Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] The detection rate of vulnerability in shooting openrasp is low #282

Closed
Nizernizer opened this issue Apr 7, 2022 · 0 comments
Closed

[BUG] The detection rate of vulnerability in shooting openrasp is low #282

Nizernizer opened this issue Apr 7, 2022 · 0 comments

Comments

@Nizernizer
Copy link
Contributor

1.okhttp3 的 ssrf 漏洞未检出已解决,原因:缺少 okhttp3 的传播规则:okhttp3.HttpUrl.parse(java.lang.String)
2.通过XXE读取系统文件-stax 漏洞未检出已解决,原因:将关键类com.ctc.wstx.stax.WstxInputFactory加入了HOOK黑名单
3.检查响应里是否有身份证、银行卡等敏感信息泄露漏洞未检出已解决,原因:未获取到响应体
4. 任意文件上传的危险方法与反射型XSS的危险方法一致,需讨论这种情况的具体做法
5.013 - SQLi - JDBC multipart 请求格式漏洞未检出已解决,原因:未对 org.apache.commons 包以及 foreach 做 HOOK 处理,导致方法链断链,添加规则:org.apache.commons.fileupload.FileUploadBase.parseRequest(org.apache.commons.fileupload.RequestContext)、org.apache.commons.fileupload.FileItem.getString()、java.util.List.iterator()、java.util.Iterator.next()
Nizernizer pushed a commit to Nizernizer/DongTai-agent-java that referenced this issue Apr 7, 2022
close issue HXSecurity#282
3318d9d
@Nizernizer Nizernizer mentioned this issue Apr 7, 2022
Merged
Nizernizer pushed a commit to Nizernizer/DongTai-agent-java that referenced this issue Apr 7, 2022
close issue HXSecurity#282
b3e0ee8
Nizernizer added a commit that referenced this issue Apr 8, 2022
@Nizernizer
Merge pull request #283 from Nizernizer/feat/issue-270
9a3f97d 
close issue #282
Nizernizer pushed a commit to Nizernizer/DongTai-agent-java that referenced this issue Apr 8, 2022
close issue HXSecurity#282
e880f3d
Nizernizer pushed a commit to Nizernizer/DongTai-agent-java that referenced this issue Apr 8, 2022
close issue HXSecurity#282
40bd61b
Nizernizer pushed a commit to Nizernizer/DongTai-agent-java that referenced this issue Apr 8, 2022
close issue HXSecurity#282
cc9ec9c
Nizernizer pushed a commit to Nizernizer/DongTai-agent-java that referenced this issue Apr 8, 2022
close issue HXSecurity#282
86d427c
Nizernizer pushed a commit to Nizernizer/DongTai-agent-java that referenced this issue Apr 8, 2022
close issue HXSecurity#282
6c592fb
Nizernizer pushed a commit to Nizernizer/DongTai-agent-java that referenced this issue Apr 8, 2022
close issue HXSecurity#282
4bb539c
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Nizernizer