关于Apche shiro权限Bypass漏洞，漏洞代码段
public static String getContextPath(HttpServletRequest request) { String contextPath = (String) request.getAttribute(INCLUDE_CONTEXT_PATH_ATTRIBUTE); if (contextPath == null) { contextPath = request.getContextPath(); } if ("/".equals(contextPath)) { // Invalid case, but happens for includes on Jetty: silently adapt it. contextPath = ""; } return decodeRequestString(request, contextPath); }

对于用户输入的路径，没有对编码字符进行过滤处理，通过

%2f

url编码绕过路径权限限制即可。