{"id":478257,"date":"2023-08-09T09:29:53","date_gmt":"2023-08-09T09:29:53","guid":{"rendered":""},"modified":"2023-09-05T11:16:22","modified_gmt":"2023-09-05T11:16:22","slug":"ognl-injection","status":"publish","type":"wiki","link":"https:\/\/oneproxy.pro\/cn\/wiki\/ognl-injection\/","title":{"rendered":"OGNL\u6ce8\u5165"},"content":{"rendered":"

OGNL\u6ce8\u5165\u7b80\u8981\u4ecb\u7ecd<\/p>\n

OGNL\uff08\u5bf9\u8c61\u56fe\u5bfc\u822a\u8bed\u8a00\uff09\u6ce8\u5165\u662f\u4e00\u79cd\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5728 Web \u5e94\u7528\u7a0b\u5e8f\u7684\u670d\u52a1\u5668\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u8fd9\u79cd\u653b\u51fb\u5f62\u5f0f\u6d89\u53ca\u5229\u7528\u67d0\u4e9b Web \u6846\u67b6\uff08\u6700\u8457\u540d\u7684\u662f Apache Struts\uff09\u4e2d\u4f7f\u7528\u7684 OGNL \u8868\u8fbe\u5f0f\u3002OGNL \u6ce8\u5165\u53ef\u80fd\u5bfc\u81f4\u672a\u7ecf\u6388\u6743\u7684\u4fe1\u606f\u6cc4\u9732\u3001\u6570\u636e\u4fee\u6539\uff0c\u751a\u81f3\u6574\u4e2a\u7cfb\u7edf\u88ab\u5165\u4fb5\u3002<\/p>\n

OGNL \u6ce8\u5165\u7684\u8d77\u6e90\u5386\u53f2\u4ee5\u53ca\u9996\u6b21\u63d0\u53ca<\/h2>\n

\u968f\u7740\u4f9d\u8d56 OGNL \u8868\u8fbe\u5f0f\u8fdb\u884c\u5404\u79cd\u7528\u9014\uff08\u4f8b\u5982\u6570\u636e\u64cd\u4f5c\u548c UI \u6e32\u67d3\uff09\u7684 Web \u5e94\u7528\u7a0b\u5e8f\u548c\u6846\u67b6\u7684\u589e\u591a\uff0cOGNL \u6ce8\u5165\u4e5f\u9010\u6e10\u4e3a\u4eba\u6240\u77e5\u3002Apache Struts \u662f\u4e00\u79cd\u7528\u4e8e\u5f00\u53d1 Java Web \u5e94\u7528\u7a0b\u5e8f\u7684\u6d41\u884c\u5f00\u6e90\u6846\u67b6\uff0c\u5b83\u6210\u4e3a\u4e86\u6b64\u6f0f\u6d1e\u7684\u4e3b\u8981\u53d7\u5bb3\u8005\u3002<\/p>\n

2011 \u5e74\uff0c\u4e00\u540d\u7814\u7a76\u4eba\u5458\u53d1\u73b0\u4e86 Apache Struts2 \u4e2d\u7684\u4e00\u4e2a\u6f0f\u6d1e\uff0cOGNL \u6ce8\u5165\u9996\u6b21\u88ab\u516c\u5f00\u63d0\u53ca\u3002\u8fd9\u4e00\u53d1\u73b0\u6807\u5fd7\u7740\u4e00\u7cfb\u5217\u9488\u5bf9\u4e0e OGNL \u76f8\u5173\u7684\u98ce\u9669\u548c\u653b\u51fb\u5a92\u4ecb\u7684\u8fdb\u4e00\u6b65\u8c03\u67e5\u548c\u53d1\u73b0\u7684\u5f00\u59cb\u3002<\/p>\n

\u5173\u4e8eOGNL\u6ce8\u5165\u7684\u8be6\u7ec6\u4fe1\u606f\uff1a\u6269\u5c55\u4e3b\u9898OGNL\u6ce8\u5165<\/h2>\n

OGNL \u6ce8\u5165\u4e0d\u4ec5\u9650\u4e8e Apache Struts\uff0c\u8fd8\u4f1a\u5f71\u54cd\u4f7f\u7528 OGNL \u7684\u5176\u4ed6\u6846\u67b6\u3002\u8fd9\u79cd\u5f3a\u5927\u7684\u8868\u8fbe\u5f0f\u8bed\u8a00\u65e8\u5728\u83b7\u53d6\u548c\u8bbe\u7f6e Java \u5bf9\u8c61\u7684\u5c5e\u6027\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u7f16\u5199\u6076\u610f\u7684 OGNL \u8868\u8fbe\u5f0f\uff0c\u5f53\u670d\u52a1\u5668\u8bc4\u4f30\u8fd9\u4e9b\u8868\u8fbe\u5f0f\u65f6\uff0c\u5b83\u4eec\u4f1a\u6267\u884c\u4efb\u610f Java \u4ee3\u7801\u3002<\/p>\n

\u4e25\u91cd\u7a0b\u5ea6<\/h3>\n

OGNL \u6ce8\u5165\u53ef\u80fd\u4f1a\u5bf9\u5e94\u7528\u7a0b\u5e8f\u6216\u7cfb\u7edf\u9020\u6210\u4e25\u91cd\u635f\u5bb3\u3002\u5b83\u53ef\u80fd\u5bfc\u81f4\uff1a<\/p>\n