FangYuan Si

vim enthusiast.

less than 1 minute read

对应CVE-2017-10355

在国家漏洞库的官方描述中,只提到该漏洞影响到组件(Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15) 但在利用代码可见,漏洞同样影响xerces: 2.11.0

    private void parseXmlFile() {
     //get the factory
     DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
     try {
      //Using factory get an instance of document builder
      DocumentBuilder db = dbf.newDocumentBuilder();
      //parse using builder to get DOM representation of the XML file
      dom = db.parse("ftp://maliciousftpserver/test.xml"); // - FTP URL controlled by the attacker
     } catch (ParserConfigurationException pce) {
      pce.printStackTrace();
     } catch (SAXException se) {
      se.printStackTrace();
     } catch (IOException ioe) {
      ioe.printStackTrace();
     }
    }

You May Also Enjoy

web界面

5 minute read

项目需要界面选择了leptos,对web ui整体认知不足,一直踩坑,理下思路。

rust-gdb

less than 1 minute read

gdb中可以调用python脚本: