摘要:
Log Forging漏洞: try {int value = Integer.parseInt(val);}catch (NumberFormatException nfe) {log.info("Failed to parse val = " + val);} 如果用户为“val”提交字符串“t 阅读全文
摘要:
1.修复方案,过滤引起Log Forging漏洞的敏感字符的公共方法 /** * Log Forging漏洞校验 * @param logs * @return */ public static String vaildLog(String logs) { List<String> list=new 阅读全文