보안약점 진단 #5

01 public void do(HttpServletRequest request, HttpServletResponse response) throws Throwable {
02     String data = "";
03     {
04         StringTokenizer tokenizer = new StringTokenizer(request.getQueryString(), "&");
05         while (tokenizer.hasMoreTokens()) {
06             String token = tokenizer.nextToken();
07             if (token.startsWith("id=")) {
08                 data = token.substring(3); 
09                 break;
10             }
11         }
12     }
13 
14     if (data != null) {
15         response.getWriter().println("<br>Your're ID is " + data);
16     }
17 }