diff --git a/java/vulns/src/main/webapp/001-dir-1.jsp b/java/vulns/src/main/webapp/001-dir-1.jsp
index 6c4fa6b..1d1a6d0 100644
--- a/java/vulns/src/main/webapp/001-dir-1.jsp
+++ b/java/vulns/src/main/webapp/001-dir-1.jsp
@@ -118,16 +118,16 @@ if (dirname != null) {
 else {
 %>
 <p>正常调用: </p>
-<p>curl '<a href="<%=request.getRequestURL()+normal_querystring%>" target="_blank"><%=request.getRequestURL() + normal_querystring%></a>'</p>
+<p>curl '<a href="<%=request.getRequestURI()+normal_querystring%>" target="_blank"><%=request.getRequestURI() + normal_querystring%></a>'</p>
 
 <p>不正常调用 - Linux: </p>
-<p>curl '<a href="<%=request.getRequestURL()+linux_querystring%>" target="_blank"><%=request.getRequestURL() + linux_querystring%></a>'</p>
+<p>curl '<a href="<%=request.getRequestURI()+linux_querystring%>" target="_blank"><%=request.getRequestURI() + linux_querystring%></a>'</p>
 
 <p>不正常调用 - Linux: </p>
 <p><a href=# onclick=send_json() ><%=linux_json_curl%></a></p>
 
 <p>不正常调用 - Windows: </p>
-<p>curl '<a href="<%=request.getRequestURL()+windows_querystring%>" target="_blank"><%=request.getRequestURL() + windows_querystring %></a>'</p>
+<p>curl '<a href="<%=request.getRequestURI()+windows_querystring%>" target="_blank"><%=request.getRequestURI() + windows_querystring %></a>'</p>
 
 
 <%
diff --git a/java/vulns/src/main/webapp/002-file-read.jsp b/java/vulns/src/main/webapp/002-file-read.jsp
index 4f58653..cd8ddb2 100644
--- a/java/vulns/src/main/webapp/002-file-read.jsp
+++ b/java/vulns/src/main/webapp/002-file-read.jsp
@@ -15,18 +15,18 @@
 <body>
 <h1>002 - 任意文件下载/读取漏洞（路径拼接）</h1>
 <p>正常调用: </p>
-<p>curl '<a href="<%=request.getRequestURL()+normal_querystring%>"
-            target="_blank"><%=request.getRequestURL() + normal_querystring%>
+<p>curl '<a href="<%=request.getRequestURI()+normal_querystring%>"
+            target="_blank"><%=request.getRequestURI() + normal_querystring%>
 </a>'</p>
 
 <p>不正常调用: </p>
-<p>curl '<a href="<%=request.getRequestURL()+linux_querystring%>"
-            target="_blank"><%=request.getRequestURL() + linux_querystring%>
+<p>curl '<a href="<%=request.getRequestURI()+linux_querystring%>"
+            target="_blank"><%=request.getRequestURI() + linux_querystring%>
 </a>'</p>
 
 <p>不正常调用: </p>
-<p>curl '<a href="<%=request.getRequestURL()+windows_querystring%>"
-            target="_blank"><%=request.getRequestURL() + windows_querystring%>
+<p>curl '<a href="<%=request.getRequestURI()+windows_querystring%>"
+            target="_blank"><%=request.getRequestURI() + windows_querystring%>
 </a>'</p>
 
 <br>
diff --git a/java/vulns/src/main/webapp/004-command-1.jsp b/java/vulns/src/main/webapp/004-command-1.jsp
index 3c8505f..c6631a7 100644
--- a/java/vulns/src/main/webapp/004-command-1.jsp
+++ b/java/vulns/src/main/webapp/004-command-1.jsp
@@ -28,15 +28,15 @@
     }
 %>
 <p>Linux 触发: </p>
-<p>curl '<a href="<%=request.getRequestURL()+linux_querystring%>"
-            target="_blank"><%=request.getRequestURL() + linux_querystring%>
+<p>curl '<a href="<%=request.getRequestURI()+linux_querystring%>"
+            target="_blank"><%=request.getRequestURI() + linux_querystring%>
 </a>'</p>
 <p>然后检查 /tmp 是否存在 passwd 这个文件</p>
 <br>
 
 <p>Windows 触发: </p>
-<p>curl '<a href="<%=request.getRequestURL()+windows_querystring%>"
-            target="_blank"><%=request.getRequestURL() + windows_querystring%>
+<p>curl '<a href="<%=request.getRequestURI()+windows_querystring%>"
+            target="_blank"><%=request.getRequestURI() + windows_querystring%>
 </a>'</p>
 <p>点击这里执行 calc.exe</p>
 </body>
diff --git a/java/vulns/src/main/webapp/004-command-2.jsp b/java/vulns/src/main/webapp/004-command-2.jsp
index de546a9..a15722d 100644
--- a/java/vulns/src/main/webapp/004-command-2.jsp
+++ b/java/vulns/src/main/webapp/004-command-2.jsp
@@ -49,13 +49,13 @@ if (cmd != null)
 %>
 <div>
     <p>Linux 触发: </p>
-    <p>curl '<a href="<%=request.getRequestURL()+linux_querystring%>" target="_blank"><%=request.getRequestURL()+linux_querystring%></a>'</p>
+    <p>curl '<a href="<%=request.getRequestURI()+linux_querystring%>" target="_blank"><%=request.getRequestURI()+linux_querystring%></a>'</p>
     <br>
     <p>Windows 触发: </p>
-    <p>curl '<a href="<%=request.getRequestURL()+windows_querystring%>" target="_blank"><%=request.getRequestURL()+windows_querystring%></a>'</p>
+    <p>curl '<a href="<%=request.getRequestURI()+windows_querystring%>" target="_blank"><%=request.getRequestURI()+windows_querystring%></a>'</p>
     <br>
     <p>语法错误检测: (执行命令: echo 'test' xxxx' )</p>
-    <p>curl '<a href="<%=request.getRequestURL()+error_querystring%>" target="_blank"><%=request.getRequestURL()+error_querystring%></a>'</p>
+    <p>curl '<a href="<%=request.getRequestURI()+error_querystring%>" target="_blank"><%=request.getRequestURI()+error_querystring%></a>'</p>
 <pre>
 <%=output %>
 </pre>
diff --git a/java/vulns/src/main/webapp/005-file-write.jsp b/java/vulns/src/main/webapp/005-file-write.jsp
index 72daea0..d089222 100644
--- a/java/vulns/src/main/webapp/005-file-write.jsp
+++ b/java/vulns/src/main/webapp/005-file-write.jsp
@@ -39,8 +39,8 @@ else {
 }
 %>
 <p>正常调用</p>
-<p>curl '<a href="<%=request.getRequestURL()+normal_querystring%>" target="_blank"><%=request.getRequestURL()+normal_querystring%></a>'</p>
+<p>curl '<a href="<%=request.getRequestURI()+normal_querystring%>" target="_blank"><%=request.getRequestURI()+normal_querystring%></a>'</p>
 <p>不正常调用</p>
-<p>curl '<a href="<%=request.getRequestURL()+linux_querystring%>" target="_blank"><%=request.getRequestURL()+linux_querystring%></a>'</p>
+<p>curl '<a href="<%=request.getRequestURI()+linux_querystring%>" target="_blank"><%=request.getRequestURI()+linux_querystring%></a>'</p>
 </body>
 </html>
diff --git a/java/vulns/src/main/webapp/007-xxe-dom4j.jsp b/java/vulns/src/main/webapp/007-xxe-dom4j.jsp
index 2de9780..7ea8e5d 100644
--- a/java/vulns/src/main/webapp/007-xxe-dom4j.jsp
+++ b/java/vulns/src/main/webapp/007-xxe-dom4j.jsp
@@ -34,10 +34,10 @@
 <h1>007 - 通过XXE读取系统文件</h1>
 
 <p>不正常调用 - Linux (读取 /etc/passwd)</p>
-<p>curl '<a href="<%=request.getRequestURL()+linux_querystring%>" target="_blank"><%=request.getRequestURL()+linux_querystring%></a>'</p>
+<p>curl '<a href="<%=request.getRequestURI()+linux_querystring%>" target="_blank"><%=request.getRequestURI()+linux_querystring%></a>'</p>
 
 <p>不正常调用 - Windows (读取 c:/windows/win.ini)</p>
-<p>curl '<a href="<%=request.getRequestURL()+windows_querystring%>" target="_blank"><%=request.getRequestURL()+windows_querystring%></a>'</p>
+<p>curl '<a href="<%=request.getRequestURI()+windows_querystring%>" target="_blank"><%=request.getRequestURI()+windows_querystring%></a>'</p>
 
 <p>节点内容: <%= tmp %></p>
 <p>(有漏洞会看到文件内容)</p>
diff --git a/java/vulns/src/main/webapp/007-xxe-jdom.jsp b/java/vulns/src/main/webapp/007-xxe-jdom.jsp
index 7f5ed0e..7cba4d5 100644
--- a/java/vulns/src/main/webapp/007-xxe-jdom.jsp
+++ b/java/vulns/src/main/webapp/007-xxe-jdom.jsp
@@ -33,10 +33,10 @@
 <h1>007 - 通过XXE读取系统文件</h1>
 
 <p>不正常调用 - Linux (读取 /etc/passwd)</p>
-<p>curl '<a href="<%=request.getRequestURL()+linux_querystring%>" target="_blank"><%=request.getRequestURL()+linux_querystring%></a>'</p>
+<p>curl '<a href="<%=request.getRequestURI()+linux_querystring%>" target="_blank"><%=request.getRequestURI()+linux_querystring%></a>'</p>
 
 <p>不正常调用 - Windows (读取 c:/windows/win.ini)</p>
-<p>curl '<a href="<%=request.getRequestURL()+windows_querystring%>" target="_blank"><%=request.getRequestURL()+windows_querystring%></a>'</p>
+<p>curl '<a href="<%=request.getRequestURI()+windows_querystring%>" target="_blank"><%=request.getRequestURI()+windows_querystring%></a>'</p>
 
 <p>节点内容: <%= tmp %></p>
 <p>(有漏洞会看到文件内容)</p>
diff --git a/java/vulns/src/main/webapp/007-xxe-sax.jsp b/java/vulns/src/main/webapp/007-xxe-sax.jsp
index b6e05f9..67a97fb 100644
--- a/java/vulns/src/main/webapp/007-xxe-sax.jsp
+++ b/java/vulns/src/main/webapp/007-xxe-sax.jsp
@@ -65,10 +65,10 @@
 <h1>007 - 通过XXE读取系统文件</h1>
 
 <p>不正常调用 - Linux (读取 /etc/passwd)</p>
-<p>curl '<a href="<%=request.getRequestURL()+linux_querystring%>" target="_blank"><%=request.getRequestURL()+linux_querystring%></a>'</p>
+<p>curl '<a href="<%=request.getRequestURI()+linux_querystring%>" target="_blank"><%=request.getRequestURI()+linux_querystring%></a>'</p>
 
 <p>不正常调用 - Windows (读取 c:/windows/win.ini)</p>
-<p>curl '<a href="<%=request.getRequestURL()+windows_querystring%>" target="_blank"><%=request.getRequestURL()+windows_querystring%></a>'</p>
+<p>curl '<a href="<%=request.getRequestURI()+windows_querystring%>" target="_blank"><%=request.getRequestURI()+windows_querystring%></a>'</p>
 
 <p>节点内容: <%= tmp %></p>
 <p>(有漏洞会看到文件内容)</p>
diff --git a/java/vulns/src/main/webapp/007-xxe-stax.jsp b/java/vulns/src/main/webapp/007-xxe-stax.jsp
index 956b6a0..084c287 100644
--- a/java/vulns/src/main/webapp/007-xxe-stax.jsp
+++ b/java/vulns/src/main/webapp/007-xxe-stax.jsp
@@ -38,10 +38,10 @@
 <h1>007 - 通过XXE读取系统文件</h1>
 
 <p>不正常调用 - Linux (读取 /etc/passwd)</p>
-<p>curl '<a href="<%=request.getRequestURL()+linux_querystring%>" target="_blank"><%=request.getRequestURL()+linux_querystring%></a>'</p>
+<p>curl '<a href="<%=request.getRequestURI()+linux_querystring%>" target="_blank"><%=request.getRequestURI()+linux_querystring%></a>'</p>
 
 <p>不正常调用 - Windows (读取 c:/windows/win.ini)</p>
-<p>curl '<a href="<%=request.getRequestURL()+windows_querystring%>" target="_blank"><%=request.getRequestURL()+windows_querystring%></a>'</p>
+<p>curl '<a href="<%=request.getRequestURI()+windows_querystring%>" target="_blank"><%=request.getRequestURI()+windows_querystring%></a>'</p>
 
 <p>节点内容: <%= tmp %></p>
 <p>(有漏洞会看到文件内容)</p>
diff --git a/java/vulns/src/main/webapp/007-xxe.jsp b/java/vulns/src/main/webapp/007-xxe.jsp
index f232b24..0154813 100644
--- a/java/vulns/src/main/webapp/007-xxe.jsp
+++ b/java/vulns/src/main/webapp/007-xxe.jsp
@@ -34,10 +34,10 @@
   <h1>007 - 通过XXE读取系统文件</h1>
 
 	<p>不正常调用 - Linux (读取 /etc/passwd)</p>
-  <p>curl '<a href="<%=request.getRequestURL()+linux_querystring%>" target="_blank"><%=request.getRequestURL()+linux_querystring%></a>'</p>
+  <p>curl '<a href="<%=request.getRequestURI()+linux_querystring%>" target="_blank"><%=request.getRequestURI()+linux_querystring%></a>'</p>
 
     <p>不正常调用 - Windows (读取 c:/windows/win.ini)</p>
-  <p>curl '<a href="<%=request.getRequestURL()+windows_querystring%>" target="_blank"><%=request.getRequestURL()+windows_querystring%></a>'</p>
+  <p>curl '<a href="<%=request.getRequestURI()+windows_querystring%>" target="_blank"><%=request.getRequestURI()+windows_querystring%></a>'</p>
 
     <p>节点内容: <%= tmp %></p>
     <p>(有漏洞会看到文件内容)</p>
diff --git a/java/vulns/src/main/webapp/008-file-upload.jsp b/java/vulns/src/main/webapp/008-file-upload.jsp
index ebadfb6..d193be4 100644
--- a/java/vulns/src/main/webapp/008-file-upload.jsp
+++ b/java/vulns/src/main/webapp/008-file-upload.jsp
@@ -53,10 +53,10 @@ if ("POST".equals(method)) {
 } else {
 %>
 	<p>请求方式:</p>
-	<pre>curl '<%= request.getRequestURL()%>' -F 'file=@/path/to/a.jsp'</pre>
+	<pre>curl '<%= request.getRequestURI()%>' -F 'file=@/path/to/a.jsp'</pre>
 	<p>目前，官方插件只检查脚本文件上传的情况，比如 aaa.php, bbb.jsp，其他后缀不会拦截</p>
 
-	<form method="post" enctype="multipart/form-data" action="<%=request.getRequestURL() %>">
+	<form method="post" enctype="multipart/form-data" action="<%=request.getRequestURI() %>">
 		<input type="file" name="file">
 		<input type="submit">
 	</form>
diff --git a/java/vulns/src/main/webapp/009-deserialize.jsp b/java/vulns/src/main/webapp/009-deserialize.jsp
index 40c641f..ba90eda 100644
--- a/java/vulns/src/main/webapp/009-deserialize.jsp
+++ b/java/vulns/src/main/webapp/009-deserialize.jsp
@@ -60,9 +60,9 @@
     }
 %>
     <p>Linux 测试</p>
-    <p>curl '<a href="<%=request.getRequestURL()+linux_querystring%>" target="_blank"><%=request.getRequestURL()+linux_querystring%></a>'</p>
+    <p>curl '<a href="<%=request.getRequestURI()+linux_querystring%>" target="_blank"><%=request.getRequestURI()+linux_querystring%></a>'</p>
 
     <p>Windows 测试</p>
-    <p>curl '<a href="<%=request.getRequestURL()+windows_querystring%>" target="_blank"><%=request.getRequestURL()+windows_querystring%></a>'</p>
+    <p>curl '<a href="<%=request.getRequestURI()+windows_querystring%>" target="_blank"><%=request.getRequestURI()+windows_querystring%></a>'</p>
 </body>
 </html>
diff --git a/java/vulns/src/main/webapp/010-jstl-import.jsp b/java/vulns/src/main/webapp/010-jstl-import.jsp
index 245d513..12ecc61 100644
--- a/java/vulns/src/main/webapp/010-jstl-import.jsp
+++ b/java/vulns/src/main/webapp/010-jstl-import.jsp
@@ -12,17 +12,17 @@
     String linux_querystring_ssrf = "?url=http://192.168.1.1";
 %>
 <p>正常调用: </p>
-<p>curl '<a href="<%=request.getRequestURL()+normal_querystring%>" target="_blank"><%=request.getRequestURL()+normal_querystring%></a>'</p>
+<p>curl '<a href="<%=request.getRequestURI()+normal_querystring%>" target="_blank"><%=request.getRequestURI()+normal_querystring%></a>'</p>
 <br>
 
 <p>不正常调用 - file 协议读取目录: </p>
-<p>curl '<a href="<%=request.getRequestURL()+linux_querystring_dir%>" target="_blank"><%=request.getRequestURL()+linux_querystring_dir%></a>'</p>
+<p>curl '<a href="<%=request.getRequestURI()+linux_querystring_dir%>" target="_blank"><%=request.getRequestURI()+linux_querystring_dir%></a>'</p>
 
 <p>不正常调用 - file 协议读取文件: </p>
-<p>curl '<a href="<%=request.getRequestURL()+linux_querystring_file%>" target="_blank"><%=request.getRequestURL()+linux_querystring_file%></a>'</p>
+<p>curl '<a href="<%=request.getRequestURI()+linux_querystring_file%>" target="_blank"><%=request.getRequestURI()+linux_querystring_file%></a>'</p>
 
 <p>不正常调用 - http 协议 SSRF: </p>
-<p>curl '<a href="<%=request.getRequestURL()+linux_querystring_ssrf%>" target="_blank"><%=request.getRequestURL()+linux_querystring_ssrf%></a>'</p>
+<p>curl '<a href="<%=request.getRequestURI()+linux_querystring_ssrf%>" target="_blank"><%=request.getRequestURI()+linux_querystring_ssrf%></a>'</p>
 <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
 <%
     String url = request.getParameter("url");
diff --git a/java/vulns/src/main/webapp/011-ssrf-commons-httpclient.jsp b/java/vulns/src/main/webapp/011-ssrf-commons-httpclient.jsp
index a4a34c2..5cdf813 100644
--- a/java/vulns/src/main/webapp/011-ssrf-commons-httpclient.jsp
+++ b/java/vulns/src/main/webapp/011-ssrf-commons-httpclient.jsp
@@ -32,7 +32,7 @@
     }
 %>
 <p>commons-httpclient 调用方式: </p>
-<p>curl '<a href="<%=request.getRequestURL()+linux_querystring%>" target="_blank"><%=request.getRequestURL()+linux_querystring%></a>'</p>
+<p>curl '<a href="<%=request.getRequestURI()+linux_querystring%>" target="_blank"><%=request.getRequestURI()+linux_querystring%></a>'</p>
 <pre>说明: 参数 url 为请求的 url</pre>
 
 </body>
diff --git a/java/vulns/src/main/webapp/011-ssrf-httpclient.jsp b/java/vulns/src/main/webapp/011-ssrf-httpclient.jsp
index e8f48b5..dfab854 100644
--- a/java/vulns/src/main/webapp/011-ssrf-httpclient.jsp
+++ b/java/vulns/src/main/webapp/011-ssrf-httpclient.jsp
@@ -44,11 +44,11 @@
 
 %>
 <p>HttpClient 调用方式: </p>
-<p>curl '<a href="<%=request.getRequestURL()+linux_querystring%>" target="_blank"><%=request.getRequestURL()+linux_querystring%></a>'</p>
+<p>curl '<a href="<%=request.getRequestURI()+linux_querystring%>" target="_blank"><%=request.getRequestURI()+linux_querystring%></a>'</p>
 <pre>说明: 参数 url 为请求的 url</pre>
 
 <p>重定向:</p>
-<p>curl '<a href="<%=request.getRequestURL()+redirect_string%>" target="_blank"><%=request.getRequestURL()+redirect_string%></a>'</p>
+<p>curl '<a href="<%=request.getRequestURI()+redirect_string%>" target="_blank"><%=request.getRequestURI()+redirect_string%></a>'</p>
 <pre>说明: 此链接源自外网, 若没有跳转，请自行获取能够使用301/302跳转到内网的外网url进行测试</pre>
 </body>
 </html>
diff --git a/java/vulns/src/main/webapp/011-ssrf-okhttp.jsp b/java/vulns/src/main/webapp/011-ssrf-okhttp.jsp
index e46d766..63c2f0a 100644
--- a/java/vulns/src/main/webapp/011-ssrf-okhttp.jsp
+++ b/java/vulns/src/main/webapp/011-ssrf-okhttp.jsp
@@ -44,6 +44,6 @@
     }
 %>
 <p>okhttp 调用方式: </p>
-<p>curl '<a href="<%=request.getRequestURL()+linux_querystring%>" target="_blank"><%=request.getRequestURL()+linux_querystring%></a>'</p>
+<p>curl '<a href="<%=request.getRequestURI()+linux_querystring%>" target="_blank"><%=request.getRequestURI()+linux_querystring%></a>'</p>
 </body>
 </html>
diff --git a/java/vulns/src/main/webapp/011-ssrf-okhttp3.jsp b/java/vulns/src/main/webapp/011-ssrf-okhttp3.jsp
index ebafb56..e6b8e4f 100644
--- a/java/vulns/src/main/webapp/011-ssrf-okhttp3.jsp
+++ b/java/vulns/src/main/webapp/011-ssrf-okhttp3.jsp
@@ -45,6 +45,6 @@
     }
 %>
 <p>okhttp 调用方式: </p>
-<p>curl '<a href="<%=request.getRequestURL()+linux_querystring%>" target="_blank"><%=request.getRequestURL()+linux_querystring%></a>'</p>
+<p>curl '<a href="<%=request.getRequestURI()+linux_querystring%>" target="_blank"><%=request.getRequestURI()+linux_querystring%></a>'</p>
 </body>
 </html>
diff --git a/java/vulns/src/main/webapp/011-ssrf-urlconnection.jsp b/java/vulns/src/main/webapp/011-ssrf-urlconnection.jsp
index 07a95cc..b411027 100644
--- a/java/vulns/src/main/webapp/011-ssrf-urlconnection.jsp
+++ b/java/vulns/src/main/webapp/011-ssrf-urlconnection.jsp
@@ -39,11 +39,11 @@
     }
 %>
 <p>jdk 中的 URL.openConnection 调用方式: </p>
-<p>curl '<a href="<%=request.getRequestURL()+linux_querystring%>" target="_blank"><%=request.getRequestURL()+linux_querystring%></a>'</p>
+<p>curl '<a href="<%=request.getRequestURI()+linux_querystring%>" target="_blank"><%=request.getRequestURI()+linux_querystring%></a>'</p>
 <pre>说明: 参数 url 为请求的 url</pre>
 
 <p>重定向:</p>
-<p>curl '<a href="<%=request.getRequestURL()+redirect_string%>" target="_blank"><%=request.getRequestURL()+redirect_string%></a>'</p>
+<p>curl '<a href="<%=request.getRequestURI()+redirect_string%>" target="_blank"><%=request.getRequestURI()+redirect_string%></a>'</p>
 <pre>说明: 此链接源自外网, 若没有跳转，请自行获取能够使用301/302跳转到内网的外网url进行测试</pre>
 
 </body>
diff --git a/java/vulns/src/main/webapp/012-hibernate.jsp b/java/vulns/src/main/webapp/012-hibernate.jsp
index f7d8753..6170397 100644
--- a/java/vulns/src/main/webapp/012-hibernate.jsp
+++ b/java/vulns/src/main/webapp/012-hibernate.jsp
@@ -157,7 +157,7 @@ INSERT INTO test.vuln values (1, "rocks");
     <div class="row">
         <div class="col-xs-8 col-xs-offset-2">
             <p>第二步: 尝试发起SQL注入攻击 - 为了保证性能，默认只会检测长度超过15的语句</p>
-            <form action="<%=javax.servlet.http.HttpUtils.getRequestURL(request)%>" method="get">
+            <form action="<%=request.getRequestURI()%>" method="get">
                 <div class="form-group">
                     <label>查询条件</label>
                     <input class="form-control" name="id" value="<%=id%>" autofocus>
diff --git a/java/vulns/src/main/webapp/012-jdbc-hsqldb.jsp b/java/vulns/src/main/webapp/012-jdbc-hsqldb.jsp
index 8df5386..59813b3 100644
--- a/java/vulns/src/main/webapp/012-jdbc-hsqldb.jsp
+++ b/java/vulns/src/main/webapp/012-jdbc-hsqldb.jsp
@@ -143,7 +143,7 @@
     <div class="row">
         <div class="col-xs-8 col-xs-offset-2">
             <p>第一步: 尝试发起SQL注入攻击 - 为了保证性能，默认只会检测长度超过15的语句</p>
-            <form action="<%= javax.servlet.http.HttpUtils.getRequestURL(request) %>" method="get">
+            <form action="<%= request.getRequestURI() %>" method="get">
                 <div class="form-group">
                     <label>查询条件</label>
                     <input class="form-control" name="id" value="<%=id%>" autofocus>
diff --git a/java/vulns/src/main/webapp/012-jdbc-mysql.jsp b/java/vulns/src/main/webapp/012-jdbc-mysql.jsp
index 0f749a1..860d47c 100644
--- a/java/vulns/src/main/webapp/012-jdbc-mysql.jsp
+++ b/java/vulns/src/main/webapp/012-jdbc-mysql.jsp
@@ -10,7 +10,7 @@
         ResultSet rset = null; 
         try {
             Class.forName("com.mysql.jdbc.Driver");
-            conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/test", "test", "test");  
+            conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/test?serverTimezone=Asia/Shanghai", "test", "test");  
             stmt = conn.createStatement();
             rset = stmt.executeQuery ("SELECT * FROM vuln WHERE id = " + id);
             return (formatResult(rset));
@@ -150,7 +150,7 @@ INSERT INTO test.vuln values (1, "rocks");
         <div class="row">
             <div class="col-xs-8 col-xs-offset-2">
                 <p>第二步: 尝试发起SQL注入攻击 - 为了保证性能，默认只会检测长度超过15的语句</p>
-                <form action="<%=javax.servlet.http.HttpUtils.getRequestURL(request)%>" method="get">
+                <form action="<%=request.getRequestURI() method="get">
                     <div class="form-group">
                          <label>查询条件</label>
                          <input class="form-control" name="id" value="<%=id%>" autofocus>
diff --git a/java/vulns/src/main/webapp/012-jdbc-mysql8-prepared.jsp b/java/vulns/src/main/webapp/012-jdbc-mysql8-prepared.jsp
index b5df033..87140a6 100644
--- a/java/vulns/src/main/webapp/012-jdbc-mysql8-prepared.jsp
+++ b/java/vulns/src/main/webapp/012-jdbc-mysql8-prepared.jsp
@@ -158,7 +158,7 @@ INSERT INTO testdb.vuln values (1, "rocks");
     <div class="row">
         <div class="col-xs-8 col-xs-offset-2">
             <p>第二步: 尝试发起SQL注入攻击 - 为了保证性能，默认只会检测长度超过15的语句</p>
-            <form action="<%=javax.servlet.http.HttpUtils.getRequestURL(request)%>" method="get">
+            <form action="<%=request.getRequestURI()%>" method="get">
                 <div class="form-group">
                     <label>查询条件</label>
                     <input class="form-control" name="id" value="<%=id%>" autofocus>
diff --git a/java/vulns/src/main/webapp/012-jdbc-mysql8.jsp b/java/vulns/src/main/webapp/012-jdbc-mysql8.jsp
index 4d6145a..eb1e9a4 100644
--- a/java/vulns/src/main/webapp/012-jdbc-mysql8.jsp
+++ b/java/vulns/src/main/webapp/012-jdbc-mysql8.jsp
@@ -157,7 +157,7 @@ INSERT INTO testdb.vuln values (1, "rocks");
     <div class="row">
         <div class="col-xs-8 col-xs-offset-2">
             <p>第二步: 尝试发起SQL注入攻击 - 为了保证性能，默认只会检测长度超过15的语句</p>
-            <form action="<%=javax.servlet.http.HttpUtils.getRequestURL(request)%>" method="get">
+            <form action="<%=request.getRequestURI()%>" method="get">
                 <div class="form-group">
                     <label>查询条件</label>
                     <input class="form-control" name="id" value="<%=id%>" autofocus>
diff --git a/java/vulns/src/main/webapp/012-jdbc-oracle.jsp b/java/vulns/src/main/webapp/012-jdbc-oracle.jsp
index b80ed28..61dfb04 100644
--- a/java/vulns/src/main/webapp/012-jdbc-oracle.jsp
+++ b/java/vulns/src/main/webapp/012-jdbc-oracle.jsp
@@ -153,7 +153,7 @@ INSERT INTO test.vuln values (1, 'rocks');
         <div class="row">
             <div class="col-xs-8 col-xs-offset-2">
                 <p>第二步: 尝试发起SQL注入攻击 - 为了保证性能，默认只会检测长度超过15的语句</p>
-                <form action="<%=javax.servlet.http.HttpUtils.getRequestURL(request)%>" method="get">
+                <form action="<%=request.getRequestURI()%>" method="get">
                     <div class="form-group">
                          <label>查询条件</label>
                          <input class="form-control" name="id" value="<%=id%>" autofocus>
diff --git a/java/vulns/src/main/webapp/012-mybatis.jsp b/java/vulns/src/main/webapp/012-mybatis.jsp
index f9cd5f8..74d7b70 100644
--- a/java/vulns/src/main/webapp/012-mybatis.jsp
+++ b/java/vulns/src/main/webapp/012-mybatis.jsp
@@ -145,7 +145,7 @@ INSERT INTO test.vuln values (1, "rocks");
     <div class="row">
         <div class="col-xs-8 col-xs-offset-2">
             <p>第二步: 尝试发起SQL注入攻击 - 为了保证性能，默认只会检测长度超过15的语句</p>
-            <form action="<%=javax.servlet.http.HttpUtils.getRequestURL(request)%>" method="get">
+            <form action="<%=request.getRequestURI()%>" method="get">
                 <div class="form-group">
                     <label>查询条件</label>
                     <input class="form-control" name="id" value="<%=id%>" autofocus>
diff --git a/java/vulns/src/main/webapp/013-multipart-mysql.jsp b/java/vulns/src/main/webapp/013-multipart-mysql.jsp
index 3f684d4..51cb9da 100644
--- a/java/vulns/src/main/webapp/013-multipart-mysql.jsp
+++ b/java/vulns/src/main/webapp/013-multipart-mysql.jsp
@@ -97,7 +97,7 @@ INSERT INTO test.vuln values (1, "rocks");
     <div class="row">
       <div class="col-xs-8 col-xs-offset-2">
         <p>第二步: 尝试发起SQL注入攻击 - 为了保证性能，默认只会检测长度超过15的语句</p>
-        <form action="<%= javax.servlet.http.HttpUtils.getRequestURL(request) %>" method="post" enctype="multipart/form-data">
+        <form action="<%= request.getRequestURI() %>" method="post" enctype="multipart/form-data">
           <div class="form-group">
              <label>查询条件</label>
              <input class="form-control" name="id" value="<%= id %> " autofocus>
diff --git a/java/vulns/src/main/webapp/017-xss-chunked.jsp b/java/vulns/src/main/webapp/017-xss-chunked.jsp
index d5cca9e..b98737e 100644
--- a/java/vulns/src/main/webapp/017-xss-chunked.jsp
+++ b/java/vulns/src/main/webapp/017-xss-chunked.jsp
@@ -32,10 +32,10 @@ if (input != null) {
 else {
 %>
 <p>正常输入: </p>
-<p>curl '<a href="<%=request.getRequestURL()+normal_querystring%>" target="_blank"><%=request.getRequestURL() + normal_querystring%></a>'</p>
+<p>curl '<a href="<%=request.getRequestURI()+normal_querystring%>" target="_blank"><%=request.getRequestURI() + normal_querystring%></a>'</p>
 
 <p>不正常输入: </p>
-<p>curl '<a href="<%=request.getRequestURL()+xss_querystring%>" target="_blank"><%=request.getRequestURL() + xss_querystring%></a>'</p>
+<p>curl '<a href="<%=request.getRequestURI()+xss_querystring%>" target="_blank"><%=request.getRequestURI() + xss_querystring%></a>'</p>
 
 
 <%
diff --git a/java/vulns/src/main/webapp/017-xss.jsp b/java/vulns/src/main/webapp/017-xss.jsp
index 298aee7..ad9efbd 100644
--- a/java/vulns/src/main/webapp/017-xss.jsp
+++ b/java/vulns/src/main/webapp/017-xss.jsp
@@ -30,10 +30,10 @@ if (input != null) {
 else {
 %>
 <p>正常输入: </p>
-<p>curl '<a href="<%=request.getRequestURL()+normal_querystring%>" target="_blank"><%=request.getRequestURL() + normal_querystring%></a>'</p>
+<p>curl '<a href="<%=request.getRequestURI()+normal_querystring%>" target="_blank"><%=request.getRequestURI() + normal_querystring%></a>'</p>
 
 <p>不正常输入: </p>
-<p>curl '<a href="<%=request.getRequestURL()+xss_querystring%>" target="_blank"><%=request.getRequestURL() + xss_querystring%></a>'</p>
+<p>curl '<a href="<%=request.getRequestURI()+xss_querystring%>" target="_blank"><%=request.getRequestURI() + xss_querystring%></a>'</p>
 
 
 <%
diff --git a/java/vulns/src/main/webapp/018-loadlibrary.jsp b/java/vulns/src/main/webapp/018-loadlibrary.jsp
index 064918d..0c57f2f 100644
--- a/java/vulns/src/main/webapp/018-loadlibrary.jsp
+++ b/java/vulns/src/main/webapp/018-loadlibrary.jsp
@@ -45,13 +45,13 @@ if (lib != null) {
 else {
 %>
 <p>UNC 加载: </p>
-<p>curl '<a href="<%=request.getRequestURL()+unc%>" target="_blank"><%=request.getRequestURL() + unc%></a>'</p>
+<p>curl '<a href="<%=request.getRequestURI()+unc%>" target="_blank"><%=request.getRequestURI() + unc%></a>'</p>
 
 <p>Windows 本地加载: </p>
-<p>curl '<a href="<%=request.getRequestURL()+local_win%>" target="_blank"><%=request.getRequestURL() + local_win%></a>'</p>
+<p>curl '<a href="<%=request.getRequestURI()+local_win%>" target="_blank"><%=request.getRequestURI() + local_win%></a>'</p>
 
 <p>Linux/Mac 本地加载: </p>
-<p>curl '<a href="<%=request.getRequestURL()+local_lin%>" target="_blank"><%=request.getRequestURL() + local_lin%></a>'</p>
+<p>curl '<a href="<%=request.getRequestURI()+local_lin%>" target="_blank"><%=request.getRequestURI() + local_lin%></a>'</p>
 
 
 <%
diff --git a/java/vulns/src/main/webapp/019-file-delete.jsp b/java/vulns/src/main/webapp/019-file-delete.jsp
index 38f4f25..0a52e85 100644
--- a/java/vulns/src/main/webapp/019-file-delete.jsp
+++ b/java/vulns/src/main/webapp/019-file-delete.jsp
@@ -47,8 +47,8 @@ if (fname != null) {
 }
 %>
 <p>正常调用</p>
-<p>curl '<a href="<%=request.getRequestURL()+normal_querystring%>" target="_blank"><%=request.getRequestURL()+normal_querystring%></a>'</p>
+<p>curl '<a href="<%=request.getRequestURI()+normal_querystring%>" target="_blank"><%=request.getRequestURI()+normal_querystring%></a>'</p>
 <p>不正常调用</p>
-<p>curl '<a href="<%=request.getRequestURL()+linux_querystring%>" target="_blank"><%=request.getRequestURL()+linux_querystring%></a>'</p>
+<p>curl '<a href="<%=request.getRequestURI()+linux_querystring%>" target="_blank"><%=request.getRequestURI()+linux_querystring%></a>'</p>
 </body>
 </html>
diff --git a/java/vulns/src/main/webapp/020-random-file.jsp b/java/vulns/src/main/webapp/020-random-file.jsp
index 4bf92f4..b7a7041 100644
--- a/java/vulns/src/main/webapp/020-random-file.jsp
+++ b/java/vulns/src/main/webapp/020-random-file.jsp
@@ -19,17 +19,17 @@ String bytes = request.getParameter("filedata");
 String fname = request.getParameter("filename");
 %>
 <p>正常写入文件调用</p>
-<p>curl '<a href="<%=request.getRequestURL()+normal_querystring%>" target="_blank"><%=request.getRequestURL()+normal_querystring%></a>'</p>
+<p>curl '<a href="<%=request.getRequestURI()+normal_querystring%>" target="_blank"><%=request.getRequestURI()+normal_querystring%></a>'</p>
 <p>不正常写入文件调用</p>
-<p>curl '<a href="<%=request.getRequestURL()+linux_querystring%>" target="_blank"><%=request.getRequestURL()+linux_querystring%></a>'</p>
+<p>curl '<a href="<%=request.getRequestURI()+linux_querystring%>" target="_blank"><%=request.getRequestURI()+linux_querystring%></a>'</p>
 <p>正常读取调用</p>
-<p>curl '<a href="<%=request.getRequestURL()+read_normal_querystring%>" target="_blank"><%=request.getRequestURL()+read_normal_querystring%></a>'</p>
+<p>curl '<a href="<%=request.getRequestURI()+read_normal_querystring%>" target="_blank"><%=request.getRequestURI()+read_normal_querystring%></a>'</p>
 
 <p>不正常读取调用 - Linux</p>
-<p>curl '<a href="<%=request.getRequestURL()+read_linux_querystring%>" target="_blank"><%=request.getRequestURL()+read_linux_querystring%></a>'</p>
+<p>curl '<a href="<%=request.getRequestURI()+read_linux_querystring%>" target="_blank"><%=request.getRequestURI()+read_linux_querystring%></a>'</p>
 
 <p>不正常读取调用 - Windows</p>
-<p>curl '<a href="<%=request.getRequestURL()+read_windows_querystring%>" target="_blank"><%=request.getRequestURL()+read_windows_querystring%></a>'</p>
+<p>curl '<a href="<%=request.getRequestURI()+read_windows_querystring%>" target="_blank"><%=request.getRequestURI()+read_windows_querystring%></a>'</p>
 
 <%
 if (fname == null || bytes == null) {
diff --git a/java/vulns/src/main/webapp/021-nio-file.jsp b/java/vulns/src/main/webapp/021-nio-file.jsp
index 2c5452c..6e02dbe 100644
--- a/java/vulns/src/main/webapp/021-nio-file.jsp
+++ b/java/vulns/src/main/webapp/021-nio-file.jsp
@@ -39,70 +39,70 @@
 %>
 <p>注意 JDK6 以下版本 JDK 不支持以下 NIO case</p>
 <p>正常写入文件调用</p>
-<p>curl '<a href="<%=request.getRequestURL()+normal_querystring%>"
-            target="_blank"><%=request.getRequestURL() + normal_querystring%>
+<p>curl '<a href="<%=request.getRequestURI()+normal_querystring%>"
+            target="_blank"><%=request.getRequestURI() + normal_querystring%>
 </a>'</p>
 <p>不正常写入文件调用</p>
-<p>curl '<a href="<%=request.getRequestURL()+linux_querystring%>"
-            target="_blank"><%=request.getRequestURL() + linux_querystring%>
+<p>curl '<a href="<%=request.getRequestURI()+linux_querystring%>"
+            target="_blank"><%=request.getRequestURI() + linux_querystring%>
 </a>'</p>
 <p>正常读取调用</p>
-<p>curl '<a href="<%=request.getRequestURL()+read_normal_querystring%>"
-            target="_blank"><%=request.getRequestURL() + read_normal_querystring%>
+<p>curl '<a href="<%=request.getRequestURI()+read_normal_querystring%>"
+            target="_blank"><%=request.getRequestURI() + read_normal_querystring%>
 </a>'</p>
 
 <p>不正常读取调用 - Linux</p>
-<p>curl '<a href="<%=request.getRequestURL()+read_linux_querystring%>"
-            target="_blank"><%=request.getRequestURL() + read_linux_querystring%>
+<p>curl '<a href="<%=request.getRequestURI()+read_linux_querystring%>"
+            target="_blank"><%=request.getRequestURI() + read_linux_querystring%>
 </a>'</p>
 
 <p>不正常读取调用 - Windows</p>
-<p>curl '<a href="<%=request.getRequestURL()+read_windows_querystring%>"
-            target="_blank"><%=request.getRequestURL() + read_windows_querystring%>
+<p>curl '<a href="<%=request.getRequestURI()+read_windows_querystring%>"
+            target="_blank"><%=request.getRequestURI() + read_windows_querystring%>
 </a>'</p>
 
 <p>正常删除文件</p>
-<p>curl '<a href="<%=request.getRequestURL()+normal_delete_querystring%>"
-            target="_blank"><%=request.getRequestURL() + normal_delete_querystring%>
+<p>curl '<a href="<%=request.getRequestURI()+normal_delete_querystring%>"
+            target="_blank"><%=request.getRequestURI() + normal_delete_querystring%>
 </a>'</p>
 <p>不正常删除文件</p>
-<p>curl '<a href="<%=request.getRequestURL()+linux_delete_querystring%>"
-            target="_blank"><%=request.getRequestURL() + linux_delete_querystring%>
+<p>curl '<a href="<%=request.getRequestURI()+linux_delete_querystring%>"
+            target="_blank"><%=request.getRequestURI() + linux_delete_querystring%>
 </a>'</p>
 
 <p>正常文件硬链接</p>
-<p>curl '<a href="<%=request.getRequestURL()+normal_link_querystring%>"
-            target="_blank"><%=request.getRequestURL() + normal_link_querystring%>
+<p>curl '<a href="<%=request.getRequestURI()+normal_link_querystring%>"
+            target="_blank"><%=request.getRequestURI() + normal_link_querystring%>
 </a>'</p>
 
 <p>不正常文件硬链接</p>
-<p>curl '<a href="<%=request.getRequestURL()+linux_link_querystring%>"
-            target="_blank"><%=request.getRequestURL() + linux_link_querystring%>
+<p>curl '<a href="<%=request.getRequestURI()+linux_link_querystring%>"
+            target="_blank"><%=request.getRequestURI() + linux_link_querystring%>
 </a>'</p>
 
 <p>正常目录遍历</p>
-<p>curl '<a href="<%=request.getRequestURL()+normal_list_querystring%>"
-            target="_blank"><%=request.getRequestURL() + normal_list_querystring%>
+<p>curl '<a href="<%=request.getRequestURI()+normal_list_querystring%>"
+            target="_blank"><%=request.getRequestURI() + normal_list_querystring%>
 </a>'</p>
 
 <p>不正常目录遍历 - Linux</p>
-<p>curl '<a href="<%=request.getRequestURL()+linux_list_querystring%>"
-            target="_blank"><%=request.getRequestURL() + linux_list_querystring%>
+<p>curl '<a href="<%=request.getRequestURI()+linux_list_querystring%>"
+            target="_blank"><%=request.getRequestURI() + linux_list_querystring%>
 </a>'</p>
 
 <p>不正常目录遍历 - Windows</p>
-<p>curl '<a href="<%=request.getRequestURL()+windows_list_querystring%>"
-            target="_blank"><%=request.getRequestURL() + windows_list_querystring%>
+<p>curl '<a href="<%=request.getRequestURI()+windows_list_querystring%>"
+            target="_blank"><%=request.getRequestURI() + windows_list_querystring%>
 </a>'</p>
 
 <p>正常文件重命名</p>
-<p>curl '<a href="<%=request.getRequestURL()+normal_rename_querystring%>"
-            target="_blank"><%=request.getRequestURL() + normal_rename_querystring%>
+<p>curl '<a href="<%=request.getRequestURI()+normal_rename_querystring%>"
+            target="_blank"><%=request.getRequestURI() + normal_rename_querystring%>
 </a>'</p>
 
 <p>不正常文件重命名</p>
-<p>curl '<a href="<%=request.getRequestURL()+linux_rename_querystring%>"
-            target="_blank"><%=request.getRequestURL() + linux_rename_querystring%>
+<p>curl '<a href="<%=request.getRequestURI()+linux_rename_querystring%>"
+            target="_blank"><%=request.getRequestURI() + linux_rename_querystring%>
 </a>'</p>
 
 <%
diff --git a/java/vulns/src/main/webapp/022-log4j.jsp b/java/vulns/src/main/webapp/022-log4j.jsp
index c656336..18cea99 100644
--- a/java/vulns/src/main/webapp/022-log4j.jsp
+++ b/java/vulns/src/main/webapp/022-log4j.jsp
@@ -17,8 +17,8 @@
     }
 %>
 <p>触发: </p>
-<p>curl '<a href="<%=request.getRequestURL()+defaultQuery%>"
-            target="_blank"><%=request.getRequestURL() + defaultQuery%>
+<p>curl '<a href="<%=request.getRequestURI()+defaultQuery%>"
+            target="_blank"><%=request.getRequestURI() + defaultQuery%>
 </a>'</p>
 <br>
 </body>