[Owasp-turkey] Arızayı Bul #1

Bedirhan Urgun bedirhanurgun at gmail.com
Mon Oct 12 07:42:52 EDT 2009


:) ya cok kolay geldi ya da cok zor, kestiremedim.
Asagidaki parcada benim gordugum 3 KRITIK guvenlik zafiyeti var. Java
olduguna bakmayin, API'lar cok degismiyor.
bedirhan
10 Ekim 2009 15:49 tarihinde Bedirhan Urgun <bedirhanurgun at gmail.com> yazdı:

> merhaba,
> Yazilim kaynakli guvenlik problemleri hepimizin malumu. Kod tabanli
> guvenlik problemlerini bulup/tartisabilecegimiz mailler gonderecegim kisa
> periyotlarla. Asagidaki Java parcasinda hangi guvenlik problemi(leri) var ve
> nasil cozulur?
>
> bedirhan
>
> Arızayı Bul #1
> --------------------
>
>   private void doDownload( HttpServletRequest request, HttpServletResponse
> response ) {
>   try {
>
>       // get the user
>    HttpSession session = request.getSession();
>    User user = (User) session.getAttribute(UserConst.userAttr);
>    String filename = user.downloadDirPath + separator +
> request.getParameter("filename");
>    reportLog.writeln("Download Request User:" + user.userName + "
> FileName:" + filename);
>    File f = new File(filename.trim());
>
>    // get servlet output stream
>       ServletOutputStream op = response.getOutputStream();
>
>    response.setContentLength((int) f.length());
>    response.setHeader("Content-Disposition", "attachment; filename=\"" +
> request.getParameter("filename") + "\"");
>    response.setHeader("Content-Type", "application/octet-stream");
>    byte[] bbuf = new byte[255];
>    DataInputStream in = new DataInputStream(new FileInputStream(f));
>
>       int length = 0;
>    while( (in != null) && ((length = in.read(bbuf)) != -1) )
>     op.write(bbuf, 0, length);
>    in.close();
>    op.flush();
>    op.close();
>
>       reportLog.writeln("Download Response User:" + user.userName + "
> FileName:" + filename + " Success ");
>   }
>     catch( Exception e ) {
>    SendException(e, request, response);
>   }
>  }
>



-- 
Bedirhan Urgun
http://www.webguvenligi.org
http://www.owasp.org/index.php/Turkey

Türkçe Web Uygulama Güvenliği E-Posta Listesine üye olmak için:
https://lists.owasp.org/mailman/listinfo/owasp-turkey
-------------- sonraki bölüm --------------
Bir HTML eklentisi temizlendi...
URL: https://lists.owasp.org/pipermail/owasp-turkey/attachments/20091012/e0aa75bc/attachment.html 


More information about the Owasp-turkey mailing list