安装包，搜索的时候有 Xss跨站攻击漏洞 - JEECMS官方论坛|开源java cms,jsp cms,jsp bbs

doufuguolyl

级别: 解元

UID: 44799
积分:349 加为好友
威望: 4 精华: 0
主题:41 回复:112
注册时间:2013-03-12
在线时长:0

1# 发表于:2013-09-27 14:05:09 IP:111.122.*.*

就是在搜索框中搜索 <script>alert();</script>

后台就会报错，无法解析搜索内容

官网上的demo就没这个问题，好像是修复了

但是提供下载的2012sp1 就有这个问题，有补丁包么？

错误代码：

严重: Servlet.service() for servlet [JeeCmsFront] in context with path [] threw exception [Request processing failed; nested exception is java.lang.RuntimeException: org.apache.lucene.queryParser.ParseException: Cannot parse '<script>alert();</script>': Encountered " ")" ") "" at line 1, column 14.
Was expecting one of:
 <NOT> ...
 "+" ...
 "-" ...
 "(" ...
 "*" ...
 <QUOTED> ...
 <TERM> ...
 <PREFIXTERM> ...
 <WILDTERM> ...
 "[" ...
 "{" ...
 <NUMBER> ...
 <TERM> ...
 "*" ...
 ] with root cause
org.apache.lucene.queryParser.ParseException: Encountered " ")" ") "" at line 1, column 14.
Was expecting one of:
 <NOT> ...
 "+" ...
 "-" ...
 "(" ...
 "*" ...
 <QUOTED> ...
 <TERM> ...
 <PREFIXTERM> ...
 <WILDTERM> ...
 "[" ...
 "{" ...
 <NUMBER> ...
 <TERM> ...
 "*" ...

at org.apache.lucene.queryParser.QueryParser.generateParseException(QueryParser.java:1759)
at org.apache.lucene.queryParser.QueryParser.jj_consume_token(QueryParser.java:1641)
at org.apache.lucene.queryParser.QueryParser.Clause(QueryParser.java:1268)
at org.apache.lucene.queryParser.QueryParser.Query(QueryParser.java:1178)
at org.apache.lucene.queryParser.QueryParser.Clause(QueryParser.java:1254)
at org.apache.lucene.queryParser.QueryParser.Query(QueryParser.java:1207)
at org.apache.lucene.queryParser.QueryParser.TopLevelQuery(QueryParser.java:1167)
at org.apache.lucene.queryParser.QueryParser.parse(QueryParser.java:182)
at org.apache.lucene.queryParser.MultiFieldQueryParser.parse(MultiFieldQueryParser.java:264)
at com.jeecms.cms.lucene.LuceneContent.createQuery(LuceneContent.java:72)
at com.jeecms.cms.lucene.LuceneContentSvcImpl.searchPage(LuceneContentSvcImpl.java:148)
at com.jeecms.cms.lucene.LuceneContentSvcImpl.searchPage(LuceneContentSvcImpl.java:136)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:309)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:110)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
at com.sun.proxy.$Proxy37.searchPage(Unknown Source)
at com.jeecms.cms.lucene.LuceneDirectivePage.execute(LuceneDirectivePage.java:54)
at freemarker.core.Environment.visit(Environment.java:263)
at freemarker.core.UnifiedCall.accept(UnifiedCall.java:126)
at freemarker.core.Environment.visit(Environment.java:210)
at freemarker.core.MixedContent.accept(MixedContent.java:92)
at freemarker.core.Environment.visit(Environment.java:210)
at freemarker.core.ConditionalBlock.accept(ConditionalBlock.java:79)
at freemarker.core.Environment.visit(Environment.java:210)
at freemarker.core.MixedContent.accept(MixedContent.java:92)
at freemarker.core.Environment.visit(Environment.java:210)
at freemarker.core.Environment.process(Environment.java:190)
at freemarker.template.Template.process(Template.java:237)
at com.jeecms.common.web.springmvc.SimpleFreeMarkerView.renderMergedTemplateModel(SimpleFreeMarkerView.java:114)
at org.springframework.web.servlet.view.AbstractTemplateView.renderMergedOutputModel(AbstractTemplateView.java:167)
at org.springframework.web.servlet.view.AbstractView.render(AbstractView.java:250)
at org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1047)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:817)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:719)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:644)
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:549)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.springframework.orm.hibernate3.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:198)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at com.jeecms.common.web.ProcessTimeFilter.doFilter(ProcessTimeFilter.java:38)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1002)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918)
at java.lang.Thread.run(Thread.java:662)

使用道具
顶端

lfb100

级别: 状元

UID: 33380
积分:50625 加为好友
威望: 21 精华: 3
主题:88 回复:30687
注册时间:2012-05-07
在线时长:0

2# 发表于:2013-09-27 14:07:30 IP:111.76.*.*

显示全部只看该作者

你那报什么错？能贴出来么？

功成由勤，业精于勤。

使用道具
顶端

doufuguolyl

级别: 解元

UID: 44799
积分:349 加为好友
威望: 4 精华: 0
主题:41 回复:112
注册时间:2013-03-12
在线时长:0

3# 发表于:2013-09-27 14:11:48 IP:111.122.*.*

显示全部只看该作者

回复第2楼

严重: Servlet.service() for servlet [JeeCmsFront] in context with path [] threw exception [Request processing failed; nested exception is java.lang.RuntimeException: org.apache.lucene.queryParser.ParseException: Cannot parse '<script>alert();</script>': Encountered " ")" ") "" at line 1, column 14.
 Was expecting one of:
     <NOT> ...
     "+" ...
     "-" ...
     "(" ...
     "*" ...
     <QUOTED> ...
     <TERM> ...
     <PREFIXTERM> ...
     <WILDTERM> ...
     "[" ...
     "{" ...
     <NUMBER> ...
     <TERM> ...
     "*" ...
     ] with root cause
 org.apache.lucene.queryParser.ParseException: Encountered " ")" ") "" at line 1, column 14.
 Was expecting one of:
     <NOT> ...
     "+" ...
     "-" ...
     "(" ...
     "*" ...
     <QUOTED> ...
     <TERM> ...
     <PREFIXTERM> ...
     <WILDTERM> ...
     "[" ...
     "{" ...
     <NUMBER> ...
     <TERM> ...
     "*" ...
     
 	at org.apache.lucene.queryParser.QueryParser.generateParseException(QueryParser.java:1759)
 	at org.apache.lucene.queryParser.QueryParser.jj_consume_token(QueryParser.java:1641)
 	at org.apache.lucene.queryParser.QueryParser.Clause(QueryParser.java:1268)
 	at org.apache.lucene.queryParser.QueryParser.Query(QueryParser.java:1178)
 	at org.apache.lucene.queryParser.QueryParser.Clause(QueryParser.java:1254)
 	at org.apache.lucene.queryParser.QueryParser.Query(QueryParser.java:1207)
 	at org.apache.lucene.queryParser.QueryParser.TopLevelQuery(QueryParser.java:1167)
 	at org.apache.lucene.queryParser.QueryParser.parse(QueryParser.java:182)
 	at org.apache.lucene.queryParser.MultiFieldQueryParser.parse(MultiFieldQueryParser.java:264)
 	at com.jeecms.cms.lucene.LuceneContent.createQuery(LuceneContent.java:72)
 	at com.jeecms.cms.lucene.LuceneContentSvcImpl.searchPage(LuceneContentSvcImpl.java:148)
 	at com.jeecms.cms.lucene.LuceneContentSvcImpl.searchPage(LuceneContentSvcImpl.java:136)
 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 	at java.lang.reflect.Method.invoke(Method.java:597)
 	at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:309)
 	at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
 	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
 	at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:110)
 	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
 	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
 	at com.sun.proxy.$Proxy37.searchPage(Unknown Source)
 	at com.jeecms.cms.lucene.LuceneDirectivePage.execute(LuceneDirectivePage.java:55)
 	at freemarker.core.Environment.visit(Environment.java:263)
 	at freemarker.core.UnifiedCall.accept(UnifiedCall.java:126)
 	at freemarker.core.Environment.visit(Environment.java:210)
 	at freemarker.core.MixedContent.accept(MixedContent.java:92)
 	at freemarker.core.Environment.visit(Environment.java:210)
 	at freemarker.core.ConditionalBlock.accept(ConditionalBlock.java:79)
 	at freemarker.core.Environment.visit(Environment.java:210)
 	at freemarker.core.MixedContent.accept(MixedContent.java:92)
 	at freemarker.core.Environment.visit(Environment.java:210)
 	at freemarker.core.Environment.process(Environment.java:190)
 	at freemarker.template.Template.process(Template.java:237)
 	at com.jeecms.common.web.springmvc.SimpleFreeMarkerView.renderMergedTemplateModel(SimpleFreeMarkerView.java:114)
 	at org.springframework.web.servlet.view.AbstractTemplateView.renderMergedOutputModel(AbstractTemplateView.java:167)
 	at org.springframework.web.servlet.view.AbstractView.render(AbstractView.java:250)
 	at org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1047)
 	at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:817)
 	at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:719)
 	at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:644)
 	at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:549)
 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
 	at org.springframework.orm.hibernate3.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:198)
 	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
 	at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
 	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
 	at com.jeecms.common.web.ProcessTimeFilter.doFilter(ProcessTimeFilter.java:38)
 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
 	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
 	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
 	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
 	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
 	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
 	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
 	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
 	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1002)
 	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)
 	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
 	at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895)
 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918)
 	at java.lang.Thread.run(Thread.java:662)