by_yexing issues

Results 2 issues of


                                            by_yexing

burp插件调试无响应

不知道大佬遇见过这样的问题没,当开启远程调试之后,使用IDEA调试代码,burp就无响应,直到IDEA跑完所有的代码才恢复

1.两处文件上传绕过: 由于在代码中采用了黑名单过滤后缀“.jsp”和“.asp”，攻击者可以利用windows自动去除后缀“.”，"::$DATA”等，来进行绕过。如下： /uploadFileList 接口：代码分析： ![1705369861116](https://github.com/rawchen/blog-ssm/assets/107806521/1dfac411-d34a-4d60-add7-7a740c90439b) ![1705369868122](https://github.com/rawchen/blog-ssm/assets/107806521/49994e90-052a-483a-8e35-cb64a3044a0e) 漏洞复现： ![1705369825775](https://github.com/rawchen/blog-ssm/assets/107806521/4d0f3fe3-348a-4df8-98a1-df3504b06cd2) ![1705369840162](https://github.com/rawchen/blog-ssm/assets/107806521/589be64b-cde2-4f52-82ed-a3175491f1d1) /upFile 接口：代码分析： ![1705369915142](https://github.com/rawchen/blog-ssm/assets/107806521/9eb5c090-3c0c-4791-b556-a12af0d0546d) ![1705369918042](https://github.com/rawchen/blog-ssm/assets/107806521/56bcf184-487d-473f-9d6c-5031848919e5) ![1705369921808](https://github.com/rawchen/blog-ssm/assets/107806521/f3897532-6310-4f5e-84a7-b45e69ea178d) ![1705369924377](https://github.com/rawchen/blog-ssm/assets/107806521/29997870-a7b5-4a75-839f-5cb32b2edde7) 漏洞复现： ![1705370134198](https://github.com/rawchen/blog-ssm/assets/107806521/8eb34f5c-0458-40a9-9797-daacc31b1ba6) ![1705370140909](https://github.com/rawchen/blog-ssm/assets/107806521/6aed6de2-bec3-46d7-b706-bf05fbad16c4) 建议修复方案：采用白名单防御，仅允许上传.txt，.zip，.png，.mp3等常见后缀，禁止上传脚本格式,，如：.html（可导致产生存储型XSS），.jsp，.jspx， .php .asp等，可导致代码执行！！！ 2.两处SQL注入，由于采用了"${"的方式进行拼接，所以导致产生SQL注入问题，如下：漏洞产生位置： com/rawchen/mapper/ContentMapper.xml: ![1705370443868](https://github.com/rawchen/blog-ssm/assets/107806521/c00c3472-6bda-4409-80d0-370b13a1da32) com/rawchen/mapper/TagMapper.xml: ![image](https://github.com/rawchen/blog-ssm/assets/107806521/b9c6cb18-4be1-47fc-86b5-2441aa4de1ca) 漏洞复现：...

by_yexing

burp插件调试无响应

发现几处安全问题