mirror of
https://github.com/gobysec/GobyVuls.git
synced 2025-05-05 10:16:59 +00:00
Jetty File Read (CVE-2021-34429)
/%u002e/WEB-INF/web.xml and /.%00/WEB-INF/web.xml After normalization and decoding, it will become /./WEB-INF/web.xml.
FOFA query rule: app="Jetty"
Demo
