[高端java课程]系列讲座
SSRF常用类如下:
- org.apache.commons.httpclient.HttpClient
- org.apache.http.client.methods.HttpGet
- org.apache.http.impl.client.CloseableHttpClient
- org.apache.http.impl.client.HttpClients
- java.net.HttpURLConnection
备注:
- 本文中的代码段为国内知名软件的部分代码段,如涉及侵权,请通知博主删除
- 本文章不会提及软件中的0Day漏洞,只是借用真实软件的代码段来分析这些类的使用真实场景
HttpURLConnection
以下这段代码是完成post到外部网站的请求:
public String postRequest(String uri, String obj) {
String jsonString = "";
try {
URL e = new URL(uri);
HttpURLConnection connection = (HttpURLConnection)e.openConnection();
connection.setDoOutput(true);
connection.setDoInput(true);
connection.setRequestMethod("POST");
connection.setRequestProperty("Charsert", "UTF-8");
connection.setUseCaches(false);
connection.setInstanceFollowRedirects(true);
connection.setRequestProperty("Content-Type", "application/json");
connection.connect();
PrintWriter out = new PrintWriter(new OutputStreamWriter(connection.getOutputStream(), "UTF-8"));
out.println(obj);
out.flush();
out.close();
InputStreamReader isr;
BufferedReader reader;
String lines;
StringBuilder sb;
if(connection.getResponseCode() == 200) {
isr = new InputStreamReader(connection.getInputStream(), "UTF-8");
reader = new BufferedReader(isr);
lines = null;
sb = new StringBuilder();
while((lines = reader.readLine()) != null) {
sb.append(lines);
}
jsonString = sb.toString();
reader.close();
} else {
isr = new InputStreamReader(connection.getErrorStream(), "UTF-8");
reader = new BufferedReader(isr);
lines = null;
sb = new StringBuilder();
while((lines = reader.readLine()) != null) {
sb.append(lines);
}
jsonString = sb.toString();
reader.close();
}
connection.disconnect();
} catch (Exception var11) {
log.error("携程数据postRequest推送失败" + var11);
}
}这个函数的两个参数分别为uri地址和post的数据,均为string型。在函数内部并未对这两个参数进行任何过滤,如果调用这个函数的调用方,也没有对输入参数进行校验和过滤的话,那就存在ssrf漏洞,只是这个漏洞提供的http method为post方式,并且post的contene-type为json。
查找全部代码,只有这个函数的所属类对这个函数进行了四次调用,均为写死了uri地址的常量字符串。所以这个地方是不存在ssrf漏洞的。
[高端java课程]
扫一扫
1376
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
