You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Vulnerability details:
The default upload and download paths for files are set to D:\img\ in src/main/resources/application.yml
First, create a new etc directory in the root directory of drive D, which will store the passwd file
src/main/java/com/itheima/reggie/controller/CommonController.java The download method in the middle does not filter the incoming name parameter, allowing attackers to download any file without logging in
GET /common/download?name=/../etc/passwd HTTP/1.1
Host: 192.168.0.102:8080
The text was updated successfully, but these errors were encountered:
Vulnerability details:
The default upload and download paths for files are set to D:\img\ in src/main/resources/application.yml
First, create a new etc directory in the root directory of drive D, which will store the passwd file
src/main/java/com/itheima/reggie/controller/CommonController.java The download method in the middle does not filter the incoming name parameter, allowing attackers to download any file without logging in
The text was updated successfully, but these errors were encountered: