hiveweb icon indicating copy to clipboard operation
hiveweb copied to clipboard
verified publisher icon dianping

路径遍历漏洞

Open QiAnXinCodeSafe opened this issue 6 years ago • 0 comments

FileDownload.java中下载文件时未检验文件名,导致攻击者可能通过构造带有“../”的路径进行路径遍历,从而下载任意文件。 图片

QiAnXinCodeSafe avatar Aug 01 '19 09:08 QiAnXinCodeSafe