维护的项目中渗透测试过程中发现的问题如下
漏洞说明:
- 认证过程中传输未加密(用户名密码等敏感数据明文传输);或者使用可破解的加密方式加密敏感信息。
- 用户登录过程中使用明文传输用户登录信息,若用户遭受中间人攻击时,攻击者可直接获取该用户登录账户,从而进行进一步渗透。
修复建议:
- 用户登录信息使用加密传输,如密码在传输前使用安全的算法加密后传输,可采用>的算法包括:不可逆 hash 算法加盐(4 位及以上随机数,由服务器端产生);安全对称加密算法,如 AES(128、192、256 位),且必须保证客户端密钥安全,不可被破解或读出;非对称加密算法,如 RSA(不低于 1024 位)、SM2 等。
使用HTTPS或对用户名密码进行加密,使用非对称加密方式,禁止使用MD5加密。
本解决方案中使用CryptoJS插件通过aes进行的加密处理
下载包地址:CryptoJS下载链接:
前端script引入(其中src路径修改成自己的路径,顺序按我的,否则aes引用lib库会报错)
<script type="text/javascript" src="plug-in/crypto-js-4.1.1/package/crypto-js.js" ></script>
<script type="text/javascript" src="plug-in/crypto-js-4.1.1/package/aes.js" ></script>
form表单
<form class="layui-form" action="">
<input type="hidden" id="id" name="id" value="${tsUserPage.id }">
<div class="layui-form layuimini-form">
<div class="layui-form-item">
<label class="layui-form-label required">用户账号</label>
<div class="layui-input-block">
<input type="text" id="userName" name="userName" lay-verify="required|checkUserName" lay-reqtext="用户账号"
placeholder="请输入用户账号" value="${tsUserPage.userName}" autocomplete="off" class="layui-input">
</div>
</div>
<div class="layui-form-item">
<label class="layui-form-label required">用户名称</label>
<div class="layui-input-block">
<input type="text" id="realName" name="realName" lay-verify="required" lay-reqtext="用户名称不能为空"
placeholder="请输入用户名称" value="${tsUserPage.realName}" autocomplete="off" class="layui-input">
</div>
</div>
<div class="layui-form-item">
<label class="layui-form-label required">密码</label>
<div class="layui-input-block">
<input type="password" id="password" name="password" lay-verify="required" lay-reqtext="密码不能为空"
placeholder="请输入密码" value="" autocomplete="off" class="layui-input">
</div>
</div>
<div class="layui-form-item">
<label class="layui-form-label required">重复密码</label>
<div class="layui-input-block">
<input type="password" id="repassword" name="repassword" lay-verify="required|confirmPass" lay-reqtext="密码不能为空"
placeholder="请输入密码" value="" autocomplete="off" class="layui-input" >
</div>
</div>
<div class="layui-form-item">
<label class="layui-form-label required">组织机构</label>
<div class="layui-input-block">
<select id="departName" lay-filter="vioUnitFilter" name="departName" lay-search="" lay-verify="required">
<option value="">选择或搜索选择</option>
<c:forEach items="${departMap}" var="item">
<%--<c:if test="${item.value.orgType eq '2' || item.value.orgType eq '3'}">--%>
<option value="${item.key}" ${departId eq item.key ? 'selected': ''}>${item.value.departname}</option>
<%--</c:if>--%>
</c:forEach>
</select>
</div>
</div>
<div class="layui-form-item">
<label class="layui-form-label required">角色</label>
<div class="layui-input-block">
<div class="layui-input-inline">
<input type="hidden" id="roleId" name="roleId" value=""/>
<input style="width:390px" type="text" readonly autocomplete="off" class="layui-input" id="checkRole"
ts-selected="" lay-verify="required" lay-reqtext="请选择角色" placeholder="请选择角色" value="${roleName}">
</div>
</div>
</div>
<button id="btn" class="layui-btn" style="display: none" lay-submit lay-filter="saveBtn">立即提交</button>
</div>
</form>
加密js
//监听提交
form.on('submit(saveBtn)', function (data) {
var index = parent.layer.msg("数据提交中",{icon:16,time:false,shade:0.3});
// 创建一个表单数据对象
var formData = new Object();
var data = $(":input").each(function () {
formData[this.name] = $("#" + this.name).val();
});
formData['password'] =$("#password" ).val();
formData['repassword'] =$("#repassword" ).val();
formData['userName'] =$("#userName" ).val();
formData['password'] = Encrypt(formData['password']);
formData['repassword'] = Encrypt(formData['repassword']);
formData['userName'] = Encrypt(formData['userName']);
$.ajax({
url:"tsUserController.do?save",
type:"post",
cache: false,
data:formData,
// data:data.field,
dataType:"json",
async : false,
success:function(res){
parent.layer.close(index);
var iframeIndex = parent.layer.getFrameIndex(window.name);
parent.layer.close(iframeIndex);
parent.layer.msg(res.msg, {icon: res.success==true?1:2, time: 1800});
parent.tools.tableReload();
}
});
return false;
});
//加密方法
function Encrypt(word) {
//字符串可以自定义
var key = CryptoJS.enc.Utf8.parse("abcdefgabcdefg12");
var srcs = CryptoJS.enc.Utf8.parse(word);
var encrypted = CryptoJS.AES.encrypt(srcs, key, {mode: CryptoJS.mode.ECB, padding: CryptoJS.pad.Pkcs7});
return encrypted.toString();
}
后端解密工具类
package com.sdzk.buss.web.common.utils;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang3.StringUtils;
import sun.misc.BASE64Decoder;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.SecretKeySpec;
import java.math.BigInteger;
/**
* 编码工具类
* 实现aes加密、解密
*/
public class EncryptUtils {
/**
* 密钥
*/
private static final String KEY = "abcdefgabcdefg12";
/**
* 算法
*/
private static final String ALGORITHMSTR = "AES/ECB/PKCS5Padding";
public static void main(String[] args) throws Exception {
String content = "我爱你";
System.out.println("加密前:" + content);
System.out.println("加密密钥和解密密钥:" + KEY);
String encrypt = aesEncrypt(content, KEY);
System.out.println("加密后:" + encrypt);
String decrypt = aesDecrypt(encrypt, KEY);
System.out.println("解密后:" + decrypt);
}
/**
* aes解密
* @param encrypt 内容
* @return
* @throws Exception
*/
public static String aesDecrypt(String encrypt) throws Exception {
return aesDecrypt(encrypt, KEY);
}
/**
* aes加密
* @param content
* @return
* @throws Exception
*/
public static String aesEncrypt(String content) throws Exception {
return aesEncrypt(content, KEY);
}
/**
* 将byte[]转为各种进制的字符串
* @param bytes byte[]
* @param radix 可以转换进制的范围,从Character.MIN_RADIX到Character.MAX_RADIX,超出范围后变为10进制
* @return 转换后的字符串
*/
public static String binary(byte[] bytes, int radix){
return new BigInteger(1, bytes).toString(radix);// 这里的1代表正数
}
/**
* base 64 encode
* @param bytes 待编码的byte[]
* @return 编码后的base 64 code
*/
public static String base64Encode(byte[] bytes){
return Base64.encodeBase64String(bytes);
}
/**
* base 64 decode
* @param base64Code 待解码的base 64 code
* @return 解码后的byte[]
* @throws Exception
*/
public static byte[] base64Decode(String base64Code) throws Exception{
return StringUtils.isEmpty(base64Code) ? null : new BASE64Decoder().decodeBuffer(base64Code);
}
/**
* AES加密
* @param content 待加密的内容
* @param encryptKey 加密密钥
* @return 加密后的byte[]
* @throws Exception
*/
public static byte[] aesEncryptToBytes(String content, String encryptKey) throws Exception {
KeyGenerator kgen = KeyGenerator.getInstance("AES");
kgen.init(128);
Cipher cipher = Cipher.getInstance(ALGORITHMSTR);
cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(encryptKey.getBytes(), "AES"));
return cipher.doFinal(content.getBytes("utf-8"));
}
/**
* AES加密为base 64 code
* @param content 待加密的内容
* @param encryptKey 加密密钥
* @return 加密后的base 64 code
* @throws Exception
*/
public static String aesEncrypt(String content, String encryptKey) throws Exception {
return base64Encode(aesEncryptToBytes(content, encryptKey));
}
/**
* AES解密
* @param encryptBytes 待解密的byte[]
* @param decryptKey 解密密钥
* @return 解密后的String
* @throws Exception
*/
public static String aesDecryptByBytes(byte[] encryptBytes, String decryptKey) throws Exception {
KeyGenerator kgen = KeyGenerator.getInstance("AES");
kgen.init(128);
Cipher cipher = Cipher.getInstance(ALGORITHMSTR);
cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(decryptKey.getBytes(), "AES"));
byte[] decryptBytes = cipher.doFinal(encryptBytes);
return new String(decryptBytes,"UTF-8");
}
/**
* 将base 64 code AES解密
* @param encryptStr 待解密的base 64 code
* @param decryptKey 解密密钥
* @return 解密后的string
* @throws Exception
*/
public static String aesDecrypt(String encryptStr, String decryptKey) throws Exception {
return StringUtils.isEmpty(encryptStr) ? null : aesDecryptByBytes(base64Decode(encryptStr), decryptKey);
}
}
验证加密成功,注意前后端秘钥要一致,即我的“abcdefgabcdefg12”
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
