记录一次“任意文件下载”高危漏洞
2015-12-14 11:35
232 查看
<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%> <%@page import="java.util.*"%> <%@page import="java.io.*"%> <%@page import="java.net.*"%> <% String path = request.getContextPath(); String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/"; %> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title>Demo Download</title> <meta http-equiv="pragma" content="no-cache"> <meta http-equiv="cache-control" content="no-cache"> <meta http-equiv="expires" content="0"> <meta http-equiv="keywords" content="keyword1,keyword2,keyword3"> <meta http-equiv="description" content="This is my page"> <!-- <link rel="stylesheet" type="text/css" href="styles.css"> --> </head> <body> <% String filename = ""; if (request.getParameter("file") != null) { filename = request.getParameter("file"); } response.setContentType("application/msword"); response.setHeader("Content-disposition","attachment; filename="+filename); if("" != filename){ BufferedInputStream bis = null; BufferedOutputStream bos = null; try { System.out.println("===============" + getServletContext().getRealPath("" + filename)); bis = new BufferedInputStream(new FileInputStream(getServletContext().getRealPath("") + "/developerDemo/" + filename)); bos = new BufferedOutputStream(response.getOutputStream()); byte[] buff = new byte[2048]; int bytesRead; while(-1 != (bytesRead = bis.read(buff, 0, buff.length))) { bos.write(buff,0,bytesRead); } } catch(final IOException e) { System.out.println ( "出现IOException." + e ); } finally { if (bis != null) bis.close(); if (bos != null) bos.close(); } return; } %> </body> </html>
利用此页面可以下载网站任何文件。(文件名..可以移动目录)
相关文章推荐
- BBSXP漏洞再探究
- Dedecms getip()的漏洞利用代码
- 漏洞漫舞的飞骋
- OBlog任意文件下载漏洞
- IIS漏洞整理大全
- JSP脚本漏洞面面观
- 新思路现动网新漏洞
- 小议yxbbs漏洞利用代码
- 揭露88red生成htm静态页面企业建站系统漏洞第1/2页
- 四大漏洞入侵博客
- Debian灾难性漏洞
- 使用Nmap为你的Windows网络找漏洞的图文分析
- rgboard 3.0.12 远程文件包含漏洞
- ASP的chr(0)文件上传漏洞原理和解决方法介绍
- 验证码的三个常见漏洞和修复方法
- php漏洞之跨网站请求伪造与防止伪造方法
- php str_replace的替换漏洞
- FCKeditor 新闻组件的一些程序漏洞
- PHP程序漏洞产生的原因分析与防范方法说明
- Apache后缀名解析漏洞分析和防御方法