New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

路径遍历漏洞 #13

Open

QiAnXinCodeSafe opened this issue Aug 1, 2019 · 0 comments

QiAnXinCodeSafe commented Aug 1, 2019

FileDownload.java中下载文件时未检验文件名，导致攻击者可能通过构造带有“../”的路径进行路径遍历，从而下载任意文件。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment