Client Side Filtering
本實驗分爲兩步:
1、通過頁面查看隱藏數據,找到ceo的工資
You are logged in as Moe Stooge, CSO of Goat Hills Financial. You have access to everyone in the company's information, except the CEO, Neville Bartholomew. Or at least you shouldn't have access to the CEO's information. For this exercise, examine the contents of the page to see what extra information you can find.
2、修復該問題
STAGE 2: Now, fix the problem. Modify the server to only return results that Moe Stooge is allowed to see.
#####解題思路
1、通過火狐web控制檯,通過員工id進行查找,找到ceo的工資,submit
2、修復:原因是返回的信息過多,只允許返回經理能夠看見的員工
找到代碼:
1、進入docker,如果沒有vim命令需要下載:apt-get update,apt-get install vim
2、find -name clientSideFiltering.jsp
3、vim clientSideFiltering.jsp
將:
StringBuffer sb = new StringBuffer();
sb.append("/Employees/Employee/UserID | ");
sb.append("/Employees/Employee/FirstName | ");
sb.append("/Employees/Employee/LastName | ");
sb.append("/Employees/Employee/SSN | ");
sb.append("/Employees/Employee/Salary ");
String expression = sb.toString();
StringBuffer sb = new StringBuffer();
調整爲:
sb.append("/Employees/Employee[Managers/Manager/text() = " + userId + "]/UserID | ");
sb.append("/Employees/Employee[Managers/Manager/text() = " + userId + "]/FirstName | ");
sb.append("/Employees/Employee[Managers/Manager/text() = " + userId + "]/LastName | ");
sb.append("/Employees/Employee[Managers/Manager/text() = " + userId + "]/SSN | ");
sb.append("/Employees/Employee[Managers/Manager/text() = " + userId + "]/Salary ");
String expression = sb.toString();