I did one about 20 years ago. Created a jar file that could be run from whichever dir was set up to allow jar files and give me a file explorer Like view in the browser that allowed directory traversal as well as file up and download. I used it in security testing to check whether a web Site was properly configured to block such access outside of the sandbox. I haven’t done security testing in over 10 years and no longer know where that code might be, but it is, or rather was, very doable.
From: Christopher Schultz <ch...@christopherschultz.net> Sent: Wednesday, February 12, 2020 12:54 PM To: Tomcat Users List <users@tomcat.apache.org> Subject: [OT] Has anyone ever implemented an FTP server using the Servlet API? [External email: Use caution! Do not open attachments or click on links from unknown senders or unexpected emails.] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 All, This is a weird question, I know. FTP, really? Well, I have a product[1] that can deliver files via SFTP and FTPS but not via a web service (e.g. HTTP PUT). I was wondering how feasible it would be to build an FTP endpoint which could accept a file via FTP and then ... do whatever the heck I want with it. - -chris [1] JasperReports Server -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/<https://protect-us.mimecast.com/s/zCpjCrkXl5fA09Z2cz84D4?domain=enigmail.net> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl5EO50ACgkQHPApP6U8 pFhzaw//eLSaDmx4TwV15604C+aOhVPjARioP45F+oMZdmxwsOstaLLkHS6Sosl9 IYFnvGSDwEpC2S9FRus0dCXabPPnQSKCJ5cbnEH/noaD+Xh9xFl6bQGID5OLT3oP beBxlUGExPGfoqMTvnQVEH9rtkrt4fzgebo65gMKsp5UGEYMOUHJen6QDv06Xtg6 6C4MV4989HVsnauLP1UhxWNO+aDLaF4aiLLmy+xkWs+9sUpBmoeAWfoWtk08axTS Cs8gSiq6itvPvxOoNjAFfY5ODoddo14PLxFvyt4PhA14qj0T8bHZeXHRP4Gq4sHc J60wTdPczcJa/qRd+JUSZgjzJZGxXpNCroKKJO5q/c1Rr97UZVuoaZn3SJsm7y8c T0oWm5Xb6r8AqBAbysVECWQKeQQRhU13bSVaSDgC9TKW6YyrZcHkfy+GUR1AbvRx 4B0/M1p2+XJqvI+HXXrh6YV29OEsuqMLgcfo5WK7Veuu0zGZ14Co8jJLwyje2dgw 4PHcev+heL93gAB3T5DWQzfeIvArshlYAKmrSEmcd2AzjismaVi8soj9ky9wa7PW hNEGMRy+XvJM/lho2mgUSkODSiVqEwluvKZzwPCYxQMhce1Je126ab/tevLUIZpF s28gy3KtDyiH/3QVlDZ5oWUSTYGqWBWPJUIazs5mNYVauaYbVTU= =yAmV -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org<mailto:users-unsubscr...@tomcat.apache.org> For additional commands, e-mail: users-h...@tomcat.apache.org<mailto:users-h...@tomcat.apache.org>