Skip to content

ldbfpiaoran/springboot-acl-bypass

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits

.settings

.settings

 
 

.vscode

.vscode

 
 

src

src

 
 

target

target

 
 

.classpath

.classpath

 
 

.project

.project

 
 

README.md

README.md

 
 

pom.xml

pom.xml

 
 

那些年绕过的url.docx

那些年绕过的url.docx

 
 

Repository files navigation

"# springboot-acl-bypass" 最近遇到url 判断不当绕过acl验签的问题

都是getRequestURI的大锅 还有configurer.setUseSuffixPatternMatch(false).setUseTrailingSlashMatch(false);的大锅

//inter/hello
/open/..;/inter/hello
/open/../inter/hello
/inter/hello.aaaaa
/inter/hello;a.js
各种大坑接连不断
安全测试人人有责 谨慎背锅

About

springboot getRequestURI acl bypass

Resources

Readme
Activity

Stars

36 stars

Watchers

2 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages