我在使用spring MVC框架的java中有一个Web应用程序。昨天,安全团队共享了一个URL,以利用本地文件包含漏洞(在浏览器上公开web.xml)。
我无法弄清楚在哪里寻找可疑区域。它是在spring配置中还是在JSP文件中。
的web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring/context-beans.xml</param-value>
</context-param>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<servlet>
<servlet-name>CXFServlet</servlet-name>
<display-name>CXF Servlet</display-name>
<servlet-class>
org.apache.cxf.transport.servlet.CXFServlet
</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>CXFServlet</servlet-name>
<url-pattern>/service/*</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>spring</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:spring/web-app-servlet.xml
</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
<async-supported>true</async-supported>
</servlet>
<servlet-mapping>
<servlet-name>spring</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
</web-app>
并返回jsp。
<!DOCTYPE html>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<title>SignUp</title>
<meta name="description" content="">
<meta name="viewport" content="initial-scale=1.0, minimum-scale=1.0,maximum-scale=1.0">
<link rel="stylesheet" href="/services/resources/css/fa-fonts.css">
<link rel="stylesheet" href="/services/resources/css/common.css">
<link rel="stylesheet" href="/services/resources/css/main.css">
<link rel="stylesheet" href="/services/resources/css/header.css">
<script type="text/javascript" src="/services/resources/js/lib/modernizr-2.8.3.min.js"></script>
<script type="text/javascript" src="/services/resources/js/lib/jquery.js"></script>
</head>
<body>
<section class="services-sec js-popDiv" id="loaderStrip" style="display: none;">
<div class='services-loaderDiv'>
<h2 class="bold">Please Wait </h2>
<i class="services-loader-dot"></i>
</div>
</section>
<jsp:include page="header.jsp"></jsp:include>
</body>
</html>
答案 0 :(得分:0)
我想,这不是您的配置问题,而是您的应用程序的功能: 如果您有一些可由用户提供的文件名,则必须检查它是否是正确的文件名。例如如果你有一个文件上传对话框,并且用户选择文件名,它不应该像&#34; ../../ web.xml&#34;但像&#34; file.txt&#34;您可以使用uploadName = FilenameUtils.getName(uploadName);检查String uploadname是否只是一个文件还是包含反向遍历路径,例如&#34; ../"