您的位置:首页 > 其它

记录一次“任意文件下载”高危漏洞

2015-12-14 11:35 232 查看 
<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%>
<%@page import="java.util.*"%>
<%@page import="java.io.*"%>
<%@page import="java.net.*"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>

<title>Demo Download</title>

<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->

</head>

<body>
<%
String filename = "";
if (request.getParameter("file") != null) {
filename = request.getParameter("file");
}
response.setContentType("application/msword");
response.setHeader("Content-disposition","attachment; filename="+filename);

if("" != filename){
BufferedInputStream bis = null;
BufferedOutputStream bos = null;
try {
System.out.println("===============" + getServletContext().getRealPath("" + filename));
bis = new BufferedInputStream(new FileInputStream(getServletContext().getRealPath("") + "/developerDemo/" + filename));
bos = new BufferedOutputStream(response.getOutputStream());

byte[] buff = new byte[2048];
int bytesRead;

while(-1 != (bytesRead = bis.read(buff, 0, buff.length))) {
bos.write(buff,0,bytesRead);
}

} catch(final IOException e) {
System.out.println ( "出现IOException." + e );
} finally {
if (bis != null)
bis.close();
if (bos != null)
bos.close();
}
return;
}

%>
</body>
</html>


利用此页面可以下载网站任何文件。(文件名..可以移动目录)
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签:  漏洞
相关文章推荐
新的分享
章节导航