xhpscdx 2020-05-31
2.跨站点请求伪CSRF:
response.getWriter().write( "<script>parent.location.href=‘dbase/admin/loginJsp.action?sessionid="+sessionId+"‘</script>");
带参数的:
response.getWriter().write(? "<script language=\"javascript\"> "+"document.write(\"<form action=dbase/admin/loginJsp.action method=post name=formx1 style=‘display:none‘>\");"+"document.write(\"<input type=hidden name=name value=‘"+sessionId+"‘\");" + "document.write(\"</form>\");"+"document.formx1.submit();"+"</script>"? );
3.启用不安全HTTP方法
在web.xml加入如下配置
<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
<http-method>HEAD</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
</web-resource-collection>
<auth-constraint>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
4.已解密登录请求
<security-constraint>
<web-resource-collection >
<web-resource-name >SSL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transportguarantee>
</user-data-constraint>
</security-constraint>
5.高速缓存的ssl页面
页面添加 <meta http-equiv="Pragma" contect="no-cache">
?6.会话cookie 中缺少HttpOnly 属性
response.addHeader("Set-Cookie", "uid=110; Path=/; HttpOnly");
//设置多个cookie
response.addHeader("Set-Cookie", "uid=110; Path=/; HttpOnly");
response.addHeader("Set-Cookie", "timeout=30; Path=/test; HttpOnly");
//设置https的cookie
response.addHeader("Set-Cookie", "uid=110; Path=/; Secure; HttpOnly");
//csdn博客里面有更多关于appscan扫描报告和修复的详情:http://blog.csdn.net/huoyunshen88/article/details/39181107