【干货分享】Web安全漏洞深入分析及其安全编码 – 绿盟科技技术博客
Tags
attack-pattern: Server - T1583.004 Server - T1584.004
Show in Graph
Common Information
Type Value
UUID f75a6eaf-aae2-4165-88e9-1ece4ef11d9e
Fingerprint 3a99ae00a942786b
Analysis status DONE
Considered CTI value 0
Text language
Published Oct. 26, 2017, 11:33 a.m.
Added to db Jan. 18, 2023, 7:38 p.m.
Last updated Nov. 20, 2024, 7:40 a.m.
Headline 【干货分享】Web安全漏洞深入分析及其安全编码
Title 【干货分享】Web安全漏洞深入分析及其安全编码 – 绿盟科技技术博客
Detected Hints/Tags/Attributes 19/1/25
Source URLs
Redirection Url
Details Source http://blog.nsfocus.net/web-vulnerability-analysis-coding-security/
URL Provider
Details Provider Source level domain
Details nsfocus.net blog.nsfocus.net
Attributes
Details Type #Events CTI Value
Details Domain 14 
com.cn
Details Domain 1 
ecity.do
Details Domain 1 
www.weba.com
Details Domain 1 
www.webb.com
Details Domain 12 
apache.org
Details Domain 2 
xml.org
Details File 1 
ajax_post.php
Details File 1 
download_id.jsp
Details File 1 
可使用esapi或者common-lang.jar
Details File 1 
xss4.jsp
Details File 1 
con.exe
Details File 1 
updateuser.jsp
Details File 2 
file1.jpg
Details File 1 
在web.xml
Details IPv4 1445 
127.0.0.1
Details Url 1 
https://shop.***.com.cn/businesscityweb/ecity.do?func=queryclassfun&dom=
Details Url 1 
http://www.weba.com/transport?account=abc&total=500
Details Url 1 
http://sitea/updateuser.jsp?user=admin&pass=123456
Details Url 1 
http://sitea/updateuser.jsp
Details Url 1 
http://econline.***.com.cn:8080/nasapp/itreasury-ebank/downloadfile.web?filename=
Details Url 1 
http://xx.xx.xx.xx/upload/file1.jpg
Details Url 1 
http://apache.org/xml/features/disallow-doctype-decl为true
Details Url 1 
http://xml.org/sax/features/external-general-entities为false
Details Url 1 
http://xml.org/sax/features/external-parameter-entities为false
Details Url 1 
http://apache.org/xml/features/nonvalidating/load-external-dtd为false