某Struts框架平台sql注入记录

代码分析

1
\src\com\asiainfo\newBam\action\systemmanage\UserManagerAction.java 35行

searchUserByLoginName方法中定义了字符串参数loginName,然后转到userServicesearchUserByLoginName方法处理loginName

跟进userService

定义接口,继续跟进IUserManagerService

1
\src\com\asiainfo\newBam\service\sysManager\IUserManagerService.java

还是接口定义,在该接口里没有对searchUserByLoginName方法做具体实现,全局搜索implements IUserManagerService查看其实现类

1
\src\com\asiainfo\newBam\service\sysManager\impl\UserManagerServiceImpl.java

查看searchUserByLoginName方法

跟进查看userDao

全局搜索implements IUserManagerDAO

1
\src\com\asiainfo\newBam\dao\sysManager\impl\UserManagerDAOImpl.java

查看searchUserByLoginName方法

参数拼接,然后把sql语句直接带入数据库查询,注入产生

代码审计
Java代码审计 SQL注入

声明:
本文章用于学习交流,严禁用于非法操作,出现后果一切自行承担,阅读此文章表示你已同意本声明。

Disclaimer:
This article is for study and communication. It is strictly forbidden to use it for illegal operations. All consequences shall be borne by yourself. Reading this article means that you have agreed to this statement.