???AppScan Source??Fortify???AltoroJ????
???????????? ???????[ 2014/9/15 13:22:44 ] ?????????????????? ????????????
????1?????????
????AppScan Source??91
????Fortify??121
????2??Disclaimer.htm:34(Cross-Site Scripting:DOM)?????Fortify??????????AppScan Source??費(fèi)????
????????Fortify??????????Persistent?????XSS???
?????????????????DOM??Persistent??Reflected?????г???
????3??AdminLoginServlet.java:35(Password Management:Hardcoded Password)?????Fortify??????????AppScan Source??費(fèi)????
????4??Fortify?????DBUtil.java:238(Access Control:Database)??AppScan?б?????SQL Injection
????5??admin.jsp:18(Password Management:Empty Password)??????
<script language="javascript">
function confirmpass(myform)
{
if (myform.password1.value.length && (myform.password1.value==myform.password2.value))
{
return true;
}
else
{
myform.password1.value="";
myform.password2.value="";
myform.password1.focus();
alert ("Passwords do not match");
return false;
}
}
</script>
????6??Fortify??????????????
Code Correctness??Class Does Not Implement equals
Hardcoded Domain in HTML
Hidden Field
J2EE Bad Practices
J2EE Misconfiguration
Missing Check against Null
Password Management:Password in Comment
Poor Error Handling
System Information Leak:Incomplete Servlet Error Handling
????7??Fortify??????transfer.jsp:32(Cross-Site Request Forgery)????CSRF????????AppScan Source????????
????8??Fortify?????ServletUtil.java(Missing XML Validation)????????AppScan Source????????
????9??Fortify?????AdminServlet.java:65(Redundant Null Check)????????AppScan Source????????
??????
???·???
??????????????????
2023/3/23 14:23:39???д?ò??????????
2023/3/22 16:17:39????????????????????Щ??
2022/6/14 16:14:27??????????????????????????
2021/10/18 15:37:44???????????????
2021/9/17 15:19:29???·???????·
2021/9/14 15:42:25?????????????
2021/5/28 17:25:47??????APP??????????
2021/5/8 17:01:11
sales@spasvo.com