code-injection

How does this site infecting script work?

by

Notice the replace call after the giant messy string: .replace(/#|\$|@|\^|&|\(|\)|\!/ig, ”). It removes most of the special characters, turning it into a normal URL: evil://dyndns-org.gamestop.com.mybestyouxi-cn.genuinehollywood.ru:8080/softonic.com/softonic.com/google.com/livejasmin.com/videosz.com/ (I manually changed http: to evil:) Note that the regex could have been simplified to .replace(/[#$@^&()!]/ig, ”) If you look at the script, you’ll see that it’s a very simple … Read more

Spring: How to inject a value to static field?

by

First of all, public static non-final fields are evil. Spring does not allow injecting to such fields for a reason. Your workaround is valid, you don’t even need getter/setter, private field is enough. On the other hand try this: @Value(“${my.name}”) public void setPrivateName(String privateName) { Sample.name = privateName; } (works with @Autowired/@Resource). But to give … Read more

What is Dependency Injection and Inversion of Control in Spring Framework?

by

Spring helps in the creation of loosely coupled applications because of Dependency Injection. In Spring, objects define their associations (dependencies) and do not worry about how they will get those dependencies. It is the responsibility of Spring to provide the required dependencies for creating objects. For example: Suppose we have an object Employee and it … Read more

Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)