关于jeecms明文密码传输漏洞修改:
思路:由于jeecms密码加密采用md532位加密算法,是不可逆过程,数据库存放的是加密后的密码,登陆认证是将前台传入的密码加密后和数据库进行对比,所以往后台提交密码为加密后的密码的话,势必数据库密码也要加密一次,然后做对比就可以了。
前台修改:
//密码框密码进行加密
function passwordMd5(){
var x=document.getElementById("password").value;
var y=hex_md5(x);
document.getElementById("password").value = y;
}
document.onkeydown=function(event){
var e = event||window.event||arguments.callee.caller.arguments[0];
if(e){
if(e.keyCode==13){
passwordMd5();
}
}
}
//用onblur触前台加密函数
<td><input name="password" type="password" id="password" maxlength="32" vld="{required:true}" onblur="passwordMd5()" class="input"/></td>
后台修改
//md5加密工具类
// MD5加码。32位
public static String MD5(String inStr) {
MessageDigest md5 = null;
try {
md5 = MessageDigest.getInstance("MD5");
} catch (Exception e) {
System.out.println(e.toString());
e.printStackTrace();
return "";
}
char[] charArray = inStr.toCharArray();
byte[] byteArray = new byte[charArray.length];
for (int i = 0; i < charArray.length; i++)
byteArray[i] = (byte) charArray[i];
byte[] md5Bytes = md5.digest(byteArray);
StringBuffer hexValue = new StringBuffer();
for (int i = 0; i < md5Bytes.length; i++) {
int val = ((int) md5Bytes[i]) & 0xff;
if (val < 16)
hexValue.append("0");
hexValue.append(Integer.toHexString(val));
}
return hexValue.toString();
}
//登陆认证是加密数据库传出的密码
/**
* 登录认证
*/
protected AuthenticationInfo doGetAuthenticationInfo(
AuthenticationToken authcToken) throws AuthenticationException {
UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
CmsUser user = cmsUserMng.findByUsername(token.getUsername());
if (user != null) {
UnifiedUser unifiedUser = unifiedUserMng.findById(user.getId());
String pass=PasswordMd5.MD5(unifiedUser.getPassword());
return new SimpleAuthenticationInfo(user.getUsername(),pass, getName());
} else {
return null;
}
}
思路:由于jeecms密码加密采用md532位加密算法,是不可逆过程,数据库存放的是加密后的密码,登陆认证是将前台传入的密码加密后和数据库进行对比,所以往后台提交密码为加密后的密码的话,势必数据库密码也要加密一次,然后做对比就可以了。
前台修改:
//密码框密码进行加密
function passwordMd5(){
var x=document.getElementById("password").value;
var y=hex_md5(x);
document.getElementById("password").value = y;
}
document.onkeydown=function(event){
var e = event||window.event||arguments.callee.caller.arguments[0];
if(e){
if(e.keyCode==13){
passwordMd5();
}
}
}
//用onblur触前台加密函数
<td><input name="password" type="password" id="password" maxlength="32" vld="{required:true}" onblur="passwordMd5()" class="input"/></td>
后台修改
//md5加密工具类
// MD5加码。32位
public static String MD5(String inStr) {
MessageDigest md5 = null;
try {
md5 = MessageDigest.getInstance("MD5");
} catch (Exception e) {
System.out.println(e.toString());
e.printStackTrace();
return "";
}
char[] charArray = inStr.toCharArray();
byte[] byteArray = new byte[charArray.length];
for (int i = 0; i < charArray.length; i++)
byteArray[i] = (byte) charArray[i];
byte[] md5Bytes = md5.digest(byteArray);
StringBuffer hexValue = new StringBuffer();
for (int i = 0; i < md5Bytes.length; i++) {
int val = ((int) md5Bytes[i]) & 0xff;
if (val < 16)
hexValue.append("0");
hexValue.append(Integer.toHexString(val));
}
return hexValue.toString();
}
//登陆认证是加密数据库传出的密码
/**
* 登录认证
*/
protected AuthenticationInfo doGetAuthenticationInfo(
AuthenticationToken authcToken) throws AuthenticationException {
UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
CmsUser user = cmsUserMng.findByUsername(token.getUsername());
if (user != null) {
UnifiedUser unifiedUser = unifiedUserMng.findById(user.getId());
String pass=PasswordMd5.MD5(unifiedUser.getPassword());
return new SimpleAuthenticationInfo(user.getUsername(),pass, getName());
} else {
return null;
}
}