發表文章

目前顯示的是 6月, 2012的文章

Simple Cross Site Scripting (XSS) Servlet Filter

XSSFilter: public class XSSFilter implements Filter { @Override public void init(FilterConfig filterConfig) throws ServletException { } @Override public void destroy() { } @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { chain.doFilter(new XSSRequestWrapper((HttpServletRequest) request), response); } } The HttpServletRequest Wrapper: import java.util.regex.Pattern; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequestWrapper; public class XSSRequestWrapper extends HttpServletRequestWrapper { public XSSRequestWrapper(HttpServletRequest servletRequest) { super(servletRequest); } @Override public String[] getParameterValues(String parameter) { String[] values = super.getParameterValues(parameter); if (values == null) { return null; }
張貼留言
閱讀完整內容

How to prevent cross-site scripting (XSS)

You should HTML escape any input before outputting it back to the user. OWASP XSS (Cross Site Scripting) Prevention Cheat Sheet Consider using   StringEscapeUtils.escapeHtml()   from   Apache Commons Lang Or use   HtmlUtils.htmlEscape()   from   Spring XSS attack prevention XSS prevention in Java JSoup whitelist sanitizer How to encode and store string to prevent XSS
張貼留言
閱讀完整內容

Call VB script in Java code

import java.io.BufferedReader; import java.io.File; import java.io.FileWriter; import java.io.InputStreamReader; public class VBSUtils { private VBSUtils() { } public static boolean isRunning(String process) { boolean found = false; try { File file = File.createTempFile("realhowto",".vbs"); file.deleteOnExit(); FileWriter fw = new java.io.FileWriter(file); String vbs = "Set WshShell = WScript.CreateObject(\"WScript.Shell\")\n" + "Set locator = CreateObject(\"WbemScripting.SWbemLocator\")\n" + "Set service = locator.ConnectServer()\n" + "Set processes = service.ExecQuery _\n" + " (\"select * from Win32_Process where name='" + process +"'\")\n" + "For Each process in processes\n" + "wscript.echo pr
張貼留言
閱讀完整內容

Check if java process is running with VB script

Option Explicit Dim objWMIService, objProcess, colProcess, StdOut Dim strComputer, strProcess, strCommand strComputer = "." ' local computer strProcess = "javaw.exe" strCommand = "BatchReportingClient.jar" ' Check if java process is running on specified computer (. = local computer) IF isProcessRunning(strComputer,strProcess, strCommand) THEN wscript.echo strProcess & " is running on computer '" & strComputer & "'" ELSE wscript.echo strProcess & " is NOT running on computer '" & strComputer & "'" END IF ' Function to check if a process is running FUNCTION isProcessRunning(BYVAL strComputer,BYVAL strProcessName, BYVAL strCommand) DIM objWMIService, strWMIQuery strWMIQuery = "Select * from Win32_Process where name like '" & strProcessName & "'" & " and commandLine like'%" & strCommand & "%
張貼留言
閱讀完整內容

Chekc if process is running with VB script

OPTION EXPLICIT DIM strComputer,strProcess strComputer = "." strProcess = "wrapper.exe" ' Check if Wrapper is running on specified computer IF isProcessRunning(strComputer,strProcess) THEN wscript.echo strProcess & " is running on computer '" & strComputer & "'" ELSE wscript.echo strProcess & " is NOT running on computer '" & strComputer & "'" END IF FUNCTION isProcessRunning(BYVAL strComputer,BYVAL strProcessName) DIM objWMIService, strWMIQuery strWMIQuery = "Select * from Win32_Process where name like '" & strProcessName & "'" SET objWMIService = GETOBJECT("winmgmts:" _ & "{impersonationLevel=impersonate}!\\" _ & strComputer & "\root\cimv2") IF objWMIService.ExecQuery(strWMIQuery).Count > 0 THEN isProcessRunning = TRUE ELSE isProcessRunning = FALSE END IF END FUNCTION
張貼留言
閱讀完整內容