小贝子编程

Tomcat6 日志中奇怪的 struts2 异常(没有为操作名称 [某些 HTML 代码!!!] 映射的操作)



我有一个webApplication(Java+Struts2+...(在tomcat6上运行。我不知道日志显示这种异常有什么问题:

WARNING: Could not find action or result
There is no Action mapped for action name ><script src=. - [unknown location]
OR
There is no Action mapped for action name li><li><a href='. - [unknown location]
OR
There is no Action mapped for action name dth: 342,maxHeight: 400}). - [unknown location]
and more and more...!!!!

以下是异常堆栈跟踪的示例:

May 18, 2012 12:28:48 AM com.opensymphony.xwork2.util.logging.commons.CommonsLogger warn
WARNING: Could not find action or result
There is no Action mapped for action name ><script src=. - [unknown location]
    at com.opensymphony.xwork2.DefaultActionProxy.prepare(DefaultActionProxy.java:178)
    at org.apache.struts2.impl.StrutsActionProxy.prepare(StrutsActionProxy.java:61)
    at org.apache.struts2.impl.StrutsActionProxyFactory.createActionProxy(StrutsActionProxyFactory.java:39)
    at com.opensymphony.xwork2.DefaultActionProxyFactory.createActionProxy(DefaultActionProxyFactory.java:47)
    at org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:478)
    at org.apache.struts2.dispatcher.FilterDispatcher.doFilter(FilterDispatcher.java:395)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:857)
    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
    at java.lang.Thread.run(Thread.java:636)

你认为问题是什么?!或者我怎样才能找到更多关于这个的信息?!谢谢哥们。

它看起来像是试图在应用程序中查找XSS漏洞。如果是这样,请注意有人试图攻击您的应用程序。

看起来您可能已经输入了脚本 src=。 在需要表单操作或 Ajax URL(即操作名称(的地方,显然不会有名为脚本 src=. 的操作。 在你的支柱.xml文件中。

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium