我正在处理xss问题并发现了一个问题,我不知道如何解决它. 我有一个Acunetx的报告说: DetailsPOST (multipart) input query was set to idMenu=14n907758=v929899Parameter precedence: first occurrenceAffected link:/MYA
我有一个Acunetx的报告说:
Details POST (multipart) input query was set to idMenu=14&n907758=v929899 Parameter precedence: first occurrence Affected link: /MYAPP/jspfs/plantilla.jsp?idMenu=14&n907758=v929899&int1=-1&accion1=edit Affected parameter: idMenu=14
在我的jsp我有这样的事情:
<input type="hidden" name="query" value="<%=StringEscapeUtils.escapeHtml4(request.getQueryString())%>" />
<script>
$(document).ready(function () {
function send() {
location.href="<%=Utils.getParameter("ruta0") + "jspfs/plantillasTickets/plantillasTickets.jsp"%><%=query%>&idMenu=<%=idMenu%>&idioma="+valIdioma+"&grupo="+valGrupo;
}
</script>/>
因此,用于挂载url的getQueryString()方法获取值idMenu = 14& n907758 = v929899& int1 = -1& accion1 = edit,它被解释为新的参数n907758.
注意:为了解决其他xss问题,我正在使用一个过滤器来我对请求值进行封装,但在这种情况下,我不知道如何区分注入的一个正确的参数.
任何解决这个问题的想法?
我在代码中解决了这种变化的Acunetix攻击.希望它可以帮助某人处理这类问题.<%-- the imput query has been deleted --%>
<script>
$(document).ready(function () {
function send() {
<%
query = StringEscapeUtils.escapeHtml4(request.getQueryString());
%>
location.href="<%=Utils.getParameter("ruta0") + "jspfs/plantillasTickets/plantillasTickets.jsp" + query%>&idMenu=<%=idMenu%>&idioma="+valIdioma+"&grupo="+valGrupo;
}
</script>/>