1: <%@page import="org.owasp.esapi.*"%> 2: <%@page contentType="text/html" pageEncoding="UTF-8"%> 3: 4: 5: 6: 7: 8:

Eval 취약점 샘플

9: <% 10: // 외부의 입력값을 받는다. 11: String evalParam = request.getparameter("eval"); 12: // 입력값에 대한 유효성을 체크한다. 13: if ( evalParam != null ) { 14: evalParam = evalParam.replaceAll("<","<" ); 15: evalParam = evalParam.replaceAll(">",">"); 16: evalParam = evalParam.replaceAll("&" ,"&"); 17: evalParam = evalParam.replaceAll("(","(" ); 18: evalParam = evalParam.replaceAll(")",")" ); 19: evalParam = evalParam.replaceAll("\"" ,""" ); 20: evalParam = evalParam.replaceAll("\'" ,"'"); 21: } 22: …… 23: %> 24: 19: 20: