java sql注入包_SQL注入漏洞-Java

这个是常见的漏洞了,相信大家都不会陌生,直接上解决该漏洞的代码

package com.ifan.soft.filter;

import java.io.IOException;

import java.text.SimpleDateFormat;

import java.util.Date;

import javax.servlet.Filter;

import javax.servlet.FilterChain;

import javax.servlet.FilterConfig;

import javax.servlet.ServletException;

import javax.servlet.ServletRequest;

import javax.servlet.ServletResponse;

import javax.servlet.http.HttpServletRequest;

import org.apache.log4j.Logger;

/**

* 关注博主,获取更多解决漏洞的办法

* @author fan'fan

*

*/

public class MyFilter implements Filter {

private static SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");

private static final Logger log = Logger.getLogger(MyFilter.class);

/**

*关注博主,获取更多解决漏洞的办法

*/

public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain)

throws IOException, ServletException {

HttpServletRequest request = (HttpServletRequest)req;

String url = request.getRequestURI();

log.info("---当前URL:" + url + "--当前时间" + sdf.format(new Date()));

String[] strings = {//根据需要来定义

"from","count","chr","master","truncate","declare","drop","all","all",

"and","AND","MASTER","COUNT","FROM","DROP","order","to","TO","ALL","alter","ALTER",

"OR","or","select","DECLARE","EXEC","ORDER","in","IN","on","ON",

"SELECT","UPDATE","TRUNCATE","exec","GROUP","HAVING","DELETE","like","LIKE",

"delete","update","insert","group","having","","^","*","\'","!"," ","-","@","$","#",

"(",")","_","~","`","{","}","[","]","\"","|","?",",","。","《","》","(",")","!",

"、","——",";","‘","¥","’","【","】",":","&"

};

for (String string : strings) {

String upperCaseURL = url.toUpperCase();

String upperCaseStr = string.toUpperCase();

if (upperCaseURL.indexOf(upperCaseStr) >= 0) {

request.getRequestDispatcher("/uc/error").forward(req, resp);//如有注入的关键字或字符则去到错误的页面,不在往下执行

return ;

}

}

chain.doFilter(req, resp);

}

public void init(FilterConfig filterConfig) throws ServletException {

}

public void destroy() {

}

}

在web.xml中添加

MyFilter

com.ifan.soft.filter.MyFilter

MyFilter

/*

  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值