1: <%@page import="org.owasp.esapi.*"%>
2: <%@page contentType="text/html" pageEncoding="UTF-8"%>
3:
4:
5:
6:
7:
8: Eval 취약점 샘플
9: <%
10: // 외부의 입력값을 받는다.
11: String evalParam = request.getparameter("eval");
12: // 입력값에 대한 유효성을 체크한다.
13: if ( evalParam != null ) {
14: evalParam = evalParam.replaceAll("<","<" );
15: evalParam = evalParam.replaceAll(">",">");
16: evalParam = evalParam.replaceAll("&" ,"&");
17: evalParam = evalParam.replaceAll("(","(" );
18: evalParam = evalParam.replaceAll(")",")" );
19: evalParam = evalParam.replaceAll("\"" ,""" );
20: evalParam = evalParam.replaceAll("\'" ,"'");
21: }
22: ……
23: %>
24:
19:
20: