width和heiht是否可控

    java的kaptcha库,javax的ImageIO

    image,picture,captcha

    kaptcha.image.width

    https://hackerone.com/reports/247700

    3. <dependency>
    4.     <groupId>com.google.code.kaptcha</groupId>
    5.     <artifactId>kaptcha</artifactId>
    6.     <version>2.3</version>
    7. </dependency>

    https://github.com/yanghaibing/kcss-us
    https://github.com/color-key/no-contract-pay

    https://blog.csdn.net/qq_28096687/article/details/79364788

    1. mvn install:install-file -DgroupId=com.google.code -DartifactId=kaptcha -Dversion=2.3 -Dfile=../../../kaptcha-2.3.jar -Dpackaging=jar -DgeneratePom=true

    下载源码包:
    http://code.google.com/p/kaptcha/downloads/list

    java.awt.image.BufferedImage
    使用BufferedImage用于在内存中存储生成的验证码图片

    1. BufferedImage image = new BufferedImage(w, h, BufferedImage.TYPE_INT_RGB);

    javax.imageio.ImageIO
    通过ImageIO将生成的图片进行输出

    1. ImageIO.write(image, "jpg", os);

    漏洞项目
    https://github.com/SyuuTou/wlspacecraft
    https://github.com/Noverish/Spring-FileServer
    https://github.com/giaynhap/btl_server_securechat
    https://github.com/giaynhap/btl_server_securechat/blob/cd19cde9b0c76c8f33e621403bf917174e216582/src/main/java/com/giaynhap/controller/FileController.java#L69
    [

    ](https://github.com/SyuuTou/bluewave_tstzzs)

    1. BufferedImage(ColorModel cm, WritableRaster raster, boolean isRasterPremultiplied, Hashtable<?,?> properties)
    2. BufferedImage(int width, int height, int imageType)
    3. BufferedImage(int width, int height, int imageType, IndexColorModel cm)