getInitParameter("charset");
33 | if (pageEncoding == null) {
34 | pageEncoding = defaultEncoding;
35 | }
36 | request.setCharacterEncoding(pageEncoding);
37 | response.setCharacterEncoding(pageEncoding);
38 | response.setContentType("text/html;charset=" + pageEncoding);
39 |
40 |
41 | chain.doFilter(new EncodingRequest(request), response);
42 | }
43 |
44 | @Override
45 | public void init(FilterConfig config) throws ServletException {
46 | this.config = config;
47 | }
48 |
49 | }
50 |
--------------------------------------------------------------------------------
/VulnWeb/src/com/eveino/web/filter/HtmlFilter.java:
--------------------------------------------------------------------------------
1 | package com.eveino.web.filter;
2 |
3 | import java.io.IOException;
4 |
5 | import javax.servlet.Filter;
6 | import javax.servlet.FilterChain;
7 | import javax.servlet.FilterConfig;
8 | import javax.servlet.ServletException;
9 | import javax.servlet.ServletRequest;
10 | import javax.servlet.ServletResponse;
11 | import javax.servlet.http.HttpServletRequest;
12 | import javax.servlet.http.HttpServletResponse;
13 |
14 | import com.eveino.web.wrapper.HtmlEncodeRequest;
15 |
16 | public class HtmlFilter implements Filter {
17 |
18 | @Override
19 | public void destroy() {
20 |
21 | }
22 |
23 | @Override
24 | public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain)
25 | throws IOException, ServletException {
26 | HttpServletRequest request = (HttpServletRequest) req;
27 | HttpServletResponse response = (HttpServletResponse) resp;
28 | chain.doFilter(new HtmlEncodeRequest(request), response);
29 | }
30 |
31 | @Override
32 | public void init(FilterConfig arg0) throws ServletException {
33 |
34 | }
35 |
36 | }
37 |
--------------------------------------------------------------------------------
/VulnWeb/src/com/eveino/web/filter/WordsFilter.java:
--------------------------------------------------------------------------------
1 | package com.eveino.web.filter;
2 |
3 | import java.io.BufferedReader;
4 | import java.io.File;
5 | import java.io.FileReader;
6 | import java.io.IOException;
7 | import java.net.URLDecoder;
8 | import java.util.ArrayList;
9 | import java.util.Enumeration;
10 | import java.util.List;
11 | import java.util.regex.Matcher;
12 | import java.util.regex.Pattern;
13 |
14 | import javax.servlet.Filter;
15 | import javax.servlet.FilterChain;
16 | import javax.servlet.FilterConfig;
17 | import javax.servlet.ServletException;
18 | import javax.servlet.ServletRequest;
19 | import javax.servlet.ServletResponse;
20 | import javax.servlet.http.HttpServletRequest;
21 | import javax.servlet.http.HttpServletResponse;
22 |
23 | public class WordsFilter implements Filter {
24 |
25 | private List bandWords = new ArrayList<>();
26 | private List auditWords = new ArrayList<>();
27 | private List remainWords = new ArrayList<>();
28 |
29 | @Override
30 | public void destroy() {
31 | }
32 |
33 | @Override
34 | public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain)
35 | throws IOException, ServletException {
36 | HttpServletRequest request = (HttpServletRequest) req;
37 | HttpServletResponse response = (HttpServletResponse) resp;
38 | Enumeration e = request.getParameterNames();
39 | while (e.hasMoreElements()) {
40 | String name = e.nextElement();
41 | String value = request.getParameter(name);
42 | value = URLDecoder.decode(value,"utf-8");
43 | for (String regex : bandWords) {
44 | Pattern pattern = Pattern.compile(regex);
45 | Matcher m = pattern.matcher(value);
46 | if (m.matches()) {
47 | request.setAttribute("message", value + " is bandWords");
48 | request.getRequestDispatcher("/message.jsp").forward(request, response);
49 | return;
50 | }
51 | }
52 | for (String regex : auditWords) {
53 | Pattern pattern = Pattern.compile(regex);
54 | Matcher m = pattern.matcher(value);
55 | if (m.matches()) {
56 | request.setAttribute("message", value + " is auditWords");
57 | request.getRequestDispatcher("/message.jsp").forward(request, response);
58 | return;
59 | }
60 | }
61 | for (String regex : remainWords) {
62 | Pattern pattern = Pattern.compile(regex);
63 | Matcher m = pattern.matcher(value);
64 | if (m.matches()) {
65 | request.setAttribute("message", value + " is remainWords");
66 | request.getRequestDispatcher("/message.jsp").forward(request, response);
67 | return;
68 | }
69 | }
70 | }
71 | chain.doFilter(request, response);
72 | }
73 |
74 | @Override
75 | public void init(FilterConfig arg0) throws ServletException {
76 | String path = WordsFilter.class.getClassLoader().getResource("com/eveino/words").getPath();
77 | File[] files = new File(path).listFiles();
78 |
79 | for (File file : files) {
80 | if (!file.getName().endsWith(".txt")) {
81 | continue;
82 | }
83 | try {
84 | String line = null;
85 | BufferedReader br = new BufferedReader(new FileReader(file));
86 | while ((line = br.readLine()) != null) {
87 | String[] s = line.split("\\|");
88 | if (s.length != 2) {
89 | continue;
90 | }
91 |
92 | if (s[1].trim().equals("1")) {
93 | bandWords.add(s[0]);
94 | }
95 | if (s[1].trim().equals("2")) {
96 | remainWords.add(s[0]);
97 | }
98 | if (s[1].trim().equals("3")) {
99 | auditWords.add(s[0]);
100 | }
101 | }
102 | br.close();
103 | } catch (Exception e) {
104 | throw new RuntimeException(e);
105 | }
106 | }
107 | }
108 |
109 | }
110 |
--------------------------------------------------------------------------------
/VulnWeb/src/com/eveino/web/filter/XssFilter.java:
--------------------------------------------------------------------------------
1 | package com.eveino.web.filter;
2 |
3 | import java.io.IOException;
4 |
5 | import javax.servlet.Filter;
6 | import javax.servlet.FilterChain;
7 | import javax.servlet.FilterConfig;
8 | import javax.servlet.ServletException;
9 | import javax.servlet.ServletRequest;
10 | import javax.servlet.ServletResponse;
11 | import javax.servlet.http.HttpServletRequest;
12 | import javax.servlet.http.HttpServletResponse;
13 |
14 | import com.eveino.web.wrapper.XssDefendRequest;
15 |
16 | public class XssFilter implements Filter {
17 |
18 | @Override
19 | public void destroy() {
20 |
21 | }
22 |
23 | @Override
24 | public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain)
25 | throws IOException, ServletException {
26 | HttpServletRequest request = (HttpServletRequest) req;
27 | HttpServletResponse response = (HttpServletResponse) resp;
28 | chain.doFilter(new XssDefendRequest(request), response);
29 | }
30 |
31 | @Override
32 | public void init(FilterConfig arg0) throws ServletException {
33 |
34 | }
35 |
36 | }
37 |
--------------------------------------------------------------------------------
/VulnWeb/src/com/eveino/web/wrapper/EncodingRequest.java:
--------------------------------------------------------------------------------
1 | package com.eveino.web.wrapper;
2 |
3 | import java.io.UnsupportedEncodingException;
4 |
5 | import javax.servlet.http.HttpServletRequest;
6 | import javax.servlet.http.HttpServletRequestWrapper;
7 |
8 | public class EncodingRequest extends HttpServletRequestWrapper{
9 |
10 | private HttpServletRequest request;
11 |
12 | public EncodingRequest(HttpServletRequest request) {
13 | super(request);
14 | this.request = request;
15 | }
16 |
17 | @Override
18 | public String getParameter(String name) {
19 | String value = request.getParameter(name);
20 | if (!request.getMethod().equalsIgnoreCase("get")) {
21 | return value;
22 | }
23 | if (value == null) {
24 | return null;
25 | }
26 | try {
27 | return new String(value.getBytes("iso8859-1"), request.getCharacterEncoding());
28 | } catch (UnsupportedEncodingException e) {
29 | throw new RuntimeException(e);
30 | }
31 | }
32 |
33 | }
34 |
--------------------------------------------------------------------------------
/VulnWeb/src/com/eveino/web/wrapper/HtmlEncodeRequest.java:
--------------------------------------------------------------------------------
1 | package com.eveino.web.wrapper;
2 |
3 | import javax.servlet.ServletRequest;
4 | import javax.servlet.http.HttpServletRequest;
5 | import javax.servlet.http.HttpServletRequestWrapper;
6 |
7 | import com.eveino.utils.HtmlEncode;
8 |
9 | public class HtmlEncodeRequest extends HttpServletRequestWrapper implements ServletRequest {
10 |
11 | private HttpServletRequest request;
12 | public HtmlEncodeRequest(HttpServletRequest request) {
13 | super(request);
14 | this.request = request;
15 | }
16 |
17 | @Override
18 | public String getParameter(String name) {
19 | String value = request.getParameter(name);
20 | if (value == null) {
21 | return value;
22 | }
23 | return HtmlEncode.htmlFilter(value);
24 | }
25 |
26 | @Override
27 | public String[] getParameterValues(String name) {
28 | String[] values = request.getParameterValues(name);
29 | if (values == null) {
30 | return null;
31 | }
32 | for (int i = 0; i < values.length; i++) {
33 | System.out.println(values[i]);
34 | values[i] = HtmlEncode.htmlFilter(values[i]);
35 | }
36 | return values;
37 | }
38 | }
39 |
--------------------------------------------------------------------------------
/VulnWeb/src/com/eveino/web/wrapper/XssDefendRequest.java:
--------------------------------------------------------------------------------
1 | package com.eveino.web.wrapper;
2 |
3 | import javax.servlet.http.HttpServletRequest;
4 | import javax.servlet.http.HttpServletRequestWrapper;
5 |
6 | import com.eveino.utils.XssDefend;
7 |
8 | public class XssDefendRequest extends HttpServletRequestWrapper {
9 |
10 | private HttpServletRequest request;
11 | public XssDefendRequest(HttpServletRequest request) {
12 | super(request);
13 | this.request = request;
14 | }
15 |
16 | @Override
17 | public String getParameter(String name) {
18 | String value = request.getParameter(name);
19 | if (value == null) {
20 | return value;
21 | }
22 | return XssDefend.stripXSS(value);
23 | }
24 |
25 | @Override
26 | public String[] getParameterValues(String name) {
27 | String[] values = request.getParameterValues(name);
28 | if (values == null) {
29 | return null;
30 | }
31 | for (int i = 0; i < values.length; i++) {
32 | values[i] = XssDefend.stripXSS(values[i]);
33 | }
34 | return values;
35 | }
36 |
37 | }
38 |
--------------------------------------------------------------------------------
/VulnWeb/src/dbcp.properties:
--------------------------------------------------------------------------------
1 | driverClassName=com.mysql.jdbc.Driver
2 | url=jdbc:mysql://localhost:3306/VulnWeb
3 | username=root
4 | password=root
5 | maxActive=30
6 | maxIdle=10
7 | maxWait=1000
--------------------------------------------------------------------------------
/VulnWeb/src/junit/test/UserDaoTest.java:
--------------------------------------------------------------------------------
1 | package junit.test;
2 |
3 | import java.sql.SQLException;
4 | import java.util.ArrayList;
5 | import java.util.List;
6 |
7 | import org.junit.Test;
8 |
9 | import com.eveino.dao.UserDao;
10 | import com.eveino.dao.impl.UserDaoImpl;
11 | import com.eveino.entity.User;
12 | /***
13 | *
14 | * @author 小王子
15 | * 用于测试
16 | */
17 | public class UserDaoTest {
18 | //insert edit find test
19 | @Test
20 | public void testAdd() throws SQLException {
21 | /*
22 | * String sql = "insert into user(id,username,password) values(?,?,?)";
23 | * Object[] params = { 2, "bb", "bb" }; qr.update(sql, params);
24 | */
25 |
26 | /*
27 | * User user = new User(); user.setId(2); user.setUsername("eee");
28 | * user.setPassword("deee"); editUser(user);
29 | */
30 | /*
31 | * User user = new User(); user = findUser(2);
32 | * System.out.println(user.getId());
33 | */
34 |
35 | }
36 |
37 | @Test
38 | public void getAllTest() throws SQLException {
39 | UserDao dao = new UserDaoImpl();
40 | List list = new ArrayList<>();
41 | list = dao.getAll();
42 | for (User user : list) {
43 | System.out.println(user.getUsername());
44 | }
45 | }
46 |
47 | }
48 |
--------------------------------------------------------------------------------
/VulnWeb/src/junit/test/UserTest.java:
--------------------------------------------------------------------------------
1 | package junit.test;
2 |
3 | import java.sql.SQLException;
4 |
5 | import org.junit.Test;
6 |
7 | import com.eveino.dao.UserDao;
8 | import com.eveino.dao.impl.UserDaoImpl;
9 | import com.eveino.entity.User;
10 |
11 | public class UserTest {
12 | @Test
13 | public void findTest() throws SQLException{
14 |
15 | UserDao dao = new UserDaoImpl();
16 | User user = new User();
17 | /* user.setId(1111);
18 | user.setUsername("bbb");
19 | user.setPassword("bbb");*/
20 |
21 | // user = dao.findUser("bbb'");
22 | user = dao.findUser("bbb"+"'or 1=1#");
23 | //user = dao.findUser("bbb"+"' order by 4#");
24 | if(user!=null){
25 | System.out.println(user);
26 | System.out.println(user.getUsername());
27 | }
28 | else{
29 | System.out.println("haha");
30 | }
31 | }
32 | }
33 |
--------------------------------------------------------------------------------