CVE-2013-2186 PoC — Apache Commons FileUpload 输入验证错误漏洞

Source

https://github.com/sa1g0n1337/CVE_2013_2186

Associated Vulnerability

Title:Apache Commons FileUpload 输入验证错误漏洞 (CVE-2013-2186)
Description:Apache Commons FileUpload是美国阿帕奇（Apache）基金会的一个可将文件上传到Servlet和Web应用程序的软件包。 Apache Commons FileUpload中的DiskFileItem类中存在输入验证错误漏洞，该漏洞源于DiskFileItem类没有正确处理文件名中的空字符。远程攻击者可通过提供序列化实例利用该漏洞写入任意文件。以下产品及版本受到影响：Red Hat JBoss BRMS 5.3.1，Red Hat JBoss Portal 4.3 CP07，5.2

Description

Source code for CVE-2013-2186

Readme

# CVE_2013_2186
Source code for CVE-2013-2186

File Snapshot


 [4.0K]  /data/pocs/a5ef55451083443599c376d29b41dc184837e540
├── [1.2K]  pom.xml
├── [  46]  README.md
└── [4.0K]  src
    └── [4.0K]  main
        ├── [4.0K]  java
        │   └── [4.0K]  vn
        │       └── [4.0K]  spl4yer
        │           └── [4.0K]  servlet
        │               ├── [ 851]  CreateFile.java
        │               ├── [2.5K]  FileUploadServlet.java
        │               ├── [3.1K]  HandleFileUpload.java
        │               └── [ 797]  User.java
        └── [4.0K]  webapp
            ├── [ 585]  index.jsp
            ├── [ 496]  result.jsp
            └── [4.0K]  WEB-INF
                └── [1001]  web.xml

8 directories, 9 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!