Merge pull request JoyChou93#3 from lightless233/master

JoyChou93 · web-flow · commit 845148dbb8ca · 2018-10-19T12:57:47.000+08:00
Add new Java URL redirect vulnerability example.
diff --git a/src/main/java/org/joychou/controller/URLRedirect.java b/src/main/java/org/joychou/controller/URLRedirect.java
@@ -1,7 +1,9 @@
 package org.joychou.controller;
 
 import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.ResponseBody;
 
 import javax.servlet.RequestDispatcher;
@@ -20,6 +22,15 @@
 @RequestMapping("/urlRedirect")
 public class URLRedirect {
 
+    /**
+     * @disc: 存在URL重定向漏洞
+     * @fix: 添加URL白名单 https://github.com/JoyChou93/trident/blob/master/src/main/java/CheckURL.java
+     */
+    @GetMapping("/redirect")
+    public String redirect(@RequestParam("url") String url) {
+        return "redirect:" + url;
+    }
+
     /**
      * @disc: 存在URL重定向漏洞
      * @fix: 添加URL白名单 https://github.com/JoyChou93/trident/blob/master/src/main/java/CheckURL.java
