Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

为了兼容反向代理将绝对路径改为uri #37

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

为了兼容反向代理将绝对路径改为uri #37

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
af5713e
Signed-off-by: 国产大熊猫 <[email protected]>
k4n5ha0 Mar 26, 2022
6cfeb6c
Signed-off-by: 国产大熊猫 <[email protected]>
k4n5ha0 Mar 26, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions java/vulns/src/main/webapp/001-dir-1.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -118,16 +118,16 @@ if (dirname != null) {
else {
%>
<p>正常调用: </p>
<p>curl '<a href="<%=request.getRequestURL()+normal_querystring%>" target="_blank"><%=request.getRequestURL() + normal_querystring%></a>'</p>
<p>curl '<a href="<%=request.getRequestURI()+normal_querystring%>" target="_blank"><%=request.getRequestURI() + normal_querystring%></a>'</p>

<p>不正常调用 - Linux: </p>
<p>curl '<a href="<%=request.getRequestURL()+linux_querystring%>" target="_blank"><%=request.getRequestURL() + linux_querystring%></a>'</p>
<p>curl '<a href="<%=request.getRequestURI()+linux_querystring%>" target="_blank"><%=request.getRequestURI() + linux_querystring%></a>'</p>

<p>不正常调用 - Linux: </p>
<p><a href=# onclick=send_json() ><%=linux_json_curl%></a></p>

<p>不正常调用 - Windows: </p>
<p>curl '<a href="<%=request.getRequestURL()+windows_querystring%>" target="_blank"><%=request.getRequestURL() + windows_querystring %></a>'</p>
<p>curl '<a href="<%=request.getRequestURI()+windows_querystring%>" target="_blank"><%=request.getRequestURI() + windows_querystring %></a>'</p>


<%
Expand Down
12 changes: 6 additions & 6 deletions java/vulns/src/main/webapp/002-file-read.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,18 +15,18 @@
<body>
<h1>002 - 任意文件下载/读取漏洞(路径拼接)</h1>
<p>正常调用: </p>
<p>curl '<a href="<%=request.getRequestURL()+normal_querystring%>"
target="_blank"><%=request.getRequestURL() + normal_querystring%>
<p>curl '<a href="<%=request.getRequestURI()+normal_querystring%>"
target="_blank"><%=request.getRequestURI() + normal_querystring%>
</a>'</p>

<p>不正常调用: </p>
<p>curl '<a href="<%=request.getRequestURL()+linux_querystring%>"
target="_blank"><%=request.getRequestURL() + linux_querystring%>
<p>curl '<a href="<%=request.getRequestURI()+linux_querystring%>"
target="_blank"><%=request.getRequestURI() + linux_querystring%>
</a>'</p>

<p>不正常调用: </p>
<p>curl '<a href="<%=request.getRequestURL()+windows_querystring%>"
target="_blank"><%=request.getRequestURL() + windows_querystring%>
<p>curl '<a href="<%=request.getRequestURI()+windows_querystring%>"
target="_blank"><%=request.getRequestURI() + windows_querystring%>
</a>'</p>

<br>
Expand Down
8 changes: 4 additions & 4 deletions java/vulns/src/main/webapp/004-command-1.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,15 +28,15 @@
}
%>
<p>Linux 触发: </p>
<p>curl '<a href="<%=request.getRequestURL()+linux_querystring%>"
target="_blank"><%=request.getRequestURL() + linux_querystring%>
<p>curl '<a href="<%=request.getRequestURI()+linux_querystring%>"
target="_blank"><%=request.getRequestURI() + linux_querystring%>
</a>'</p>
<p>然后检查 /tmp 是否存在 passwd 这个文件</p>
<br>

<p>Windows 触发: </p>
<p>curl '<a href="<%=request.getRequestURL()+windows_querystring%>"
target="_blank"><%=request.getRequestURL() + windows_querystring%>
<p>curl '<a href="<%=request.getRequestURI()+windows_querystring%>"
target="_blank"><%=request.getRequestURI() + windows_querystring%>
</a>'</p>
<p>点击这里执行 calc.exe</p>
</body>
Expand Down
6 changes: 3 additions & 3 deletions java/vulns/src/main/webapp/004-command-2.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,13 +49,13 @@ if (cmd != null)
%>
<div>
<p>Linux 触发: </p>
<p>curl '<a href="<%=request.getRequestURL()+linux_querystring%>" target="_blank"><%=request.getRequestURL()+linux_querystring%></a>'</p>
<p>curl '<a href="<%=request.getRequestURI()+linux_querystring%>" target="_blank"><%=request.getRequestURI()+linux_querystring%></a>'</p>
<br>
<p>Windows 触发: </p>
<p>curl '<a href="<%=request.getRequestURL()+windows_querystring%>" target="_blank"><%=request.getRequestURL()+windows_querystring%></a>'</p>
<p>curl '<a href="<%=request.getRequestURI()+windows_querystring%>" target="_blank"><%=request.getRequestURI()+windows_querystring%></a>'</p>
<br>
<p>语法错误检测: (执行命令: echo 'test' xxxx' )</p>
<p>curl '<a href="<%=request.getRequestURL()+error_querystring%>" target="_blank"><%=request.getRequestURL()+error_querystring%></a>'</p>
<p>curl '<a href="<%=request.getRequestURI()+error_querystring%>" target="_blank"><%=request.getRequestURI()+error_querystring%></a>'</p>
<pre>
<%=output %>
</pre>
Expand Down
4 changes: 2 additions & 2 deletions java/vulns/src/main/webapp/005-file-write.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,8 +39,8 @@ else {
}
%>
<p>正常调用</p>
<p>curl '<a href="<%=request.getRequestURL()+normal_querystring%>" target="_blank"><%=request.getRequestURL()+normal_querystring%></a>'</p>
<p>curl '<a href="<%=request.getRequestURI()+normal_querystring%>" target="_blank"><%=request.getRequestURI()+normal_querystring%></a>'</p>
<p>不正常调用</p>
<p>curl '<a href="<%=request.getRequestURL()+linux_querystring%>" target="_blank"><%=request.getRequestURL()+linux_querystring%></a>'</p>
<p>curl '<a href="<%=request.getRequestURI()+linux_querystring%>" target="_blank"><%=request.getRequestURI()+linux_querystring%></a>'</p>
</body>
</html>
4 changes: 2 additions & 2 deletions java/vulns/src/main/webapp/007-xxe-dom4j.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,10 +34,10 @@
<h1>007 - 通过XXE读取系统文件</h1>

<p>不正常调用 - Linux (读取 /etc/passwd)</p>
<p>curl '<a href="<%=request.getRequestURL()+linux_querystring%>" target="_blank"><%=request.getRequestURL()+linux_querystring%></a>'</p>
<p>curl '<a href="<%=request.getRequestURI()+linux_querystring%>" target="_blank"><%=request.getRequestURI()+linux_querystring%></a>'</p>

<p>不正常调用 - Windows (读取 c:/windows/win.ini)</p>
<p>curl '<a href="<%=request.getRequestURL()+windows_querystring%>" target="_blank"><%=request.getRequestURL()+windows_querystring%></a>'</p>
<p>curl '<a href="<%=request.getRequestURI()+windows_querystring%>" target="_blank"><%=request.getRequestURI()+windows_querystring%></a>'</p>

<p>节点内容: <%= tmp %></p>
<p>(有漏洞会看到文件内容)</p>
Expand Down
4 changes: 2 additions & 2 deletions java/vulns/src/main/webapp/007-xxe-jdom.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,10 +33,10 @@
<h1>007 - 通过XXE读取系统文件</h1>

<p>不正常调用 - Linux (读取 /etc/passwd)</p>
<p>curl '<a href="<%=request.getRequestURL()+linux_querystring%>" target="_blank"><%=request.getRequestURL()+linux_querystring%></a>'</p>
<p>curl '<a href="<%=request.getRequestURI()+linux_querystring%>" target="_blank"><%=request.getRequestURI()+linux_querystring%></a>'</p>

<p>不正常调用 - Windows (读取 c:/windows/win.ini)</p>
<p>curl '<a href="<%=request.getRequestURL()+windows_querystring%>" target="_blank"><%=request.getRequestURL()+windows_querystring%></a>'</p>
<p>curl '<a href="<%=request.getRequestURI()+windows_querystring%>" target="_blank"><%=request.getRequestURI()+windows_querystring%></a>'</p>

<p>节点内容: <%= tmp %></p>
<p>(有漏洞会看到文件内容)</p>
Expand Down
4 changes: 2 additions & 2 deletions java/vulns/src/main/webapp/007-xxe-sax.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,10 +65,10 @@
<h1>007 - 通过XXE读取系统文件</h1>

<p>不正常调用 - Linux (读取 /etc/passwd)</p>
<p>curl '<a href="<%=request.getRequestURL()+linux_querystring%>" target="_blank"><%=request.getRequestURL()+linux_querystring%></a>'</p>
<p>curl '<a href="<%=request.getRequestURI()+linux_querystring%>" target="_blank"><%=request.getRequestURI()+linux_querystring%></a>'</p>

<p>不正常调用 - Windows (读取 c:/windows/win.ini)</p>
<p>curl '<a href="<%=request.getRequestURL()+windows_querystring%>" target="_blank"><%=request.getRequestURL()+windows_querystring%></a>'</p>
<p>curl '<a href="<%=request.getRequestURI()+windows_querystring%>" target="_blank"><%=request.getRequestURI()+windows_querystring%></a>'</p>

<p>节点内容: <%= tmp %></p>
<p>(有漏洞会看到文件内容)</p>
Expand Down
4 changes: 2 additions & 2 deletions java/vulns/src/main/webapp/007-xxe-stax.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,10 +38,10 @@
<h1>007 - 通过XXE读取系统文件</h1>

<p>不正常调用 - Linux (读取 /etc/passwd)</p>
<p>curl '<a href="<%=request.getRequestURL()+linux_querystring%>" target="_blank"><%=request.getRequestURL()+linux_querystring%></a>'</p>
<p>curl '<a href="<%=request.getRequestURI()+linux_querystring%>" target="_blank"><%=request.getRequestURI()+linux_querystring%></a>'</p>

<p>不正常调用 - Windows (读取 c:/windows/win.ini)</p>
<p>curl '<a href="<%=request.getRequestURL()+windows_querystring%>" target="_blank"><%=request.getRequestURL()+windows_querystring%></a>'</p>
<p>curl '<a href="<%=request.getRequestURI()+windows_querystring%>" target="_blank"><%=request.getRequestURI()+windows_querystring%></a>'</p>

<p>节点内容: <%= tmp %></p>
<p>(有漏洞会看到文件内容)</p>
Expand Down
4 changes: 2 additions & 2 deletions java/vulns/src/main/webapp/007-xxe.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,10 +34,10 @@
<h1>007 - 通过XXE读取系统文件</h1>

<p>不正常调用 - Linux (读取 /etc/passwd)</p>
<p>curl '<a href="<%=request.getRequestURL()+linux_querystring%>" target="_blank"><%=request.getRequestURL()+linux_querystring%></a>'</p>
<p>curl '<a href="<%=request.getRequestURI()+linux_querystring%>" target="_blank"><%=request.getRequestURI()+linux_querystring%></a>'</p>

<p>不正常调用 - Windows (读取 c:/windows/win.ini)</p>
<p>curl '<a href="<%=request.getRequestURL()+windows_querystring%>" target="_blank"><%=request.getRequestURL()+windows_querystring%></a>'</p>
<p>curl '<a href="<%=request.getRequestURI()+windows_querystring%>" target="_blank"><%=request.getRequestURI()+windows_querystring%></a>'</p>

<p>节点内容: <%= tmp %></p>
<p>(有漏洞会看到文件内容)</p>
Expand Down
4 changes: 2 additions & 2 deletions java/vulns/src/main/webapp/008-file-upload.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,10 +53,10 @@ if ("POST".equals(method)) {
} else {
%>
<p>请求方式:</p>
<pre>curl '<%= request.getRequestURL()%>' -F 'file=@/path/to/a.jsp'</pre>
<pre>curl '<%= request.getRequestURI()%>' -F 'file=@/path/to/a.jsp'</pre>
<p>目前,官方插件只检查脚本文件上传的情况,比如 aaa.php, bbb.jsp,其他后缀不会拦截</p>

<form method="post" enctype="multipart/form-data" action="<%=request.getRequestURL() %>">
<form method="post" enctype="multipart/form-data" action="<%=request.getRequestURI() %>">
<input type="file" name="file">
<input type="submit">
</form>
Expand Down
4 changes: 2 additions & 2 deletions java/vulns/src/main/webapp/009-deserialize.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,9 +60,9 @@
}
%>
<p>Linux 测试</p>
<p>curl '<a href="<%=request.getRequestURL()+linux_querystring%>" target="_blank"><%=request.getRequestURL()+linux_querystring%></a>'</p>
<p>curl '<a href="<%=request.getRequestURI()+linux_querystring%>" target="_blank"><%=request.getRequestURI()+linux_querystring%></a>'</p>

<p>Windows 测试</p>
<p>curl '<a href="<%=request.getRequestURL()+windows_querystring%>" target="_blank"><%=request.getRequestURL()+windows_querystring%></a>'</p>
<p>curl '<a href="<%=request.getRequestURI()+windows_querystring%>" target="_blank"><%=request.getRequestURI()+windows_querystring%></a>'</p>
</body>
</html>
8 changes: 4 additions & 4 deletions java/vulns/src/main/webapp/010-jstl-import.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,17 +12,17 @@
String linux_querystring_ssrf = "?url=http://192.168.1.1";
%>
<p>正常调用: </p>
<p>curl '<a href="<%=request.getRequestURL()+normal_querystring%>" target="_blank"><%=request.getRequestURL()+normal_querystring%></a>'</p>
<p>curl '<a href="<%=request.getRequestURI()+normal_querystring%>" target="_blank"><%=request.getRequestURI()+normal_querystring%></a>'</p>
<br>

<p>不正常调用 - file 协议读取目录: </p>
<p>curl '<a href="<%=request.getRequestURL()+linux_querystring_dir%>" target="_blank"><%=request.getRequestURL()+linux_querystring_dir%></a>'</p>
<p>curl '<a href="<%=request.getRequestURI()+linux_querystring_dir%>" target="_blank"><%=request.getRequestURI()+linux_querystring_dir%></a>'</p>

<p>不正常调用 - file 协议读取文件: </p>
<p>curl '<a href="<%=request.getRequestURL()+linux_querystring_file%>" target="_blank"><%=request.getRequestURL()+linux_querystring_file%></a>'</p>
<p>curl '<a href="<%=request.getRequestURI()+linux_querystring_file%>" target="_blank"><%=request.getRequestURI()+linux_querystring_file%></a>'</p>

<p>不正常调用 - http 协议 SSRF: </p>
<p>curl '<a href="<%=request.getRequestURL()+linux_querystring_ssrf%>" target="_blank"><%=request.getRequestURL()+linux_querystring_ssrf%></a>'</p>
<p>curl '<a href="<%=request.getRequestURI()+linux_querystring_ssrf%>" target="_blank"><%=request.getRequestURI()+linux_querystring_ssrf%></a>'</p>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<%
String url = request.getParameter("url");
Expand Down
2 changes: 1 addition & 1 deletion java/vulns/src/main/webapp/011-ssrf-commons-httpclient.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@
}
%>
<p>commons-httpclient 调用方式: </p>
<p>curl '<a href="<%=request.getRequestURL()+linux_querystring%>" target="_blank"><%=request.getRequestURL()+linux_querystring%></a>'</p>
<p>curl '<a href="<%=request.getRequestURI()+linux_querystring%>" target="_blank"><%=request.getRequestURI()+linux_querystring%></a>'</p>
<pre>说明: 参数 url 为请求的 url</pre>

</body>
Expand Down
4 changes: 2 additions & 2 deletions java/vulns/src/main/webapp/011-ssrf-httpclient.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,11 +44,11 @@

%>
<p>HttpClient 调用方式: </p>
<p>curl '<a href="<%=request.getRequestURL()+linux_querystring%>" target="_blank"><%=request.getRequestURL()+linux_querystring%></a>'</p>
<p>curl '<a href="<%=request.getRequestURI()+linux_querystring%>" target="_blank"><%=request.getRequestURI()+linux_querystring%></a>'</p>
<pre>说明: 参数 url 为请求的 url</pre>

<p>重定向:</p>
<p>curl '<a href="<%=request.getRequestURL()+redirect_string%>" target="_blank"><%=request.getRequestURL()+redirect_string%></a>'</p>
<p>curl '<a href="<%=request.getRequestURI()+redirect_string%>" target="_blank"><%=request.getRequestURI()+redirect_string%></a>'</p>
<pre>说明: 此链接源自外网, 若没有跳转,请自行获取能够使用301/302跳转到内网的外网url进行测试</pre>
</body>
</html>
2 changes: 1 addition & 1 deletion java/vulns/src/main/webapp/011-ssrf-okhttp.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,6 @@
}
%>
<p>okhttp 调用方式: </p>
<p>curl '<a href="<%=request.getRequestURL()+linux_querystring%>" target="_blank"><%=request.getRequestURL()+linux_querystring%></a>'</p>
<p>curl '<a href="<%=request.getRequestURI()+linux_querystring%>" target="_blank"><%=request.getRequestURI()+linux_querystring%></a>'</p>
</body>
</html>
2 changes: 1 addition & 1 deletion java/vulns/src/main/webapp/011-ssrf-okhttp3.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,6 @@
}
%>
<p>okhttp 调用方式: </p>
<p>curl '<a href="<%=request.getRequestURL()+linux_querystring%>" target="_blank"><%=request.getRequestURL()+linux_querystring%></a>'</p>
<p>curl '<a href="<%=request.getRequestURI()+linux_querystring%>" target="_blank"><%=request.getRequestURI()+linux_querystring%></a>'</p>
</body>
</html>
4 changes: 2 additions & 2 deletions java/vulns/src/main/webapp/011-ssrf-urlconnection.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,11 +39,11 @@
}
%>
<p>jdk 中的 URL.openConnection 调用方式: </p>
<p>curl '<a href="<%=request.getRequestURL()+linux_querystring%>" target="_blank"><%=request.getRequestURL()+linux_querystring%></a>'</p>
<p>curl '<a href="<%=request.getRequestURI()+linux_querystring%>" target="_blank"><%=request.getRequestURI()+linux_querystring%></a>'</p>
<pre>说明: 参数 url 为请求的 url</pre>

<p>重定向:</p>
<p>curl '<a href="<%=request.getRequestURL()+redirect_string%>" target="_blank"><%=request.getRequestURL()+redirect_string%></a>'</p>
<p>curl '<a href="<%=request.getRequestURI()+redirect_string%>" target="_blank"><%=request.getRequestURI()+redirect_string%></a>'</p>
<pre>说明: 此链接源自外网, 若没有跳转,请自行获取能够使用301/302跳转到内网的外网url进行测试</pre>

</body>
Expand Down
2 changes: 1 addition & 1 deletion java/vulns/src/main/webapp/012-hibernate.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -157,7 +157,7 @@ INSERT INTO test.vuln values (1, "rocks");
<div class="row">
<div class="col-xs-8 col-xs-offset-2">
<p>第二步: 尝试发起SQL注入攻击 - 为了保证性能,默认只会检测长度超过15的语句</p>
<form action="<%=javax.servlet.http.HttpUtils.getRequestURL(request)%>" method="get">
<form action="<%=request.getRequestURI()%>" method="get">
<div class="form-group">
<label>查询条件</label>
<input class="form-control" name="id" value="<%=id%>" autofocus>
Expand Down
2 changes: 1 addition & 1 deletion java/vulns/src/main/webapp/012-jdbc-hsqldb.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -143,7 +143,7 @@
<div class="row">
<div class="col-xs-8 col-xs-offset-2">
<p>第一步: 尝试发起SQL注入攻击 - 为了保证性能,默认只会检测长度超过15的语句</p>
<form action="<%= javax.servlet.http.HttpUtils.getRequestURL(request) %>" method="get">
<form action="<%= request.getRequestURI() %>" method="get">
<div class="form-group">
<label>查询条件</label>
<input class="form-control" name="id" value="<%=id%>" autofocus>
Expand Down
4 changes: 2 additions & 2 deletions java/vulns/src/main/webapp/012-jdbc-mysql.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
ResultSet rset = null;
try {
Class.forName("com.mysql.jdbc.Driver");
conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/test", "test", "test");
conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/test?serverTimezone=Asia/Shanghai", "test", "test");
stmt = conn.createStatement();
rset = stmt.executeQuery ("SELECT * FROM vuln WHERE id = " + id);
return (formatResult(rset));
Expand Down Expand Up @@ -150,7 +150,7 @@ INSERT INTO test.vuln values (1, "rocks");
<div class="row">
<div class="col-xs-8 col-xs-offset-2">
<p>第二步: 尝试发起SQL注入攻击 - 为了保证性能,默认只会检测长度超过15的语句</p>
<form action="<%=javax.servlet.http.HttpUtils.getRequestURL(request)%>" method="get">
<form action="<%=request.getRequestURI() method="get">
<div class="form-group">
<label>查询条件</label>
<input class="form-control" name="id" value="<%=id%>" autofocus>
Expand Down
2 changes: 1 addition & 1 deletion java/vulns/src/main/webapp/012-jdbc-mysql8-prepared.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -158,7 +158,7 @@ INSERT INTO testdb.vuln values (1, "rocks");
<div class="row">
<div class="col-xs-8 col-xs-offset-2">
<p>第二步: 尝试发起SQL注入攻击 - 为了保证性能,默认只会检测长度超过15的语句</p>
<form action="<%=javax.servlet.http.HttpUtils.getRequestURL(request)%>" method="get">
<form action="<%=request.getRequestURI()%>" method="get">
<div class="form-group">
<label>查询条件</label>
<input class="form-control" name="id" value="<%=id%>" autofocus>
Expand Down
2 changes: 1 addition & 1 deletion java/vulns/src/main/webapp/012-jdbc-mysql8.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -157,7 +157,7 @@ INSERT INTO testdb.vuln values (1, "rocks");
<div class="row">
<div class="col-xs-8 col-xs-offset-2">
<p>第二步: 尝试发起SQL注入攻击 - 为了保证性能,默认只会检测长度超过15的语句</p>
<form action="<%=javax.servlet.http.HttpUtils.getRequestURL(request)%>" method="get">
<form action="<%=request.getRequestURI()%>" method="get">
<div class="form-group">
<label>查询条件</label>
<input class="form-control" name="id" value="<%=id%>" autofocus>
Expand Down
2 changes: 1 addition & 1 deletion java/vulns/src/main/webapp/012-jdbc-oracle.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -153,7 +153,7 @@ INSERT INTO test.vuln values (1, 'rocks');
<div class="row">
<div class="col-xs-8 col-xs-offset-2">
<p>第二步: 尝试发起SQL注入攻击 - 为了保证性能,默认只会检测长度超过15的语句</p>
<form action="<%=javax.servlet.http.HttpUtils.getRequestURL(request)%>" method="get">
<form action="<%=request.getRequestURI()%>" method="get">
<div class="form-group">
<label>查询条件</label>
<input class="form-control" name="id" value="<%=id%>" autofocus>
Expand Down
2 changes: 1 addition & 1 deletion java/vulns/src/main/webapp/012-mybatis.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -145,7 +145,7 @@ INSERT INTO test.vuln values (1, "rocks");
<div class="row">
<div class="col-xs-8 col-xs-offset-2">
<p>第二步: 尝试发起SQL注入攻击 - 为了保证性能,默认只会检测长度超过15的语句</p>
<form action="<%=javax.servlet.http.HttpUtils.getRequestURL(request)%>" method="get">
<form action="<%=request.getRequestURI()%>" method="get">
<div class="form-group">
<label>查询条件</label>
<input class="form-control" name="id" value="<%=id%>" autofocus>
Expand Down
2 changes: 1 addition & 1 deletion java/vulns/src/main/webapp/013-multipart-mysql.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,7 @@ INSERT INTO test.vuln values (1, "rocks");
<div class="row">
<div class="col-xs-8 col-xs-offset-2">
<p>第二步: 尝试发起SQL注入攻击 - 为了保证性能,默认只会检测长度超过15的语句</p>
<form action="<%= javax.servlet.http.HttpUtils.getRequestURL(request) %>" method="post" enctype="multipart/form-data">
<form action="<%= request.getRequestURI() %>" method="post" enctype="multipart/form-data">
<div class="form-group">
<label>查询条件</label>
<input class="form-control" name="id" value="<%= id %> " autofocus>
Expand Down
Loading