「任意のファイルのダウンロード」という高危険な脆弱性を記録します.
5667 ワード
"java" import="java.util.*" pageEncoding="utf-8"%>
"java.util.*"%>
"java.io.*"%>
"java.net.*"%>
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<html>
<head>
<title>Demo Downloadtitle>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
head>
<body>
String filename = "";
if (request.getParameter("file") != null) {
filename = request.getParameter("file");
}
response.setContentType("application/msword");
response.setHeader("Content-disposition","attachment; filename="+filename);
if("" != filename){
BufferedInputStream bis = null;
BufferedOutputStream bos = null;
try {
System.out.println("===============" + getServletContext().getRealPath("" + filename));
bis = new BufferedInputStream(new FileInputStream(getServletContext().getRealPath("") + "/developerDemo/" + filename));
bos = new BufferedOutputStream(response.getOutputStream());
byte[] buff = new byte[2048];
int bytesRead;
while(-1 != (bytesRead = bis.read(buff, 0, buff.length))) {
bos.write(buff,0,bytesRead);
}
} catch(final IOException e) {
System.out.println ( " IOException." + e );
} finally {
if (bis != null)
bis.close();
if (bos != null)
bos.close();
}
return;
}
%>
body>
html>
このページでは、Webサイトの任意のファイルをダウンロードできます.(ファイル名..ディレクトリを移動可能)