-
Notifications
You must be signed in to change notification settings - Fork 0
Java(Servlet) Dangerous function
Rinku Kumar edited this page Aug 11, 2021
·
2 revisions
<—————-Directory Traversal————→
- Open a file
File f = new File(“filePath”, userinput);
- Reading & Writing file
java.io.FileInputStream
java.io.FileOutputStream
java.io.FileReader
java.io.FileWriter
Ex: FileInputStream fis = new FileInputStream(“filePath” + userinput);
<—————-SSRF————→
- Open a URL
InputStream in = new URL.openStream()
where url = User supplied Input