-
Notifications
You must be signed in to change notification settings - Fork 460
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
File Upload #17796
Comments
@Pd1r Questions on this:
I am trying to reproduce this and I cannot:
gives me a When I step through and debug the code, the |
@Pd1r thank you for the report and details, I can confirm this. We are working on a fix. |
* Created new Filter to intercept and normalizate URIs * Applied feedback #17796
PR: #17809 |
Fixed, tested on release-5.2.4 // Postgres // FF |
Note that you need to pass the
|
Describe the bug
Upload jsp files to control the target server
Steps to reproduce the behavior:
/asdasd/../asset
Get file id
Execute arbitrary server commands
Can upload even without authorization
dir like this
The text was updated successfully, but these errors were encountered: