1

I'm doing lab at school asked me to build a weblogic server with insecure file upload vulnerable. My upload code is success upload without check file type and some conditions. But when I access the file, if file's type is html it will render html tab. But if the file's type is jps, it won't run .jsp file and download it. Could you show me how to fix or config weblogic server so that i could run .jsp file on which file i uploaded?

protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

        String fileName = request.getPathInfo().substring(1);
        String uploadPath =UPLOAD_DIRECTORY;


        File file = new File(uploadPath + File.separator + fileName);


        if (file.exists() && !file.isDirectory()) {

            String mimeType = getServletContext().getMimeType(file.getName());
            if (mimeType == null) {
                mimeType = "application/octet-stream";
            }
            response.setContentType(mimeType);
            response.setContentLength((int) file.length());
            response.setHeader("Content-Disposition", "inline; filename=\"" + file.getName() + "\"");


            try (BufferedReader reader = new BufferedReader(new FileReader(file));
                 PrintWriter writer = response.getWriter()) {

                String line;
                while ((line = reader.readLine()) != null) {
                    writer.println(line); 
                }

            }
        } else {

            response.sendError(HttpServletResponse.SC_NOT_FOUND, "File not found");
        }
    }```


I tried to search to config so that server run my .jsp but did not work.

0

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.