|
阅读:3822
回复:0
|
9.2.7版本漏洞处理
最近在扫描用9.2.7版本开发的项目时出现了一个漏洞,漏洞描述如图:
图片:Y20QY``)5Q6QV5QHWG]7FET.png 
GlobalHandler.ashx中的代码如下: <%@ WebHandler Language="C#" Class="OThinker.H3.Portal.GlobalHandler" %> using System; using System.Web; using System.IO; using OThinker.H3.WorkSheet; using System.Threading; using System.Globalization; using Resources; using System.Web.SessionState; namespace OThinker.H3.Portal { public class GlobalHandler : IHttpHandler, IRequiresSessionState { public void ProcessRequest(HttpContext context) { context.Response.ContentType = "application/json"; try { object lang = context.Session[Sessions.GetLang()]; if (lang != null && !string.IsNullOrEmpty(lang.ToString())) { Thread.CurrentThread.CurrentUICulture = new CultureInfo(lang.ToString()); } string json = string.Empty; string code = context.Request.QueryString["Code"]; if (!string.IsNullOrEmpty(code)) { string[] resourceCodes = code.Split(','); foreach (string resourceCode in resourceCodes) { string resouceValue = Resource.ResourceManager.GetString(resourceCode); json += string.Format("\"{0}\":\"{1}\",", resourceCode, resouceValue == null ? "" : resouceValue); } } if (!string.IsNullOrEmpty(json)) { context.Response.Write("{\"IsSuccess\":true, \"TextObj\":{" + json.Substring(0, json.Length - 1) + "}}"); } else { context.Response.Write("{\"IsSuccess\":false, \"TextObj\":{}}"); } } catch { context.Response.Write("{\"IsSuccess\":false, \"TextObj\":{}}"); } } public bool IsReusable { get { return false; } } } } 有人知道要如何解决这个漏洞吗? |
