Java(Servlet) Dangerous function

Jump to bottom

Rinku Kumar edited this page Aug 11, 2021 · 2 revisions

<—————-Directory Traversal————→

Open a file
File f = new File(“filePath”, userinput);

Reading & Writing file
java.io.FileInputStream
java.io.FileOutputStream
java.io.FileReader
java.io.FileWriter

Ex: FileInputStream fis = new FileInputStream(“filePath” + userinput);

<—————-SSRF————→

Open a URL
InputStream in = new URL.openStream()
where url = User supplied Input

Toggle table of contents Pages 5

Clone this wiki locally