728x90 반응형 202013 보안약점 진단 #5 01 public void do(HttpServletRequest request, HttpServletResponse response) throws Throwable { 02 String data = ""; 03 { 04 StringTokenizer tokenizer = new StringTokenizer(request.getQueryString(), "&"); 05 while (tokenizer.hasMoreTokens()) { 06 String token = tokenizer.nextToken(); 07 if (token.startsWith("id=")) { 08 data = token.substring(3); 09 break; 10 } 11 } 12 } 13 14 if (data != null) {.. 2020. 7. 12. 보안약점 진단 #4 01 public void do() throws Throwable { 02 String data = System.getenv("ADD"); 03 if (data != null) { 04 String names[] = data.split("-"); 05 int successCount = 0; 06 Connection dbConnection = null; 07 Statement stmt = null; 08 try { 09 dbConnection = IO.getDBConnection(); 10 stmt = dbConnection.createStatement(); 11 for (int i = 0; i < names.length; i++) { 12 stmt.addBatch("update users set hitc.. 2020. 7. 12. 보안약점 진단 #3 01 private static final boolean PRIVATE_STATIC_FINAL_TRUE = true; 02 private static final boolean PRIVATE_STATIC_FINAL_FALSE = false; 03 04 public void do(String password) throws Throwable { 05 if (password == null) { 06 return; 07 } 08 if (PRIVATE_STATIC_FINAL_TRUE) { 09 MessageDigest hash = MessageDigest.getInstance("SHA-512"); 10 byte[] hashValue = hash.digest(password.getBytes("UTF-8")); 11 .. 2020. 7. 12. 보안약점 진단 #2 01 public void do(HttpServletRequest request, HttpServletResponse response) throws Throwable { 02 String data = ""; 03 { 04 Connection connection = null; 05 PreparedStatement preparedStatement = null; 06 ResultSet resultSet = null; 07 try { 08 connection = IO.getDBConnection(); 09 preparedStatement = connection.prepareStatement("select name from users where id=0"); 10 resultSet = preparedStateme.. 2020. 7. 12. 이전 1 2 3 4 다음 728x90 반응형
