spring java中的本地文件包含漏洞

时间:2017-10-31 05:58:00

标签: java spring security configuration

我在使用spring MVC框架的java中有一个Web应用程序。昨天,安全团队共享了一个URL,以利用本地文件包含漏洞(在浏览器上公开web.xml)。

我无法弄清楚在哪里寻找可疑区域。它是在spring配置中还是在JSP文件中。

的web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app>
   <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>classpath:spring/context-beans.xml</param-value>
    </context-param>



    <listener>
        <listener-class>
            org.springframework.web.context.ContextLoaderListener
        </listener-class>
    </listener>

    <servlet>
        <servlet-name>CXFServlet</servlet-name>
        <display-name>CXF Servlet</display-name>
        <servlet-class>
            org.apache.cxf.transport.servlet.CXFServlet
        </servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>


    <servlet-mapping>
        <servlet-name>CXFServlet</servlet-name>
        <url-pattern>/service/*</url-pattern>
    </servlet-mapping>

    <servlet>
        <servlet-name>spring</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <init-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>
                classpath:spring/web-app-servlet.xml
            </param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
        <async-supported>true</async-supported>
    </servlet>

    <servlet-mapping>
        <servlet-name>spring</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>
</web-app>

并返回jsp。

<!DOCTYPE html>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<html lang="en">
    <head>
        <meta charset="UTF-8">
        <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
        <title>SignUp</title>
        <meta name="description" content="">
        <meta name="viewport" content="initial-scale=1.0, minimum-scale=1.0,maximum-scale=1.0">
        <link rel="stylesheet" href="/services/resources/css/fa-fonts.css">
        <link rel="stylesheet" href="/services/resources/css/common.css">
        <link rel="stylesheet" href="/services/resources/css/main.css">
        <link rel="stylesheet" href="/services/resources/css/header.css">
        <script type="text/javascript" src="/services/resources/js/lib/modernizr-2.8.3.min.js"></script>
        <script type="text/javascript" src="/services/resources/js/lib/jquery.js"></script>
    </head>
    <body>
        <section class="services-sec js-popDiv" id="loaderStrip" style="display: none;">
        <div class='services-loaderDiv'>
            <h2 class="bold">Please Wait </h2>
            <i class="services-loader-dot"></i>
        </div>
        </section>
        <jsp:include page="header.jsp"></jsp:include>
    </body>

</html>

1 个答案:

答案 0 :(得分:0)

我想,这不是您的配置问题,而是您的应用程序的功能: 如果您有一些可由用户提供的文件名,则必须检查它是否是正确的文件名。例如如果你有一个文件上传对话框,并且用户选择文件名,它不应该像&#34; ../../ web.xml&#34;但像&#34; file.txt&#34;您可以使用uploadName = FilenameUtils.getName(uploadName);检查String uploadname是否只是一个文件还是包含反向遍历路径,例如&#34; ../"