X1r0z
commented
1 year ago 能发一下你编译好的jar吗
Open dirchen-admin opened 1 year ago
X1r0z
commented
1 year ago 能发一下你编译好的jar吗
X1r0z
commented
1 year ago 看了下应该是 spring 网站直接使用 Suo5TomcatFilter 注入会报错, 最新 0.5 版本加入了 Suo5SpringController 内存马, 师傅再试试看呢?
BeingEasy
commented
10 months ago 注入内存马成功,pass和key在哪里设置
Treasurez
commented
8 months ago 漏洞环境为JeecgBoot JimuReport 模板注入导致命令执行漏洞(CVE-2023-4450)也会出现 evalClass is null Godzilla-Suo5MemShell version 0.5injecting Suo5SpringController, urlPattern: /favicon.ico, result: evalClass is null user-agent: Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.1.2.3
hi-unc1e
commented
2 months ago 反馈:不支持 tomcat10,报错如下:
Godzilla-Suo5MemShell version 0.5, author: X1r0z injecting Suo5TomcatFilter, urlPattern: /favicon.ico, result: Cannot invoke "String.isEmpty()" because "this.filterName" is null
tomcat 版本:apache-tomcat-10.1.15/
按照作者的步骤自行编译的jar evalClass is null