此漏洞可以下载服务器任何文件
源码如下
@RequestMapping("file")
public class FileDownloadController {
@GetMapping("down")
public void download(@RequestParam("p") String path, HttpServletResponse response) {
try {
File f = new File(path);
String filename = f.getName();
FileInputStream fileInputStream = new FileInputStream(f);
InputStream inputStream = new BufferedInputStream(fileInputStream);
byte[] buffer = new byte[inputStream.available()];
服务器托管网 inputStream.read(buffer);
inputStream.close();
response.reset();
response.setCharacterEncoding("UTF-8");
response.addHeader("Content-Disposition", "attachment;filename=" + URLEncoder.encode(filename, "UTF-8"));
response.addHeader("Content-Length", "" + f.length());
OutputStream outputStream = new BufferedOutputStream(response.getOutpu服务器托管网tStream());
response.setContentType("application/octet-stream");
outputStream.write(buffer);
outputStream.flush();
} catch (IOException e) {
e.printStackTrace();
}
}
}
模拟请求
http://127.0.0.1:8080/file/download?p=/root/a.txt
解决方案:
对传入参数进行判断
服务器托管,北京服务器托管,服务器租用 http://www.fwqtg.net
机房租用,北京机房租用,IDC机房托管, http://www.fwqtg.net
系列文章 Nomad 系列文章 Nomad 重要术语 Nomad 安装设置相关术语 agent – 代理。Agent 是在 Server(服务器) 或 Client(客户端) 模式下运行的 Nomad 进程。 client – 客户端。Nomad 客户端负责运…