Skip to content

Commit

Permalink
Add a check to short password
Browse files Browse the repository at this point in the history
  • Loading branch information
@k-tamura
k-tamura committed Feb 18, 2017
1 parent de0a9b9 commit 59ebdc1
Show file tree
Hide file tree
Showing 4 changed files with 4 additions and 4 deletions.
2 changes: 1 addition & 1 deletion src/main/java/org/t246osslab/easybuggy/vulnerabilities/LDAPInjectionServlet.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ protected void service(HttpServletRequest req, HttpServletResponse res) throws S
bodyHtml.append("<input type=\"submit\" value=\"" + MessageUtils.getMsg("label.submit", locale) + "\">");
bodyHtml.append("<br><br>");

if (name != null && password != null && !name.equals("") && !password.equals("")) {
if (name != null && password != null && !name.equals("") && !password.equals("") && password.length() >= 8) {

ExprNode filter = null;
try {
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ protected void service(HttpServletRequest req, HttpServletResponse res) throws S
bodyHtml.append("<input type=\"submit\" value=\"" + MessageUtils.getMsg("label.submit", locale) + "\">");
bodyHtml.append("<br><br>");

if (name != null && password != null && !name.equals("") && !password.equals("")) {
if (name != null && password != null && !name.equals("") && !password.equals("") && password.length() >= 8) {
bodyHtml.append(selectUsers(name, password, req));
} else {
bodyHtml.append(MessageUtils.getMsg("msg.warn.enter.name.and.passwd", locale) + "<br>");
Expand Down
2 changes: 1 addition & 1 deletion src/main/resources/messages_en.properties
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ then dead lock occurs in database.
msg.note.sql.injection=(&nbsp;<span class="glyphicon glyphicon-info-sign"></span>&nbsp; \
SQL injection occurs if you set password to "' OR '1'='1" )
msg.note.ldap.injection=(&nbsp;<span class="glyphicon glyphicon-info-sign"></span>&nbsp; \
LDAP injection occurs if you set name to "*)(|(objectClass=*" and password to ")" )
LDAP injection occurs if you set name to "*)(|(objectClass=*" and password to "aaaaaaa)" )
msg.note.xss=(&nbsp;<span class="glyphicon glyphicon-info-sign"></span>&nbsp; \
XSS occurs if you set name to >tpircs/<;)\"!SSX\"(trela>tpircs< )
msg.permgen.space.leak.occur=Memory leak occurs in PermGen space every time you load this page.<BR><BR> \
Expand Down
2 changes: 1 addition & 1 deletion src/main/resources/messages_ja.properties
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ msg.note.sql.deadlock=<span class="glyphicon glyphicon-info-sign"></span>&nbsp;
msg.note.sql.injection=<span class="glyphicon glyphicon-info-sign"></span>&nbsp; \
\u30d1\u30b9\u30ef\u30fc\u30c9\u306b\u300c' OR '1'='1\u300d\u3092\u8a2d\u5b9a\u3059\u308b\u3068\u3001SQL\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u304c\u767a\u751f\u3057\u307e\u3059\u3002
msg.note.ldap.injection=<span class="glyphicon glyphicon-info-sign"></span>&nbsp; \
\u540d\u524d\u306b\u300c*)(|(objectClass=*\u300d\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u306b\u300c)\u300d\u3092\u8a2d\u5b9a\u3059\u308b\u3068\u3001LDAP\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u304c\u767a\u751f\u3057\u307e\u3059\u3002
\u540d\u524d\u306b\u300c*)(|(objectClass=*\u300d\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u306b\u300caaaaaaa)\u300d\u3092\u8a2d\u5b9a\u3059\u308b\u3068\u3001LDAP\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u304c\u767a\u751f\u3057\u307e\u3059\u3002
msg.note.xss=<span class="glyphicon glyphicon-info-sign"></span>&nbsp; \
\u540d\u524d\u306b >tpircs/<;)\"!SSX\"(trela>tpircs< \u3092\u8a2d\u5b9a\u3059\u308b\u3068\u3001XSS\u304c\u767a\u751f\u3057\u307e\u3059\u3002
msg.permgen.space.leak.occur=\u3053\u306e\u30da\u30fc\u30b8\u3092\u8aad\u307f\u8fbc\u3080\u305f\u3073\u306b\u3001Permanent\u9818\u57df\u306e\u30e1\u30e2\u30ea\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002<BR><BR> \
Expand Down

0 comments on commit 59ebdc1

Please sign in to comment.