zhenfeng13 / perfect-ssm Goto Github PK
View Code? Open in Web Editor NEW:grapes:更完善的Spring+SpringMVC+Mybatis+easyUI后台管理系统(RESTful API+redis)
Home Page: http://ssm-cluster.13blog.site
License: Apache License 2.0
:grapes:更完善的Spring+SpringMVC+Mybatis+easyUI后台管理系统(RESTful API+redis)
Home Page: http://ssm-cluster.13blog.site
License: Apache License 2.0
使用 admin/123456 登录不上,页面无反应
控制台 xhr cookie 返回数据
{resultCode: 500, message: "请认真核对账号、密码!", data: null}
data
:
null
message
:
"请认真核对账号、密码!"
resultCode
:
500
你好,我有一个关于Redis的问题。我单独测试了RedisUtil模块,配置了远程的Redis连接,但是我利用RedisUtil工具增加String的时候,无法在远程的redis查询到,但是调用RedisUtil的get方法可以获取到。这个是什么问题?
您好:
我是360代码安全的工作人员,在我们的开源代码检测项目中发现perfect-ssm中存在两处反射型xss漏洞,详细信息如下:
在pictureManage.jsp文件的27、28行处接受了get请求中的type、grade参数,并直接在33、75行等地方进行html拼凑,导致恶意攻击者可以通过构造特定的链接
复现:
构造如下链接:
http://perfect-ssm.13blog.site/views/pictureManage.jsp?type=1&grade=%22%3E%3C/table%3E%3C/body%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E//
当管理员访问时会执行脚本
这里以弹框为例,实际攻击场景中会将cookie发送到受控制的服务器上
点击登陆按钮,提示错误:
POST http://localhost:8180/users/cookie 404 (Not Found)
send @ jquery.min.js:4
ajax @ jquery.min.js:4
login @ login.js:13
onclick @ login.jsp:49
看url是Ajax提交post请求时没有把工程路径拼完整,请问该修改哪一块?
你好 可以将你的SSM 搭建精美实用的管理系统 这个学习教程公布吗,可以上传到公网上让我们学习吗,大神
很开心能学习到您的源码,
我是初学者,
UserServiceImpl类中 方法
public User login(User user) {
return userDao.login(user);
}
其中login(user)方法的实现类呢?
UserContrller类中
@RequestMapping(value = "/cookie", method = RequestMethod.POST)
@responsebody
public Result login(User user) {
System.out.println("进入 users/cookie方法");
try {
String MD5pwd = MD5Util.MD5Encode(user.getPassword(), "UTF-8");
user.setPassword(MD5pwd);
} catch (Exception e) {
user.setPassword("");
}
User resultUser = userService.login(user);
最后一行获取到的resultUser我想不明白从哪里获取而来,望解答,谢谢!
这是我的qq1638481466
请问怎样设置呢?
本项目已经很久没有维护了,主要是现在Java开发者们基本都是使用Spring Boot去开发项目。这几年来,作者也主要在维护几个Spring Boot相关的开源仓库,推荐大家可以看一看这些仓库:
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.