fix typo

vulhub · May 23, 2024 · 3ad231d · 3ad231d
1 parent d8ce97f
commit 3ad231d
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 2 deletions.
diff --git a/nexus/CVE-2024-4956/README.md b/nexus/CVE-2024-4956/README.md
@@ -22,7 +22,7 @@ After the server is started, browse `http://your-ip:8081` to see the home page o
 
 ## Exploit
 
-Just like SpringMVC CVE-2018-1271 from Orange Tsai's [share](https://i.blackhat.com/us-18/Wed-August-8/us-18-Orange-Tsai-Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-And-Pop-0days-Out-2.pdf), Jetty's `URIUtil.canonicalPath()` also treats the empty string as a directory whih is the root case of this vulnerability:
+Just like SpringMVC CVE-2018-1271 from Orange Tsai's [share](https://i.blackhat.com/us-18/Wed-August-8/us-18-Orange-Tsai-Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-And-Pop-0days-Out-2.pdf), Jetty's `URIUtil.canonicalPath()` also treats the empty string as a directory which is the root case of this vulnerability:
 
 ![](1.png)
 

diff --git a/nexus/CVE-2024-4956/README.zh-cn.md b/nexus/CVE-2024-4956/README.zh-cn.md
@@ -22,6 +22,8 @@ docker compose up -d
 
 与Orange Tsai在[Blackhat US 2018](https://i.blackhat.com/us-18/Wed-August-8/us-18-Orange-Tsai-Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-And-Pop-0days-Out-2.pdf)分享的SpringMVC CVE-2018-1271漏洞类似，Jetty的`URIUtil.canonicalPath()`函数也将空字符串认为是一个合法目录，导致了该漏洞的产生：
 
+![](1.png)
+
 发送如下请求来复现漏洞：
 
 ```
@@ -39,4 +41,4 @@ Cache-Control: max-age=0
 
 可见，`/etc/passwd`已被成功读取：
 
-![](1.png)
+![](2.png)