「任意のファイルのダウンロード」という高危険な脆弱性を記録します.

"java" import="java.util.*" pageEncoding="utf-8"%>
"java.util.*"%>
"java.io.*"%>
"java.net.*"%>
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>


<html>
  <head>

    <title>Demo Downloadtitle>

    <meta http-equiv="pragma" content="no-cache">
    <meta http-equiv="cache-control" content="no-cache">
    <meta http-equiv="expires" content="0">    
    <meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
    <meta http-equiv="description" content="This is my page">
    

  head>

  <body>
    String filename = "";
        if (request.getParameter("file") != null) {
            filename = request.getParameter("file");
        }
        response.setContentType("application/msword");
        response.setHeader("Content-disposition","attachment; filename="+filename);

        if("" != filename){
             BufferedInputStream bis = null;
            BufferedOutputStream bos = null;
            try {
                System.out.println("===============" + getServletContext().getRealPath("" + filename));
                bis = new BufferedInputStream(new FileInputStream(getServletContext().getRealPath("") + "/developerDemo/" + filename));
                bos = new BufferedOutputStream(response.getOutputStream());

                byte[] buff = new byte[2048];
                int bytesRead;

                while(-1 != (bytesRead = bis.read(buff, 0, buff.length))) {
                    bos.write(buff,0,bytesRead);
                }

            } catch(final IOException e) {
                System.out.println ( "  IOException." + e );
            } finally {
                if (bis != null)
                    bis.close();
                if (bos != null)
                    bos.close();
            }
            return;
        }

    %>
  body>
html>

このページでは、Webサイトの任意のファイルをダウンロードできます.(ファイル名..ディレクトリを移動可能)