发现BUG给高分

注册登录有脚本错消息: 'null' 为空或不是对象
行: 76
字符: 3
代码: 0
URI: http://hotoa.net/security/register_success.jsp?service=/portal/index.jsp&[email protected]&fullName=%253Cscript%253Ealert%2528%2529%253C%252Fscript%253E

注册用户没做边际控制，直接报500错误错误信息如下org.apache.jasper.JasperException: Error Executing Database Query.[DataDirect][SQLServer JDBC Driver][SQLServer]将截断字符串或二进制数据。 
DataSource:hotoa_main 
SQL:
org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:512)

错误信息直接暴露在外安全性能非常低下而且暴露了表的结构如下ASPOrganizations( ASPID,
OrgName,
HotOAName,
alisoftId,
creationDate,
fullName,
email,
phone,
title,
employeeCount,
address,
IP,
province,
city
)

注册成功后，路径直接可以看到表单参数，没有加密等安全性措施，容易捕获数据，
其他的不想测了，太多BUG了。

http://www.hotoa.net/portal/home/index.jsporg.apache.jasper.JasperException: Error Executing Database Query.[DataDirect][SQLServer JDBC Driver][SQLServer]第 5 行: ')' 附近有语法错误。 
DataSource:hotoa_main 
SQL:
select userID from portalPage
WHERE PORTALPAGE.ASPID=7653 and (
pageID =

好的，有时间一定把你的bug写出来

1.bug 很多注册时应该防止javascript 注入
2.表单提交没有加密
3.java写的网站程序速度奇慢希望架构不要是ssh ssi还要好些

这年头还有没有bug的软极吗？

增加角色的没有做字符的限制。
报 500
org.apache.jasper.JasperException: Error Executing Database Query.[DataDirect][SQLServer JDBC Driver][SQLServer]将截断字符串或二进制数据。 

)

  你们这个项目做了多久啊！有几个人开发啊！
      功能还是蛮多的，不过bug也多。。

晕，注册都注册不了，出错。org.apache.jasper.JasperException: Error Executing Database Query.[DataDirect][SQLServer JDBC Driver][SQLServer]第 5 行: ')' 附近有语法错误。 
DataSource:hotoa_main 
SQL:
select userID from portalPage
WHERE PORTALPAGE.ASPID=7670 and (
pageID =
) 
Params:
org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:512)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:395)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
com.opensymphony.module.sitemesh.filter.PageFilter.parsePage(PageFilter.java:118)
com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:52)
hotlong.hotkm.util.SetResponseCharacterEncodingFilter.doFilter(Unknown Source)
hotlong.hotkm.util.SetRequestCharacterEncodingFilter.doFilter(Unknown Source)root causefusionj.tagext.sql.QueryTag$DatabaseQueryException: Error Executing Database Query.[DataDirect][SQLServer JDBC Driver][SQLServer]第 5 行: ')' 附近有语法错误。 
DataSource:hotoa_main 
SQL:
select userID from portalPage
WHERE PORTALPAGE.ASPID=7670 and (
pageID =
) 
Params:
fusionj.tagext.sql.QueryTag.doEndTag(Unknown Source)
org.apache.jsp.home.index_jsp._jspService(index_jsp.java:347)
fusionj.runtime.FusionJ.service(Unknown Source)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:334)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
com.opensymphony.module.sitemesh.filter.PageFilter.parsePage(PageFilter.java:118)
com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:52)
hotlong.hotkm.util.SetResponseCharacterEncodingFilter.doFilter(Unknown Source)
hotlong.hotkm.util.SetRequestCharacterEncodingFilter.doFilter(Unknown Source)root causejava.sql.SQLException: [DataDirect][SQLServer JDBC Driver][SQLServer]第 5 行: ')' 附近有语法错误。
com.ddtek.jdbc.base.BaseExceptions.createException(Unknown Source)
com.ddtek.jdbc.base.BaseExceptions.getException(Unknown Source)
com.ddtek.jdbc.sqlserver.tds.TDSRequest.processErrorToken(Unknown Source)
com.ddtek.jdbc.sqlserver.tds.TDSRequest.processReplyToken(Unknown Source)
com.ddtek.jdbc.sqlserver.tds.TDSRPCRequest.processReplyToken(Unknown Source)
com.ddtek.jdbc.sqlserver.tds.TDSCursorRequest.processReplyToken(Unknown Source)
com.ddtek.jdbc.sqlserver.tds.TDSRequest.processReply(Unknown Source)
com.ddtek.jdbc.sqlserver.tds.TDSCursorRequest.commonExecute(Unknown Source)
com.ddtek.jdbc.sqlserver.tds.TDSCursorRequest.submitUnpreparedExecute(Unknown Source)
com.ddtek.jdbc.sqlserver.tds.TDSRPCRequest.submitRequest(Unknown Source)
com.ddtek.jdbc.sqlserver.SQLServerImplStatement.execute(Unknown Source)
com.ddtek.jdbc.base.BaseStatement.commonExecute(Unknown Source)
com.ddtek.jdbc.base.BaseStatement.executeInternal(Unknown Source)
com.ddtek.jdbc.base.BaseStatement.execute(Unknown Source)
fusionj.sql.ConnectionUtils.executeQuery(Unknown Source)
fusionj.sql.SqlImpl.execute(Unknown Source)
fusionj.tagext.sql.QueryTag.doEndTag(Unknown Source)
org.apache.jsp.home.index_jsp._jspService(index_jsp.java:347)
fusionj.runtime.FusionJ.service(Unknown Source)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:334)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
com.opensymphony.module.sitemesh.filter.PageFilter.parsePage(PageFilter.java:118)
com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:52)
hotlong.hotkm.util.SetResponseCharacterEncodingFilter.doFilter(Unknown Source)
hotlong.hotkm.util.SetRequestCharacterEncodingFilter.doFilter(Unknown Source)note The full stack trace of the root cause is available in the Apache Tomcat/5.5.20 logs.

所有页面，统统 xhtml 验证失败案例里面，你放个EA（美国艺电）的标志干嘛?注册时密码的check(正则？）有问题：[email protected]也能通过知识评分里面，上面导航条菜单的z-index不正确

登录不了，账号密码不正确：登陆失败。请再试一次。PS：其中的“陆”是别字，应该使用“录”。=============================================================================================
访问：http://www.hotoa.com/industries/industry.jsp?industryID=-146一个产品应有 500 的页面，而不是直接将错误暴露出来。带有参数的页面，只要去掉某个参数就会报错。如果参数值是数字的，输出一个负数，或者字母，或者是很大的数值也会报错。异常链如下。
HTTP Status 500 -type Exception reportmessagedescription The server encountered an internal error () that prevented it from fulfilling this request.exceptionorg.apache.jasper.JasperException
org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:512)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:377)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
hotlong.hotkm.util.SetResponseCharacterEncodingFilter.doFilter(Unknown Source)
com.opensymphony.webwork.dispatcher.FilterDispatcher.doFilter(FilterDispatcher.java:168)
hotlong.hotkm.base.action.util.HotKMFilterDispatcher.doFilter(Unknown Source)
com.opensymphony.module.sitemesh.filter.PageFilter.parsePage(PageFilter.java:118)
com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:52)
com.opensymphony.webwork.dispatcher.ActionContextCleanUp.doFilter(ActionContextCleanUp.java:43)
hotlong.hotkm.util.SetRequestCharacterEncodingFilter.doFilter(Unknown Source)
hotlong.hotkm.base.util.ApplicationInitializedFilter.doFilter(Unknown Source)root causejavax.servlet.ServletException
org.apache.jasper.runtime.PageContextImpl.doHandlePageException(PageContextImpl.java:843)
org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImpl.java:776)
org.apache.jsp.industries.industry_jsp._jspService(industry_jsp.java:306)
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:334)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
hotlong.hotkm.util.SetResponseCharacterEncodingFilter.doFilter(Unknown Source)
com.opensymphony.webwork.dispatcher.FilterDispatcher.doFilter(FilterDispatcher.java:168)
hotlong.hotkm.base.action.util.HotKMFilterDispatcher.doFilter(Unknown Source)
com.opensymphony.module.sitemesh.filter.PageFilter.parsePage(PageFilter.java:118)
com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:52)
com.opensymphony.webwork.dispatcher.ActionContextCleanUp.doFilter(ActionContextCleanUp.java:43)
hotlong.hotkm.util.SetRequestCharacterEncodingFilter.doFilter(Unknown Source)
hotlong.hotkm.base.util.ApplicationInitializedFilter.doFilter(Unknown Source)root causehotlong.hotkm.kb.KbObjectNotFoundException
hotlong.hotkm.kb.database.DbKbFactory.getKbCategory(Unknown Source)
hotlong.hotkm.kb.B.G.getKbCategory(Unknown Source)
org.apache.jsp.industries.industry_jsp._jspService(industry_jsp.java:67)
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:334)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
hotlong.hotkm.util.SetResponseCharacterEncodingFilter.doFilter(Unknown Source)
com.opensymphony.webwork.dispatcher.FilterDispatcher.doFilter(FilterDispatcher.java:168)
hotlong.hotkm.base.action.util.HotKMFilterDispatcher.doFilter(Unknown Source)
com.opensymphony.module.sitemesh.filter.PageFilter.parsePage(PageFilter.java:118)
com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:52)
com.opensymphony.webwork.dispatcher.ActionContextCleanUp.doFilter(ActionContextCleanUp.java:43)
hotlong.hotkm.util.SetRequestCharacterEncodingFilter.doFilter(Unknown Source)
hotlong.hotkm.base.util.ApplicationInitializedFilter.doFilter(Unknown Source)note The full stack trace of the root cause is available in the Apache Tomcat/5.5.20 logs.=============================================================================================
你的账号登录不了，这个站点功能很多，只看了这一些。

上面那个被遮住了是在 Firefox 3.6.3 版本中的显示，在 IE 6 中正常。

是啊，功能很多，不过 BUG 也多，这里也只能帮你测一些基本的 BUG，至于业务上的 BUG 根本没办法测。我想这是你们的产品，应该配有专业测试团队。

看到这，觉得lz分不够呀！我就不进去测了，jf！

调试易

发现BUG给高分

解决方案 »