帐号明文传输漏洞
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了帐号明文传输漏洞相关的知识,希望对你有一定的参考价值。
表单提交前加密,本文使用(BASE64)加密
1 /** 2 *BASE64 Encode and Decode By UTF-8 unicode 3 *可以和java的BASE64编码和解码互相转化 4 */ 5 (function(){ 6 var BASE64_MAPPING = [ 7 ‘A‘,‘B‘,‘C‘,‘D‘,‘E‘,‘F‘,‘G‘,‘H‘, 8 ‘I‘,‘J‘,‘K‘,‘L‘,‘M‘,‘N‘,‘O‘,‘P‘, 9 ‘Q‘,‘R‘,‘S‘,‘T‘,‘U‘,‘V‘,‘W‘,‘X‘, 10 ‘Y‘,‘Z‘,‘a‘,‘b‘,‘c‘,‘d‘,‘e‘,‘f‘, 11 ‘g‘,‘h‘,‘i‘,‘j‘,‘k‘,‘l‘,‘m‘,‘n‘, 12 ‘o‘,‘p‘,‘q‘,‘r‘,‘s‘,‘t‘,‘u‘,‘v‘, 13 ‘w‘,‘x‘,‘y‘,‘z‘,‘0‘,‘1‘,‘2‘,‘3‘, 14 ‘4‘,‘5‘,‘6‘,‘7‘,‘8‘,‘9‘,‘+‘,‘/‘ 15 ]; 16 17 /** 18 *ascii convert to binary 19 */ 20 var _toBinary = function(ascii){ 21 var binary = new Array(); 22 while(ascii > 0){ 23 var b = ascii%2; 24 ascii = Math.floor(ascii/2); 25 binary.push(b); 26 } 27 /* 28 var len = binary.length; 29 if(6-len > 0){ 30 for(var i = 6-len ; i > 0 ; --i){ 31 binary.push(0); 32 } 33 }*/ 34 binary.reverse(); 35 return binary; 36 }; 37 38 /** 39 *binary convert to decimal 40 */ 41 var _toDecimal = function(binary){ 42 var dec = 0; 43 var p = 0; 44 for(var i = binary.length-1 ; i >= 0 ; --i){ 45 var b = binary[i]; 46 if(b == 1){ 47 dec += Math.pow(2 , p); 48 } 49 ++p; 50 } 51 return dec; 52 }; 53 54 /** 55 *unicode convert to utf-8 56 */ 57 var _toUTF8Binary = function(c , binaryArray){ 58 var mustLen = (8-(c+1)) + ((c-1)*6); 59 var fatLen = binaryArray.length; 60 var diff = mustLen - fatLen; 61 while(--diff >= 0){ 62 binaryArray.unshift(0); 63 } 64 var binary = []; 65 var _c = c; 66 while(--_c >= 0){ 67 binary.push(1); 68 } 69 binary.push(0); 70 var i = 0 , len = 8 - (c+1); 71 for(; i < len ; ++i){ 72 binary.push(binaryArray[i]); 73 } 74 75 for(var j = 0 ; j < c-1 ; ++j){ 76 binary.push(1); 77 binary.push(0); 78 var sum = 6; 79 while(--sum >= 0){ 80 binary.push(binaryArray[i++]); 81 } 82 } 83 return binary; 84 }; 85 86 var __BASE64 = { 87 /** 88 *BASE64 Encode 89 */ 90 encoder:function(str){ 91 var base64_Index = []; 92 var binaryArray = []; 93 for(var i = 0 , len = str.length ; i < len ; ++i){ 94 var unicode = str.charCodeAt(i); 95 var _tmpBinary = _toBinary(unicode); 96 if(unicode < 0x80){ 97 var _tmpdiff = 8 - _tmpBinary.length; 98 while(--_tmpdiff >= 0){ 99 _tmpBinary.unshift(0); 100 } 101 binaryArray = binaryArray.concat(_tmpBinary); 102 }else if(unicode >= 0x80 && unicode <= 0x7FF){ 103 binaryArray = binaryArray.concat(_toUTF8Binary(2 , _tmpBinary)); 104 }else if(unicode >= 0x800 && unicode <= 0xFFFF){//UTF-8 3byte 105 binaryArray = binaryArray.concat(_toUTF8Binary(3 , _tmpBinary)); 106 }else if(unicode >= 0x10000 && unicode <= 0x1FFFFF){//UTF-8 4byte 107 binaryArray = binaryArray.concat(_toUTF8Binary(4 , _tmpBinary)); 108 }else if(unicode >= 0x200000 && unicode <= 0x3FFFFFF){//UTF-8 5byte 109 binaryArray = binaryArray.concat(_toUTF8Binary(5 , _tmpBinary)); 110 }else if(unicode >= 4000000 && unicode <= 0x7FFFFFFF){//UTF-8 6byte 111 binaryArray = binaryArray.concat(_toUTF8Binary(6 , _tmpBinary)); 112 } 113 } 114 115 var extra_Zero_Count = 0; 116 for(var i = 0 , len = binaryArray.length ; i < len ; i+=6){ 117 var diff = (i+6)-len; 118 if(diff == 2){ 119 extra_Zero_Count = 2; 120 }else if(diff == 4){ 121 extra_Zero_Count = 4; 122 } 123 //if(extra_Zero_Count > 0){ 124 // len += extra_Zero_Count+1; 125 //} 126 var _tmpExtra_Zero_Count = extra_Zero_Count; 127 while(--_tmpExtra_Zero_Count >= 0){ 128 binaryArray.push(0); 129 } 130 base64_Index.push(_toDecimal(binaryArray.slice(i , i+6))); 131 } 132 133 var base64 = ‘‘; 134 for(var i = 0 , len = base64_Index.length ; i < len ; ++i){ 135 base64 += BASE64_MAPPING[base64_Index[i]]; 136 } 137 138 for(var i = 0 , len = extra_Zero_Count/2 ; i < len ; ++i){ 139 base64 += ‘=‘; 140 } 141 return base64; 142 }, 143 /** 144 *BASE64 Decode for UTF-8 145 */ 146 decoder : function(_base64Str){ 147 var _len = _base64Str.length; 148 var extra_Zero_Count = 0; 149 /** 150 *计算在进行BASE64编码的时候,补了几个0 151 */ 152 if(_base64Str.charAt(_len-1) == ‘=‘){ 153 //alert(_base64Str.charAt(_len-1)); 154 //alert(_base64Str.charAt(_len-2)); 155 if(_base64Str.charAt(_len-2) == ‘=‘){//两个等号说明补了4个0 156 extra_Zero_Count = 4; 157 _base64Str = _base64Str.substring(0 , _len-2); 158 }else{//一个等号说明补了2个0 159 extra_Zero_Count = 2; 160 _base64Str = _base64Str.substring(0 , _len - 1); 161 } 162 } 163 164 var binaryArray = []; 165 for(var i = 0 , len = _base64Str.length; i < len ; ++i){ 166 var c = _base64Str.charAt(i); 167 for(var j = 0 , size = BASE64_MAPPING.length ; j < size ; ++j){ 168 if(c == BASE64_MAPPING[j]){ 169 var _tmp = _toBinary(j); 170 /*不足6位的补0*/ 171 var _tmpLen = _tmp.length; 172 if(6-_tmpLen > 0){ 173 for(var k = 6-_tmpLen ; k > 0 ; --k){ 174 _tmp.unshift(0); 175 } 176 } 177 binaryArray = binaryArray.concat(_tmp); 178 break; 179 } 180 } 181 } 182 183 if(extra_Zero_Count > 0){ 184 binaryArray = binaryArray.slice(0 , binaryArray.length - extra_Zero_Count); 185 } 186 187 var unicode = []; 188 var unicodeBinary = []; 189 for(var i = 0 , len = binaryArray.length ; i < len ; ){ 190 if(binaryArray[i] == 0){ 191 unicode=unicode.concat(_toDecimal(binaryArray.slice(i,i+8))); 192 i += 8; 193 }else{ 194 var sum = 0; 195 while(i < len){ 196 if(binaryArray[i] == 1){ 197 ++sum; 198 }else{ 199 break; 200 } 201 ++i; 202 } 203 unicodeBinary = unicodeBinary.concat(binaryArray.slice(i+1 , i+8-sum)); 204 i += 8 - sum; 205 while(sum > 1){ 206 unicodeBinary = unicodeBinary.concat(binaryArray.slice(i+2 , i+8)); 207 i += 8; 208 --sum; 209 } 210 unicode = unicode.concat(_toDecimal(unicodeBinary)); 211 unicodeBinary = []; 212 } 213 } 214 return unicode; 215 } 216 }; 217 218 window.BASE64 = __BASE64; 219 })();
登陆检验:
1 <form name="form1" method="post" action="<%=basePath%>/core/login.action" 2 onsubmit="return checkParam();"></form> 3 4 5 <script language="javascript" type="text/JavaScript"> 6 //登录检验 7 function checkParam(){ 8 var userName = $.trim($("#userName").val()); 9 var passWord = $.trim($("#passWord").val()); 10 if(userName==""){ 11 alert("请输入用户名!"); 12 $("#userName").focus(); 13 return false; 14 } 15 if(passWord==""){ 16 alert("请输入密码!"); 17 $("#passWord").focus(); 18 return false; 19 } 20 document.form1.action.value="authenticate"; 21 document.getElementById("userName").value = BASE64.encoder($("#userName").val());//返回编码后的账号 22 document.getElementById("passWord").value = BASE64.encoder($("#passWord").val());//返回编码后的账号 23 return true; 24 } 25 26 </script>
1 import java.io.Serializable; 2 import java.io.UnsupportedEncodingException; 3 4 /** 5 * BASE64加密解密的处理类 6 * <br> 7 * 8 * @author Vivim 9 * @time Jan 13, 2009 12:12:42 PM 10 * @version 1.0 11 */ 12 public class BASE64 implements Serializable { 13 14 private static final long serialVersionUID = 3762133767673900132L; 15 16 private static char[] base64EncodeChars = new char[] { ‘A‘, ‘B‘, ‘C‘, ‘D‘, 17 ‘E‘, ‘F‘, ‘G‘, ‘H‘, ‘I‘, ‘J‘, ‘K‘, ‘L‘, ‘M‘, ‘N‘, ‘O‘, ‘P‘, ‘Q‘, 18 ‘R‘, ‘S‘, ‘T‘, ‘U‘, ‘V‘, ‘W‘, ‘X‘, ‘Y‘, ‘Z‘, ‘a‘, ‘b‘, ‘c‘, ‘d‘, 19 ‘e‘, ‘f‘, ‘g‘, ‘h‘, ‘i‘, ‘j‘, ‘k‘, ‘l‘, ‘m‘, ‘n‘, ‘o‘, ‘p‘, ‘q‘, 20 ‘r‘, ‘s‘, ‘t‘, ‘u‘, ‘v‘, ‘w‘, ‘x‘, ‘y‘, ‘z‘, ‘0‘, ‘1‘, ‘2‘, ‘3‘, 21 ‘4‘, ‘5‘, ‘6‘, ‘7‘, ‘8‘, ‘9‘, ‘+‘, ‘/‘ }; 22 23 private static byte[] base64DecodeChars = new byte[] { -1, -1, -1, -1, -1, 24 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 25 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 26 -1, -1, -1, -1, 62, -1, -1, -1, 63, 52, 53, 54, 55, 56, 57, 58, 59, 27 60, 61, -1, -1, -1, -1, -1, -1, -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 28 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, 29 -1, -1, -1, -1, -1, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 30 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, -1, -1, -1, 31 -1, -1 }; 32 33 // 编码 34 public final static String encode(byte[] data) { 35 StringBuffer sb = new StringBuffer(); 36 int len = data.length; 37 int i = 0; 38 int b1, b2, b3; 39 while (i < len) { 40 b1 = data[i++] & 0xff; 41 if (i == len) { 42 sb.append(base64EncodeChars[b1 >>> 2]); 43 sb.append(base64EncodeChars[(b1 & 0x3) << 4]); 44 sb.append("=="); 45 break; 46 } 47 b2 = data[i++] & 0xff; 48 if (i == len) { 49 sb.append(base64EncodeChars[b1 >>> 2]); 50 sb.append(base64EncodeChars[((b1 & 0x03) << 4) 51 | ((b2 & 0xf0) >>> 4)]); 52 sb.append(base64EncodeChars[(b2 & 0x0f) << 2]); 53 sb.append("="); 54 break; 55 } 56 b3 = data[i++] & 0xff; 57 sb.append(base64EncodeChars[b1 >>> 2]); 58 sb.append(base64EncodeChars[((b1 & 0x03) << 4) 59 | ((b2 & 0xf0) >>> 4)]); 60 sb.append(base64EncodeChars[((b2 & 0x0f) << 2) 61 | ((b3 & 0xc0) >>> 6)]); 62 sb.append(base64EncodeChars[b3 & 0x3f]); 63 } 64 return sb.toString(); 65 } 66 67 // 解码 68 public final static byte[] decode(String str) 69 throws UnsupportedEncodingException { 70 StringBuffer sb = new StringBuffer(); 71 byte[] data = str.getBytes("US-ASCII"); 72 int len = data.length; 73 int i = 0; 74 int b1, b2, b3, b4; 75 while (i < len) { 76 /* b1 */ 77 do { 78 b1 = base64DecodeChars[data[i++]]; 79 } while (i < len && b1 == -1); 80 if (b1 == -1) 81 break; 82 /* b2 */ 83 do { 84 b2 = base64DecodeChars[data[i++]]; 85 } while (i < len && b2 == -1); 86 if (b2 == -1) 87 break; 88 sb.append((char) ((b1 << 2) | ((b2 & 0x30) >>> 4))); 89 /* b3 */ 90 do { 91 b3 = data[i++]; 92 if (b3 == 61) 93 return sb.toString().getBytes("ISO-8859-1"); 94 b3 = base64DecodeChars[b3]; 95 } while (i < len && b3 == -1); 96 if (b3 == -1) 97 break; 98 sb.append((char) (((b2 & 0x0f) << 4) | ((b3 & 0x3c) >>> 2))); 99 /* b4 */ 100 do { 101 b4 = data[i++]; 102 if (b4 == 61) 103 return sb.toString().getBytes("ISO-8859-1"); 104 b4 = base64DecodeChars[b4]; 105 } while (i < len && b4 == -1); 106 if (b4 == -1) 107 break; 108 sb.append((char) (((b3 & 0x03) << 6) | b4)); 109 } 110 return sb.toString().getBytes("ISO-8859-1"); 111 } 112 113 /** 114 * 获得指定字符串的Base64编码值字符串 115 * <br> 116 * @param srcString 117 * @return 118 */ 119 public final static String encodeToBase64(String srcString) { 120 return encode(srcString.getBytes()); 121 } 122 123 /** 124 * 获得Base64编码字符串的解码值字符串 125 * @param base64String 126 * @return 127 * @throws UnsupportedEncodingException 128 */ 129 public final static String decodeFromBase64(String base64String){ 130 String s = null; 131 try { 132 s = new String(decode(base64String)); 133 } catch (UnsupportedEncodingException e) { 134 e.printStackTrace(); 135 } 136 return s; 137 } 138 }
action层解密
1 userName = BASE64.decodeFromBase64(userName); 2 passWord = BASE64.decodeFromBase64(passWord);
service层md5加密后与数据库密文对比。
md5不能解密。
以上是关于帐号明文传输漏洞的主要内容,如果未能解决你的问题,请参考以下文章