From 8143a3b5164501a92dc128877db87f34ad1f235d Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Wed, 5 Apr 2017 14:06:18 +0900 Subject: [PATCH] Improve overall design --- .../core/utils/HTTPResponseCreator.java | 1 + .../vulnerabilities/XEEandXXEServlet.java | 12 ++++++-- src/main/resources/messages_en.properties | 30 +++++++++---------- src/main/resources/messages_ja.properties | 28 ++++++++--------- src/main/webapp/dfi/includable.jsp | 2 +- src/main/webapp/dt/basic_footer.html | 2 +- src/main/webapp/dt/monochro_footer.html | 2 +- src/main/webapp/index.jsp | 2 +- 8 files changed, 44 insertions(+), 35 deletions(-) diff --git a/src/main/java/org/t246osslab/easybuggy/core/utils/HTTPResponseCreator.java b/src/main/java/org/t246osslab/easybuggy/core/utils/HTTPResponseCreator.java index baa77d70..82b07ada 100644 --- a/src/main/java/org/t246osslab/easybuggy/core/utils/HTTPResponseCreator.java +++ b/src/main/java/org/t246osslab/easybuggy/core/utils/HTTPResponseCreator.java @@ -38,6 +38,7 @@ public static void createSimpleResponse(HttpServletResponse res, String htmlTitl writer.write(""); writer.write(""); writer.write(""); + writer.write(""); writer.write(""); writer.write("" + htmlBody + ""); writer.write(""); diff --git a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/XEEandXXEServlet.java b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/XEEandXXEServlet.java index b86af322..a7dffa9a 100644 --- a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/XEEandXXEServlet.java +++ b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/XEEandXXEServlet.java @@ -55,6 +55,7 @@ protected void doGet(HttpServletRequest req, HttpServletResponse res) throws Ser } bodyHtml.append(MessageUtils.getMsg("msg.add.users.by.xml", locale)); bodyHtml.append("

"); + bodyHtml.append("
");
         bodyHtml.append(ESAPI.encoder().encodeForHTML("") + "
");
         bodyHtml.append(ESAPI.encoder().encodeForHTML("") + "
");
         bodyHtml.append(TAB + ESAPI.encoder()
@@ -62,7 +63,8 @@ protected void doGet(HttpServletRequest req, HttpServletResponse res) throws Ser
         bodyHtml.append(TAB + ESAPI.encoder()
                 .encodeForHTML("") + "
");
         bodyHtml.append(ESAPI.encoder().encodeForHTML(""));
-        bodyHtml.append("

");
+        bodyHtml.append("
"); + bodyHtml.append("
"); bodyHtml.append("
"); bodyHtml.append(MessageUtils.getMsg("msg.select.upload.file", locale)); bodyHtml.append("

"); @@ -75,6 +77,7 @@ protected void doGet(HttpServletRequest req, HttpServletResponse res) throws Ser if ("/xee".equals(req.getServletPath())) { bodyHtml.append(MessageUtils.getMsg("msg.note.xee", locale)); bodyHtml.append("

"); + bodyHtml.append("
");
             bodyHtml.append(ESAPI.encoder().encodeForHTML("") + "
");
             bodyHtml.append(ESAPI.encoder().encodeForHTML("");
             bodyHtml.append(ESAPI.encoder().encodeForHTML("") + "
");
@@ -95,21 +98,26 @@ protected void doGet(HttpServletRequest req, HttpServletResponse res) throws Ser
             bodyHtml.append(TAB + TAB + ESAPI.encoder().encodeForHTML("") + "
");
             bodyHtml.append(TAB + ESAPI.encoder().encodeForHTML("") + "
");
             bodyHtml.append(ESAPI.encoder().encodeForHTML("") + "
");
+            bodyHtml.append("
"); } else { bodyHtml.append(MessageUtils.getMsg("msg.note.xxe.step1", locale)); bodyHtml.append("

"); + bodyHtml.append("
");
             bodyHtml.append(ESAPI.encoder().encodeForHTML("") + "
");
             bodyHtml.append(
                     ESAPI.encoder().encodeForHTML("\">") + "
");
             bodyHtml.append(ESAPI.encoder().encodeForHTML("%p2;"));
-            bodyHtml.append("

");
+            bodyHtml.append("
"); + bodyHtml.append("
"); bodyHtml.append(MessageUtils.getMsg("msg.note.xxe.step2", locale)); bodyHtml.append("

"); + bodyHtml.append("
");
             bodyHtml.append(ESAPI.encoder().encodeForHTML("") + "
");
             bodyHtml.append(
                     ESAPI.encoder().encodeForHTML("")
                             + "
");
             bodyHtml.append(ESAPI.encoder().encodeForHTML(""));
+            bodyHtml.append("
"); } bodyHtml.append(""); HTTPResponseCreator.createSimpleResponse(res, MessageUtils.getMsg("title.xxe", locale), bodyHtml.toString()); diff --git a/src/main/resources/messages_en.properties b/src/main/resources/messages_en.properties index 27b57c8b..6d75d939 100644 --- a/src/main/resources/messages_en.properties +++ b/src/main/resources/messages_en.properties @@ -5,7 +5,7 @@ description.endless.waiting=If you enter a character count, then a batch, includ description.parse.json=If you enter a JSON string, then a result checked by JSON.parse() of JavaScript is shown. description.random.string.generator=If you enter a character count, then a random characters of the count is created. description.reverse.name=If you enter your name, then the reversed name is shown. -description.test.regular.expression=Please test if an input string matches the regular expression ^([a-z0-9]+[-]{0,1}){1,100}$. +description.test.regular.expression=Please test if an input string matches the regular expression ^([a-z0-9]+[-]{0,1}){1,100}$. description.send.mail=You can send a mail to the site administrator. label.available.characters=Available Characters label.asc=asc @@ -55,7 +55,7 @@ msg.deadlock.occurs=A lock could not be obtained due to a deadlock. msg.download.file=You can download the following PDF files. msg.enter.json.string=Please enter JSON string. msg.enter.mail=Please enter your mail address. -msg.enter.math.expression=Please enter a mathematical expression using java.lang.Math. For example, Math.sqrt(Math.pow(2, 6)) - 5 +msg.enter.math.expression=Please enter a mathematical expression using java.lang.Math. For example, Math.sqrt(Math.pow(2, 6)) - 5 msg.enter.name.and.passwd=If you enter your name and password, then your secret number is shown. msg.enter.name=Please enter your name. msg.enter.passwd=If you enter a new password and click the submit button, then your password will be changed. @@ -78,13 +78,13 @@ The number of login attempts is not limited on this page, so the brute force att msg.note.clickjacking=  \ This page receives a request that a user does not intend and changes the user's mail address. msg.note.code.injection=  \ -If you enter {}');java.lang.System.exit(0);// , then JavaVM is forcibly finished due to code injection. +If you enter {}');java.lang.System.exit(0);// , then JavaVM is forcibly finished due to code injection. msg.note.csrf=  \ This page receives a request that a user does not intend and changes the user's password. msg.note.dangerous.file.inclusion=  \ -Change the query string to "template=[URL where malicious JSP file is deployed]", then a malicious code is executed. +Change the query string to template=[URL where malicious JSP file is deployed], then a malicious code is executed. msg.note.directory.traversal=  \ -Change the query string to "?template=../WEB-INF/web.xml?", then you can see the content of web.xml in the source code of this page. +Change the query string to template=../WEB-INF/web.xml?, then you can see the content of web.xml in the source code of this page. msg.note.enter.count=  \ If you enter a large character count, then an endless waiting process occurs. msg.note.enter.one=  \ @@ -94,33 +94,33 @@ Truncation error occurs if you enter 3 or 7 or 9. msg.note.enter.decimal.value=  \ Loss of trailing digits occurs if you enter 0.0000000000000001. msg.note.enter.runtime.exec=  \ -If you enter @java.lang.Runtime@getRuntime().exec('rm -fr /your-important-dir/'), then your important directory is removed on your server. +If you enter @java.lang.Runtime@getRuntime().exec('rm -fr /your-important-dir/') , then your important directory is removed on your server. msg.note.not.use.ext.db=  \ Database connection leak occurs if using an external RDBMS such as MySQL. Please edit application.properties if using an external RDBMS. msg.note.positive.number=  \ Integer overflow occurs if you enter a number greater than or equal to 63. msg.note.slow.regular.expression=  \ -If you set string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, parse processing will take several tens of seconds
\ -     If you set string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then ... +If you set string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, parse processing will take several tens of seconds
\ +     If you set string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then ... msg.note.slow.string.plus.operation=  \ If you set a large number then the processing will take several tens of seconds because the string is created by "+" (plus) operator. msg.note.sql.deadlock=  \ If you open two windows (or tabs) and select "asc" and click the "update" button on one windows immediately after you select "desc" \ and click the "update" button on the other, then dead lock occurs in database. msg.note.sql.injection=  \ -You can see other users information if you set password to "' OR '1'='1" +You can see other users information if you set password to ' OR '1'='1 msg.note.ldap.injection=  \ -You can see other users information if you set name to "*)(|(objectClass=*" and password to "aaaaaaa)" +You can see other users information if you set name to *)(|(objectClass=*" and password to "aaaaaaa) msg.note.mail.header.injection=  \ -If you change the subject field to textarea tag by browser's developer mode and set it to [subject][line break]Bcc: [a mail address], then you can send a mail to the address. +If you change the subject field to textarea tag by browser's developer mode and set it to [subject][line break]Bcc: [a mail address], then you can send a mail to the address. msg.note.mojibake=  \ Mojibake occurs if you set name in a multibyte language msg.note.null.byte.injection=  \ -If using Java earlier than version 1.7.0_40 and you add ?fileName=../WEB-INF/web.xml%00 to the query string, you can download a file which includes the content of web.xml. +If using Java earlier than version 1.7.0_40 and you add fileName=../WEB-INF/web.xml%00 to the query string, you can download a file which includes the content of web.xml. msg.note.open.redirect=  \ -If you add goto=[an URL of a malicious site] to the query string, you can redirect to the malicious site. +If you add goto=[an URL of a malicious site] to the query string, you can redirect to the malicious site. msg.note.unrestricted.ext.upload=  \ -If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http://localhost:8080/uploadFiles/exit.jsp, \ +If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http://localhost:8080/uploadFiles/exit.jsp, \ then JavaVM is forcibly finished. msg.note.unintended.file.disclosure=  \ If the directory listing feature works and you access to http://localhost:8080/uid/, then you can see the file list in the uid directory. \ @@ -132,7 +132,7 @@ It is easy to guess an account who can logs in since authentication error messag msg.note.xee=  \ If you upload the following file, it will waste server resource. msg.note.xss=  \ -Session ID is shown if you set name to >tpircs/<;)eikooc.tnemucod(trela>tpIrcs< +Session ID is shown if you set name to >tpircs/<;)eikooc.tnemucod(trela>tpIrcs< msg.note.xxe.step1=  \ If you create the following DTD file on a web server that can be accessed by this server. For example, http://attacker.site/vulnerable.dtd msg.note.xxe.step2=and upload the following file, you can display password file (/etc/passwd) on the server. diff --git a/src/main/resources/messages_ja.properties b/src/main/resources/messages_ja.properties index 01a71578..f3798cd0 100644 --- a/src/main/resources/messages_ja.properties +++ b/src/main/resources/messages_ja.properties @@ -5,7 +5,7 @@ description.endless.waiting=\u6587\u5b57\u6570\u3092\u5165\u529b\u3059\u308b\u30 description.parse.json=JSON\u6587\u5b57\u5217\u3092\u5165\u529b\u3059\u308b\u3068\u3001JavaScript\u306eJSON.parse()\u3067\u691c\u8a3c\u3057\u305f\u7d50\u679c\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002 description.random.string.generator=\u6587\u5b57\u6570\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u305d\u306e\u6587\u5b57\u6570\u5206\u306e\u30e9\u30f3\u30c0\u30e0\u306a\u6587\u5b57\u5217\u3092\u751f\u6210\u3057\u307e\u3059\u3002 description.reverse.name=\u540d\u524d\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u540d\u524d\u304c\u9006\u8ee2\u3057\u3066\u8868\u793a\u3055\u308c\u307e\u3059\u3002 -description.test.regular.expression=\u6b63\u898f\u8868\u73fe\u300c^([a-z0-9]+[-]{0,1}){1,100}$\u300d\u306b\u4e00\u81f4\u3059\u308b\u6587\u5b57\u5217\u304b\u30c6\u30b9\u30c8\u3057\u3066\u4e0b\u3055\u3044\u3002 +description.test.regular.expression=\u6b63\u898f\u8868\u73fe ^([a-z0-9]+[-]{0,1}){1,100}$ \u306b\u4e00\u81f4\u3059\u308b\u6587\u5b57\u5217\u304b\u30c6\u30b9\u30c8\u3057\u3066\u4e0b\u3055\u3044\u3002 description.send.mail=\u30b5\u30a4\u30c8\u306e\u7ba1\u7406\u8005\u306b\u30e1\u30fc\u30eb\u3092\u9001\u4fe1\u3067\u304d\u307e\u3059\u3002 label.available.characters=\u5229\u7528\u53ef\u80fd\u306a\u6587\u5b57 label.asc=\u6607\u9806 @@ -55,7 +55,7 @@ msg.deadlock.occurs=\u30c7\u30c3\u30c9\u30ed\u30c3\u30af\u306b\u3088\u308a\u30ed msg.download.file=\u4ee5\u4e0b\u306ePDF\u30d5\u30a1\u30a4\u30eb\u304c\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3067\u304d\u307e\u3059\u3002 msg.enter.json.string=JSON\u6587\u5b57\u5217\u3092\u5165\u529b\u3057\u3066\u4e0b\u3055\u3044\u3002 msg.enter.mail=\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u3092\u5165\u529b\u3057\u3066\u4e0b\u3055\u3044\u3002 -msg.enter.math.expression=java.lang.Math\u3092\u4f7f\u7528\u3057\u305f\u6570\u5f0f\u3092\u5165\u529b\u3057\u3066\u4e0b\u3055\u3044\u3002\u4f8b) Math.sqrt(Math.pow(2, 6)) - 5 +msg.enter.math.expression=java.lang.Math\u3092\u4f7f\u7528\u3057\u305f\u6570\u5f0f\u3092\u5165\u529b\u3057\u3066\u4e0b\u3055\u3044\u3002\u4f8b) Math.sqrt(Math.pow(2, 6)) - 5 msg.enter.name.and.passwd=\u540d\u524d\u3068\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6697\u8a3c\u756a\u53f7\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002 msg.enter.name=\u540d\u524d\u3092\u5165\u529b\u3057\u3066\u4e0b\u3055\u3044\u3002 msg.enter.passwd=\u65b0\u3057\u3044\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u304c\u5909\u66f4\u3055\u308c\u307e\u3059\u3002 @@ -78,13 +78,13 @@ msg.note.brute.force=  \ msg.note.clickjacking=  \ \u3053\u306e\u30da\u30fc\u30b8\u306f\u3001\u30e6\u30fc\u30b6\u30fc\u304c\u610f\u56f3\u3057\u306a\u3044\u30ea\u30af\u30a8\u30b9\u30c8\u3082\u53d7\u4fe1\u3057\u3066\u3001\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u3092\u5909\u66f4\u3057\u3066\u3057\u307e\u3044\u307e\u3059\u3002 msg.note.code.injection=  \ -\u300c{}');java.lang.System.exit(0);//\u300d\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30b3\u30fc\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u3067 JavaVM\u304c\u5f37\u5236\u7d42\u4e86\u3057\u307e\u3059\u3002 +{}');java.lang.System.exit(0);// \u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30b3\u30fc\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u3067 JavaVM\u304c\u5f37\u5236\u7d42\u4e86\u3057\u307e\u3059\u3002 msg.note.csrf=  \ \u3053\u306e\u30da\u30fc\u30b8\u306f\u3001\u30e6\u30fc\u30b6\u30fc\u304c\u610f\u56f3\u3057\u306a\u3044\u30ea\u30af\u30a8\u30b9\u30c8\u3082\u53d7\u4fe1\u3057\u3066\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u5909\u66f4\u3057\u3066\u3057\u307e\u3044\u307e\u3059\u3002 msg.note.dangerous.file.inclusion=  \ -\u30af\u30a8\u30ea\u30b9\u30c8\u30ea\u30f3\u30b0\u3092template=[\u60aa\u610f\u306e\u3042\u308bJSP\u30d5\u30a1\u30a4\u30eb\u304c\u30c7\u30d7\u30ed\u30a4\u3055\u308c\u305fURL]\u306b\u5909\u66f4\u3059\u308b\u3068\u3001\u60aa\u610f\u306e\u3042\u308b\u30b3\u30fc\u30c9\u304c\u5b9f\u884c\u3055\u308c\u307e\u3059\u3002 +\u30af\u30a8\u30ea\u30b9\u30c8\u30ea\u30f3\u30b0\u3092 template=[\u60aa\u610f\u306e\u3042\u308bJSP\u30d5\u30a1\u30a4\u30eb\u304c\u30c7\u30d7\u30ed\u30a4\u3055\u308c\u305fURL] \u306b\u5909\u66f4\u3059\u308b\u3068\u3001\u60aa\u610f\u306e\u3042\u308b\u30b3\u30fc\u30c9\u304c\u5b9f\u884c\u3055\u308c\u307e\u3059\u3002 msg.note.directory.traversal=  \ -\u30af\u30a8\u30ea\u30b9\u30c8\u30ea\u30f3\u30b0\u3092\u300c?template=../WEB-INF/web.xml?\u300d\u306b\u5909\u66f4\u3059\u308b\u3068\u3001\u3053\u306e\u30da\u30fc\u30b8\u306e\u30bd\u30fc\u30b9\u30b3\u30fc\u30c9\u306bweb.xml\u306e\u5185\u5bb9\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002 +\u30af\u30a8\u30ea\u30b9\u30c8\u30ea\u30f3\u30b0\u3092 template=../WEB-INF/web.xml? \u306b\u5909\u66f4\u3059\u308b\u3068\u3001\u3053\u306e\u30da\u30fc\u30b8\u306e\u30bd\u30fc\u30b9\u30b3\u30fc\u30c9\u306bweb.xml\u306e\u5185\u5bb9\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002 msg.note.enter.count=  \ \u5927\u304d\u306a\u6587\u5b57\u6570\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u5b8c\u4e86\u3057\u306a\u3044\u30d7\u30ed\u30bb\u30b9\u306e\u5f85\u6a5f\u304c\u767a\u751f\u3057\u307e\u3059\u3002 msg.note.enter.one=  \ @@ -94,7 +94,7 @@ msg.note.enter.specific.nembers=  \ 0.0000000000000001\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u60c5\u5831\u6b20\u843d\u304c\u767a\u751f\u3057\u307e\u3059\u3002 msg.note.enter.runtime.exec=  \ -@java.lang.Runtime@getRuntime().exec('rm -fr /your-important-dir/')\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30b5\u30fc\u30d0\u30fc\u4e0a\u306e\u91cd\u8981\u306a\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u304c\u524a\u9664\u3055\u308c\u307e\u3059\u3002 +@java.lang.Runtime@getRuntime().exec('rm -fr /your-important-dir/') \u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30b5\u30fc\u30d0\u30fc\u4e0a\u306e\u91cd\u8981\u306a\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u304c\u524a\u9664\u3055\u308c\u307e\u3059\u3002 msg.note.not.use.ext.db=  \ \u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u30b3\u30cd\u30af\u30b7\u30e7\u30f3\u30ea\u30fc\u30af\u306f\u3001MySQL\u306a\u3069\u306e\u5916\u90e8RDBMS\u3092\u4f7f\u7528\u3059\u308b\u5834\u5408\u306b\u306e\u307f\u767a\u751f\u3057\u307e\u3059\u3002\u5916\u90e8RDBMS\u3092\u4f7f\u7528\u3059\u308b\u5834\u5408\u306f\u3001application.properties\u3092\u7de8\u96c6\u3057\u3066\u4e0b\u3055\u3044\u3002 msg.note.positive.number=  \ @@ -103,27 +103,27 @@ msg.note.sql.deadlock=  2\u3064\u306e\u30a6\u30a4\u30f3\u30c9\u30a6\u307e\u305f\u306f\u30bf\u30d6\u3092\u958b\u304d\u3001\u4e00\u65b9\u3067\u300c\u964d\u9806\u300d\u3092\u9078\u629e\u3057\u3066\u300c\u66f4\u65b0\u300d\u30dc\u30bf\u30f3\u3092\u30af\u30ea\u30c3\u30af\u3057\u305f\u76f4\u5f8c\u306b\u3001\u3082\u3046\u4e00\u65b9\u3067\u300c\u6607\u9806\u300d\u3092\u9078\u629e\u3057\u3066\ \u300c\u66f4\u65b0\u300d\u30dc\u30bf\u30f3\u3092\u30af\u30ea\u30c3\u30af\u3059\u308b\u3068\u3001\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u3067\u30c7\u30c3\u30c9\u30ed\u30c3\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002 msg.note.sql.injection=  \ -\u30d1\u30b9\u30ef\u30fc\u30c9\u306b\u300c' OR '1'='1\u300d\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u4ed6\u306e\u30e6\u30fc\u30b6\u30fc\u306e\u60c5\u5831\u304c\u8868\u793a\u3067\u304d\u307e\u3059\u3002 +\u30d1\u30b9\u30ef\u30fc\u30c9\u306b ' OR '1'='1 \u3092\u5165\u529b\u3059\u308b\u3068\u3001\u4ed6\u306e\u30e6\u30fc\u30b6\u30fc\u306e\u60c5\u5831\u304c\u8868\u793a\u3067\u304d\u307e\u3059\u3002 msg.note.ldap.injection=  \ -\u540d\u524d\u306b\u300c*)(|(objectClass=*\u300d\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u306b\u300caaaaaaa)\u300d\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u4ed6\u306e\u30e6\u30fc\u30b6\u30fc\u306e\u60c5\u5831\u304c\u8868\u793a\u3067\u304d\u307e\u3059\u3002 +\u540d\u524d\u306b *)(|(objectClass=*\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u306b aaaaaaa) \u3092\u5165\u529b\u3059\u308b\u3068\u3001\u4ed6\u306e\u30e6\u30fc\u30b6\u30fc\u306e\u60c5\u5831\u304c\u8868\u793a\u3067\u304d\u307e\u3059\u3002 msg.note.mail.header.injection=  \ \u30d6\u30e9\u30a6\u30b6\u306e\u958b\u767a\u8005\u30e2\u30fc\u30c9\u3067\u4ef6\u540d\u3092textarea\u306b\u5909\u66f4\u3057\u3001\u300c[\u4efb\u610f\u4ef6\u540d][\u6539\u884c]Bcc: [\u4efb\u610f\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9]\u300d\u3092\u5165\u529b\u3057\u3066\u9001\u4fe1\u3059\u308b\u3068\u3001[\u4efb\u610f\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9]\u306b\u30e1\u30fc\u30eb\u3092\u9001\u4fe1\u3067\u304d\u307e\u3059\u3002 msg.note.mojibake=  \ \u540d\u524d\u306b\u65e5\u672c\u8a9e\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6587\u5b57\u5316\u3051\u304c\u767a\u751f\u3057\u307e\u3059\u3002 msg.note.null.byte.injection=  \ -\u30d0\u30fc\u30b8\u30e7\u30f31.7.0_40\u3088\u308a\u524d\u306eJava\u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u5834\u5408\u3001\u30af\u30a8\u30ea\u30b9\u30c8\u30ea\u30f3\u30b0\u306b\u300c?fileName=../WEB-INF/web.xml%00\u300d\u3092\u4ed8\u52a0\u3059\u308b\u3068\u3001web.xml\u306e\u5185\u5bb9\u3092\u542b\u3080\u30d5\u30a1\u30a4\u30eb\u304c\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3067\u304d\u307e\u3059\u3002 +\u30d0\u30fc\u30b8\u30e7\u30f31.7.0_40\u3088\u308a\u524d\u306eJava\u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u5834\u5408\u3001\u30af\u30a8\u30ea\u30b9\u30c8\u30ea\u30f3\u30b0\u306b fileName=../WEB-INF/web.xml%00 \u3092\u4ed8\u52a0\u3059\u308b\u3068\u3001web.xml\u306e\u5185\u5bb9\u3092\u542b\u3080\u30d5\u30a1\u30a4\u30eb\u304c\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3067\u304d\u307e\u3059\u3002 msg.note.slow.regular.expression=  \ -\u6587\u5b57\u5217\u306b\u300caaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042\u300d\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u69cb\u6587\u89e3\u6790\u306b\u6570\u5341\u79d2\u304b\u308a\u307e\u3059\u3002
\ -     \u6587\u5b57\u5217\u306b\u300caaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042\u300d\u3092\u5165\u529b\u3059\u308b\u3068... +\u6587\u5b57\u5217\u306b aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042 \u3092\u5165\u529b\u3059\u308b\u3068\u3001\u69cb\u6587\u89e3\u6790\u306b\u6570\u5341\u79d2\u304b\u308a\u307e\u3059\u3002
\ +     \u6587\u5b57\u5217\u306b aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042 \u3092\u5165\u529b\u3059\u308b\u3068... msg.note.slow.string.plus.operation=  \ +(\u30d7\u30e9\u30b9)\u6f14\u7b97\u5b50\u3067\u6587\u5b57\u5217\u3092\u9023\u7d50\u3057\u3066\u3044\u308b\u305f\u3081\u3001\u5927\u304d\u306a\u6587\u5b57\u6570\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6587\u5b57\u5217\u751f\u6210\u306b\u6570\u5341\u79d2\u304b\u308a\u307e\u3059\u3002 msg.note.open.redirect=  \ -\u30af\u30a8\u30ea\u30b9\u30c8\u30ea\u30f3\u30b0\u306bgoto=[\u60aa\u610f\u306e\u3042\u308b\u30b5\u30a4\u30c8\u306eURL]\u3092\u4ed8\u52a0\u3059\u308b\u3068\u3001\u30c1\u30a7\u30c3\u30af\u305b\u305a\u306b\u60aa\u610f\u306e\u3042\u308b\u30b5\u30a4\u30c8\u306eURL\u306b\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u3057\u307e\u3059\u3002 +\u30af\u30a8\u30ea\u30b9\u30c8\u30ea\u30f3\u30b0\u306b goto=[\u60aa\u610f\u306e\u3042\u308b\u30b5\u30a4\u30c8\u306eURL] \u3092\u4ed8\u52a0\u3059\u308b\u3068\u3001\u30c1\u30a7\u30c3\u30af\u305b\u305a\u306b\u60aa\u610f\u306e\u3042\u308b\u30b5\u30a4\u30c8\u306eURL\u306b\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u3057\u307e\u3059\u3002 msg.note.unintended.file.disclosure=  \ \u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30ea\u30b9\u30c6\u30a3\u30f3\u30b0\u304c\u6a5f\u80fd\u3057\u3066\u3044\u308b\u5834\u5408\u3001http://localhost:8080/uid/\u306b\u30a2\u30af\u30bb\u30b9\u3059\u308b\u3068\u3001\u305d\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u5185\u306e\u30d5\u30a1\u30a4\u30eb\u4e00\u89a7\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002\ \u3055\u3089\u306bhttp://localhost:8080/uid/adminpassword.txt\u306b\u8a18\u8f09\u3055\u308c\u305f\u30a2\u30ab\u30a6\u30f3\u30c8\u3067\u30ed\u30b0\u30a4\u30f3\u3059\u308b\u3068\u3001http://localhost:8080/uid/serverinfo.jsp\u3078\u30a2\u30af\u30bb\u30b9\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002 msg.note.unrestricted.ext.upload=  \ -<% System.exit(0); %>\u3068\u66f8\u3044\u305fJSP\u30d5\u30a1\u30a4\u30eb(\u30d5\u30a1\u30a4\u30eb\u540d\uff1aexit.jsp)\u3092\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3057\u3066\u3001http://localhost:8080/uploadFiles/exit.jsp\u306b\u30a2\u30af\u30bb\u30b9\u3059\u308b\u3068\u3001\ +<% System.exit(0); %> \u3068\u66f8\u3044\u305fJSP\u30d5\u30a1\u30a4\u30eb(\u30d5\u30a1\u30a4\u30eb\u540d\uff1aexit.jsp)\u3092\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3057\u3066\u3001http://localhost:8080/uploadFiles/exit.jsp\u306b\u30a2\u30af\u30bb\u30b9\u3059\u308b\u3068\u3001\ JavaVM\u304c\u5f37\u5236\u7d42\u4e86\u3057\u307e\u3059\u3002 msg.note.unrestricted.size.upload=  \ \u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u53ef\u80fd\u306a\u30d5\u30a1\u30a4\u30eb\u30b5\u30a4\u30ba\u306e\u5236\u9650\u304c\u7121\u3044\u305f\u3081\u3001DoS\u653b\u6483\u306a\u3069\u306b\u5bfe\u3057\u3066\u8106\u5f31\u3067\u3059\u3002 @@ -132,7 +132,7 @@ msg.note.verbose.errror.message=  \ \u4ee5\u4e0b\u306e\u30d5\u30a1\u30a4\u30eb\u3092\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3059\u308b\u3068\u3001\u30b5\u30fc\u30d0\u30fc\u30ea\u30bd\u30fc\u30b9\u3092\u6d6a\u8cbb\u3057\u307e\u3059\u3002 msg.note.xss=  \ -\u540d\u524d\u306b\u300c>tpircs/<;)eikooc.tnemucod(trela>tpIrcs<\u300d\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30bb\u30c3\u30b7\u30e7\u30f3ID\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002 +\u540d\u524d\u306b >tpircs/<;)eikooc.tnemucod(trela>tpIrcs< \u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30bb\u30c3\u30b7\u30e7\u30f3ID\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002 msg.note.xxe.step1=  \ \u3053\u306e\u30b5\u30fc\u30d0\u30fc\u304b\u3089\u30a2\u30af\u30bb\u30b9\u3067\u304d\u308bWeb\u30b5\u30fc\u30d0\u30fc\u306b\u6b21\u306eDTD\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002\u4f8b) http://attacker.site/vulnerable.dtd msg.note.xxe.step2=\u6b21\u306b\u4ee5\u4e0b\u306e\u30d5\u30a1\u30a4\u30eb\u3092\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3059\u308b\u3068\u3001\u30b5\u30fc\u30d0\u30fc\u306e\u30d1\u30b9\u30ef\u30fc\u30c9\u30d5\u30a1\u30a4\u30eb(/etc/passwd)\u304c\u8868\u793a\u3067\u304d\u307e\u3059\u3002 diff --git a/src/main/webapp/dfi/includable.jsp b/src/main/webapp/dfi/includable.jsp index 578ae4de..f21e9334 100644 --- a/src/main/webapp/dfi/includable.jsp +++ b/src/main/webapp/dfi/includable.jsp @@ -60,7 +60,7 @@

\ No newline at end of file diff --git a/src/main/webapp/dt/basic_footer.html b/src/main/webapp/dt/basic_footer.html index 02d9241a..9fb92995 100644 --- a/src/main/webapp/dt/basic_footer.html +++ b/src/main/webapp/dt/basic_footer.html @@ -1,3 +1,3 @@ diff --git a/src/main/webapp/dt/monochro_footer.html b/src/main/webapp/dt/monochro_footer.html index 983b8b84..ebd35a86 100644 --- a/src/main/webapp/dt/monochro_footer.html +++ b/src/main/webapp/dt/monochro_footer.html @@ -1,3 +1,3 @@ diff --git a/src/main/webapp/index.jsp b/src/main/webapp/index.jsp index 0e2649e1..42a4567d 100644 --- a/src/main/webapp/index.jsp +++ b/src/main/webapp/index.jsp @@ -443,7 +443,7 @@
\ No newline at end of file