ecology最新补丁讨论

2024-07-30 16:49:10 1 597 


<%@ page language="java" contentType="text/html; charset=UTF-8" %>

<%@page import="com.weaver.formmodel.base.BaseAction"%>

<%@page import="java.lang.reflect.Constructor"%>

<%@page import="weaver.general.Util"%>

<%@page import="com.weaver.formmodel.exception.MobileModeException"%>

<%@page import="com.weaver.formmodel.mobile.utils.MobileCommonUtil"%>

<%@page import="com.weaver.formmodel.mobile.manager.MobileUserInit"%>

<%@page import="weaver.hrm.User"%>

<%@ page import="weaver.general.Base64" %>

<%

        //mobilemode/Action.jsp?invoker=com.weaver.formmodel.base.TestAction&action=save



String invoker = Util.null2String(request.getParameter("invoker")).trim();

if(invoker.equals("")){

        return;

}

if(!invoker.startsWith("com.")){

        invoker = new String(Base64.decode(invoker.getBytes()));

}

try {

        User user = MobileUserInit.getUser(request, response);

        if(user == null){

                throw new MobileModeException("服务器端重置了登录信息,请重新登录");

        }

        Class clazz = Class.forName(invoker);

        if(BaseAction.class.isAssignableFrom(clazz)){

                Constructor ctor = clazz.getConstructor(new Class[] {HttpServletRequest.class, HttpServletResponse.class});

                BaseAction actionObj = (BaseAction) ctor.newInstance(new Object[] {request, response});

                actionObj.execute_proxy();

        }else{

                throw new MobileModeException("Illegal Access");

        }

} catch (Exception ex) {

        MobileCommonUtil.log(this.getClass(), ex);

        out.println(MobileCommonUtil.getExceptionMsgForClientDisplay(ex));

}

%>
补丁里检测时时先转小写再进行base64解码,base64转小写解码报错检测失效,但Action.jsp没有转小写,可以正常执行。
但没找到哪里能利用上,有没有大神分析一波
ecology补丁下载连接 https://www.weaver.com.cn/cs/package/Ecology_security_20240725_v9.0_v10.66_03_deta.zip?v=2024041508
类别 安全研究

关于作者

xldddd1篇文章6篇回复

xldddd
1

评论1次

要评论?请先  登录  或  注册