<%@ page contentType="text/html; charset=UTF-8" import="kr.co.kihyun.beans.user.HttpSSOLogin" import="kr.co.kihyun.text.html.ServletUtil" import="java.net.URLEncoder" import="kr.co.kihyun.moumi.Moumi" import="kr.co.kihyun.lang.Encoder" import="kr.co.kihyun.lang.MString" import="java.io.File" import="java.io.FileReader" import="java.io.BufferedReader"%> <%@ include file="/totsys/common/inc/sec/secure.inc.jsp"%> <% try{ /*********** User HttpSSOLogin check ***********/ if(!HttpSSOLogin.isLogin(request)){ //login 성공후 되돌아올 주소 String connURL="opener.location='/totsys/login/login.jsp';"; out.println(ServletUtil.getJavaScript(connURL)); out.println(ServletUtil.getJavaScript("window.close();")); return; } /********** session내의 userId **********/ String usID = HttpSSOLogin.getLoginID(request); /****** Parameter ******/ String mode = ""; mode = clearXSS(request.getParameter("mode"),""); String fileName = MString.checkNull(request.getParameter("fileName")); String dirPath = URLEncoder.encode(""+Moumi.getMessageBundle().getString("moumi.message.tot_doc.notice")+"", "UTF-8"); File file = null; //25.디렉토리 경로 조작(BufferedReader)_CWE-22/23 : Add by KWON,HAN //29.디렉토리 경로 조작(getParameter)_CWE-22/23 : Add by KWON,HAN // 특수문자열 포함여부 체크 if(fileName.contains("..") || fileName. contains("/")) { out.println(""); return; } //++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ if(MString.isNull(fileName)){ file = new File(Moumi.getRoot().getPath()+System.getProperty("file.separator")+"user.csv"); }else{ //v2.15.new File을 통한 임의 파일 다운로드 : Add by KWON,HAN //비고 : 이전에 해결책에 따라 적용하였지만 다시 취약점을 판정되어 if문장 중에서 else문에 해결책을 적용함 if(fileName.contains("..") || fileName. contains("/")) { out.println(""); return; } //+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ file = new File(Moumi.getCsvFileRoot().getPath()+System.getProperty("file.separator")+fileName); } if(!file.exists()) return; FileReader fr = new FileReader(file); // 위에서 특수문자(../)등이 입력 값에 포함되어 있는지를 검사합니다. BufferedReader br = new BufferedReader(fr); String user = ""; boolean error = false; %> <%@page import="kr.co.kihyun.lang.MLong"%> <%@page import="kr.co.kihyun.beans.user.Dept"%> <%=Moumi.getTitle()%>

<% for(user = br.readLine(); user != null; user = br.readLine()){ if(user.equals("") || user==null) break; String[] user_Cnvt = user.split(","); %> <%for(int i=0; i < user_Cnvt.length; i++){%> <%}%> <%}%>

<%=Moumi.getMessageBundle().getString("moumi.message.tot_doc.user")%> ID	<%=Moumi.getMessageBundle().getString("moumi.message.tot_doc.password")%>	<%=Moumi.getMessageBundle().getString("moumi.message.tot_doc.user")%> <%=Moumi.getMessageBundle().getString("moumi.message.tot_doc.userName")%>	<%=Moumi.getMessageBundle().getString("moumi.message.tot_doc.reached")%>	E-Mail	<%=Moumi.getMessageBundle().getString("moumi.message.tot_doc.position")%>	<%=Moumi.getMessageBundle().getString("moumi.message.tot_doc.rank")%>	<%=Moumi.getMessageBundle().getString("moumi.message.tot_doc.devision")%>ID
bgcolor="red" <%}else if(user_Cnvt.length == 8 && new Dept().getName(user_Cnvt[7]).equals("")){ error = true;%> bgcolor="red" <%}%>> <%= MString.checkNull(user_Cnvt[i].trim())%>
<%=Moumi.getMessageBundle().getString("moumi.message.tot_doc.csv")%><%=Moumi.getMessageBundle().getString("moumi.message.tot_doc.exFile")%> <%=Moumi.getMessageBundle().getString("moumi.message.tot_doc.exFileOpen")%>

<%@ include file="/totsys/common/inc/buttom/buttom.jsp"%> <% }catch(Exception ex){ //38.오류메세지를 통한 정보 노출(getMessage)_CWE-209 : Update by YOUNGJUN,CHO ex.printStackTrace(); //out.println(ex);//앤개 //out.println("

Can't contact servlet runner

Message : "+ex.getMessage()+""); //out.println(""); //================================================ }finally{ } %>