jsp漏洞检测

时间:2017-11-18 21:12:45

标签: jsp security xss

我有一些带有xss漏洞的jsp代码。我不幸地看不到他们......你能帮忙把它们本地化吗?

<%
String user = request.getParameter("user");
String title = request.getParameter("title");
String text = request.getParameter("text");
ResultSet rs = stmt.executeQuery("SELECT user FROM messages WHERE title=’"+title+"’");
out.println("The title of the message is "+ title + "."); if(rs.hasNext()) {
out.println("A message with this title has already been created by " + row.getString("user") + ".");
}
else {
stmt.executeUpdate("INSERT INTO messages (title,user,text) VALUES (’"+title+"’,’"+user+"’,’"+text+"’);
out.println("The message has been created.");
} %>

提前谢谢你,

0 个答案:

没有答案