手动创建一个Servlet
1,TestServlet
- init
- doGet
- destroy
2,web.xml配置
<servlet>
<servlet-name>TestServlet</servlet-name>
<servlet-class>org.example.servletshell.TestServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>TestServlet</servlet-name>
<url-pattern>/test</url-pattern>
</servlet-mapping>3,文章分析
- 创建一个恶意的servlet
- 获取当前的StandardContext
- 将恶意servlet封装成wrapper添加到StandardContext的children当中
- 添加ServletMapping将访问的URL和wrapper进行绑定