Web source code leaked ([RoarCTF 2019]Easy Java)

Others 2020-09-22 15:15:43 views: null

Source code leak

Summary of ctf/web source code leaks

[RoarCTF 2019] Easy Java
web.xml leaked. First
look at the detailed explanation of web.xml.
Solution:
https://www.cnblogs.com/wangtanzhi/p/12173215.html

WEB-INF is a safe directory for Java WEB applications. If you want to directly access the files in the page, you must map the files to be accessed through the web.xml file to access them. WEB-INF mainly contains the following files or directories:

/WEB-INF/web.xml:Web应用程序配置文件,描述了 servlet 和其他的应用组件配置及命名规则。

/WEB-INF/classes/:含了站点所有用的 class 文件,包括 servlet class 和非servlet class,他们不能包含在 .jar文件中

/WEB-INF/lib/:存放web应用需要的各种JAR文件,放置仅在这个应用中要求使用的jar文件,如数据库驱动jar文件

/WEB-INF/src/:源码目录,按照包名结构放置各个java文件。

/WEB-INF/database.properties:数据库配置文件

The cause of the vulnerability: usually some web applications we will use multiple web servers together to solve the performance defects of one of the web servers and the advantages of balancing load and complete some hierarchical security policies. When using this architecture, due to improper configuration of the mapping of static resource directories or files, some security issues may arise, resulting in files such as web.xml being able to be read. Vulnerability detection and utilization method: by finding the web.xml file, infer the path of the class file, and finally direct the class file, and then decompile the class file to get the website source code. In general, the JSP engine is forbidden to access the WEB-INF directory by default. When Nginx works with Tomcat for load balancing or clustering, the cause of the problem is actually very simple. Nginx will not consider configuring other types of engines (Nginx is not a jsp engine). The security issues of the Internet are introduced into its own security specifications (so the coupling is too high), just modify the Nginx configuration file to prohibit access to the WEB-INF directory: location ~ ^/WEB-INF/* {deny all;} or return 404; or other!

Vulnerability detection and utilization method: by finding the web.xml file, inferring the path of the class file, and finally
directing the class file, and then decompiling the class file to get the website source code. Combining the experience of the tomcat project storage path, try downloading FlagController.class and try the
Insert picture description here
payload :

filename=WEB-INF/classes/com/wm/ctf/FlagController.class

PS: bp capture needs to be changed to POST submission, it is recommended to use hackerbar to submit post data

Guess you like

Origin blog.csdn.net/qq_42812036/article/details/104280196
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com