I'm doing lab at school asked me to build a weblogic server with insecure file upload vulnerable. My upload code is success upload without check file type and some conditions. But when I access the file, if file's type is html it will render html tab. But if the file's type is jps, it won't run .jsp file and download it. Could you show me how to fix or config weblogic server so that i could run .jsp file on which file i uploaded?
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String fileName = request.getPathInfo().substring(1);
String uploadPath =UPLOAD_DIRECTORY;
File file = new File(uploadPath + File.separator + fileName);
if (file.exists() && !file.isDirectory()) {
String mimeType = getServletContext().getMimeType(file.getName());
if (mimeType == null) {
mimeType = "application/octet-stream";
}
response.setContentType(mimeType);
response.setContentLength((int) file.length());
response.setHeader("Content-Disposition", "inline; filename=\"" + file.getName() + "\"");
try (BufferedReader reader = new BufferedReader(new FileReader(file));
PrintWriter writer = response.getWriter()) {
String line;
while ((line = reader.readLine()) != null) {
writer.println(line);
}
}
} else {
response.sendError(HttpServletResponse.SC_NOT_FOUND, "File not found");
}
}```
I tried to search to config so that server run my .jsp but did not work.
