JAVA审计-文件操作

2022/3/3 1:45:03

本文主要是介绍JAVA审计-文件操作,对大家解决编程问题具有一定的参考价值,需要的程序猿们随着小编来一起学习吧!

前言

上篇主要是关于文件上传的操作,这一篇记录一下其他文件操作

0x01 任意文件下载/读取

@WebServlet("/FileRead")
public class fileRead extends HttpServlet {
    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        //以当前get请求的路径+filename参数值作为File对象
        File file = new File(this.getServletContext().getRealPath("/") + req.getParameter("filename"));
        FileInputStream in = new FileInputStream(file);
        ServletOutputStream sos = resp.getOutputStream();
        int len;
        byte[] buffer = new byte[1024];

        while ((len = in.read(buffer)) != -1) {
            sos.write(buffer, 0, len);
        }
        in.close();
    }

    @Override
    protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        super.doGet(req, resp);
    }
}

image-20220302170547670

下载:

@WebServlet("/downServlet")
public class readServlet extends HttpServlet {
    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    this.doGet(request, response);
    }

    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        
        String filename = request.getParameter("filename");
        String fileContent = "";
        FileReader fileReader = new FileReader(filename);
        response.setHeader("content-disposition", "attachment;fileName=" + filename);
        BufferedReader bufferedReader = new BufferedReader(fileReader);
        String line = "";
        while (null != (line = bufferedReader.readLine())) {
            fileContent += (line + "\n");
        }
        }
}

和前面的文件读取也差不多,只是多了设置了一个响应体。

image-20220302172020588

0x02 任意文件删除

@WebServlet("/FileDeleteServlet")
public class FileDeleteServlet extends HttpServlet {
    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        resp.setCharacterEncoding("gbk");
        File file = new File(this.getServletContext().getRealPath("/") + req.getParameter("filename"));
        PrintWriter writer = resp.getWriter();
        writer.println(this.getServletContext().getRealPath("/"));
        writer.println(this.getServletContext().getRealPath("/") + req.getParameter("filename"));
        if (file.exists()){
            writer.println(file.getName() + "文件已删除!");
            file.delete();
        }else {
            writer.println("文件不存在!");
        }
    }

    @Override
    protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        super.doGet(req, resp);
    }
}

image-20220302173248161

0x03 任意文件写入

@WebServlet("/FileWriteServlet")
public class FileWriteServlet extends HttpServlet {
    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        File file = new File(req.getParameter("f"));
        FileOutputStream fos = new FileOutputStream(file);
        fos.write(req.getParameter("c").getBytes());
        fos.flush();
        fos.close();

        ServletOutputStream sos = resp.getOutputStream();
        sos.println(file.getAbsoluteFile() + "\t" + file.exists());
    }

    @Override
    protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        super.doGet(req, resp);
    }
}

0x04 任意文件复制

@WebServlet("/FileCopyServlet")
public class FileCopyServlet extends HttpServlet {
    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        resp.setCharacterEncoding("gbk");
        Path path = Files.copy(Paths.get(req.getParameter("source")), Paths.get(req.getParameter("dest")));
        PrintWriter writer = resp.getWriter();
        writer.println(path);
    }

    @Override
    protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        super.doGet(req, resp);
    }
}

0x05 任意文件重命名

@WebServlet("/FileReNameServlet")
public class FileReNameServlet extends HttpServlet {
    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        String fileName1 = req.getParameter("source");
        String fileName2 = req.getParameter("dest");

        File file1 = new File(fileName1);
        File file2 = new File(fileName2);

        file1.renameTo(file2);
        PrintWriter writer = resp.getWriter();
        writer.println(file2.getAbsolutePath() + "\t" + file2.exists());

    }

    @Override
    protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        super.doGet(req, resp);
    }
}

0x06 目录遍历

@WebServlet("/DirListServlet")
public class DirList extends HttpServlet {
    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        resp.setCharacterEncoding("gbk");
        String[] files = new File(req.getParameter("dir")).list();
        PrintWriter writer = resp.getWriter();
        for (String file : files) {
            writer.println(file);
        }
    }

    @Override
    protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        super.doGet(req, resp);
    }
}

image-20220302174114201

总结

审计重点方法,主要是参数需要可控:

  • java.io.FileInputStream
  • java.io.FileOutputStream
  • org.apache.commons.io.FileUtils

参考

https://www.cnblogs.com/CoLo/p/15265624.html

https://www.cnblogs.com/nice0e3/p/13698256.html



这篇关于JAVA审计-文件操作的文章就介绍到这儿,希望我们推荐的文章对大家有所帮助,也希望大家多多支持为之网!


扫一扫关注最新编程教程