今天，我來與大家探討一下關于weblogic的話題

?

在進入內網后，如圖：

當我們看到7001時，我們就可以測試weblogic反序列化漏洞，如圖：

證明，漏洞存在，查看一下權限，如圖：

理論上，我們可以執行任意Linux命令了，但是，這樣，好像不太好玩，如果非拿系統shell，怎么辦？Upload，對。

?

那么，我們怎么使一個upload法？

?

具體思路如下：

?

1.find / -name *.jsp

2. find / -name index.jsp

3.開ssh，破解root密碼

4.破解系統后臺密碼

?

1.按照正常的思路，找到jsp執行路徑，直接上傳jsp后門，如圖：

/opt/Oracle/Middleware/wlserver_10.3/samples/server/docs/core/result.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/build/examplesWebApp/JWS_WebService.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/build/examplesWebApp/ExamplesUtils.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/build/examplesWebApp/ExamplesHeader.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/build/examplesWebApp/index.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/build/examplesWebApp/ExamplesFooter.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/build/examplesWebApp/Wsdl2Service.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/build/extServletAnnotationsEar/extServletAnnotations.war/loginForm.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/build/extServletAnnotationsEar/extServletAnnotations.war/ExamplesHeader.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/build/extServletAnnotationsEar/extServletAnnotations.war/ExamplesFooter.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/build/asyncServletEar/asyncServlet.war/ExamplesHeader.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/build/asyncServletEar/asyncServlet.war/logout.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/build/asyncServletEar/asyncServlet.war/main.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/build/asyncServletEar/asyncServlet.war/ExamplesFooter.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/build/mainWebApp/index.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/webservices/jws_basic/simple/JWS_WebService.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/webservices/jaxws/wsat/WsatBankTransfer.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/webservices/wsdl2service/client/Wsdl2Service.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/webapp/servlets/annotations/extension/loginForm.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/webapp/servlets/annotations/standard/loginForm.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/webapp/servlets/async/logout.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/webapp/servlets/async/main.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/webapp/jsf/basic/CustomerSearch.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/webapp/jsp/expressions/Expressions.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/webapp/jsp/tags/simple/SimpleTag.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/webapp/jsp/tags/simple/jspSimpleTagEar/jspSimpleTagWar/ExamplesHeader.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/webapp/jsp/tags/simple/jspSimpleTagEar/jspSimpleTagWar/ExamplesFooter.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/webapp/jsp/tags/simple/jspSimpleTagEar/jspSimpleTagWar/SimpleTag.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/webapp/jsp/tags/taghandler/TagHandler.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/webapp/pubsub/stock/stockEar/stockWar/index.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/webapp/pubsub/stock/stockEar/stockWar/publisher.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/webapp/pubsub/stock/stockWar/index.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/webapp/pubsub/stock/stockWar/publisher.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/splitdir/helloWorldEar/helloWebApp/hello.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/jms/distributedDestination/signIn/src/main/webapp/response.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/spring/sconfig/WEB/web/index.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/spring/sconfig/WEB/web/sayhello.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/ejb/ejb20/basic/beanManaged/EJBeanManagedClient.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/ejb/ejb20/basic/beanManaged/ejb20BeanMgedEar/ejb20BeanMgedWar/EJBeanManagedClient.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/ejb/ejb20/basic/beanManaged/ejb20BeanMgedEar/ejb20BeanMgedWar/ExamplesHeader.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/ejb/ejb20/basic/beanManaged/ejb20BeanMgedEar/ejb20BeanMgedWar/ExamplesFooter.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/ejb/ejb30/src/jsp/common_service.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/ejb/ejb30/src/jsp/populateDB.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/ejb/ejb30/src/jsp/index.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/ejb/ejb30/src/jsp/showSpecificMusic_session.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/ejb/ejb30/src/jsp/addReview_service.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/ejb/ejb30/src/jsp/mdb.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/ejb/ejb30/src/jsp/addBooks_session_ejb21.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/ejb/ejb30/src/jsp/createArtist_session.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/ejb/ejb30/src/jsp/common_session.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/ejb/ejb30/src/jsp/viewCode.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/ejb/ejb30/src/jsp/createArtist_service.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/ejb/ejb30/src/jsp/addReview_session.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/ejb/ejb30/src/jsp/transaction.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/ejb/ejb30/src/jsp/showBooks_service.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/ejb/ejb30/src/jsp/showBooks_session.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/ejb/ejb30/src/jsp/exception.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/ejb/ejb30/src/jsp/showSpecificMusic_service.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/xml/stax/StreamParserClient.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/xml/xmlbean/xmlBean.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/xml/xmlbean/xmlBeanEar/xmlBeanWar/ExamplesHeader.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/xml/xmlbean/xmlBeanEar/xmlBeanWar/xmlBean.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/xml/xmlbean/xmlBeanEar/xmlBeanWar/ExamplesFooter.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/jdbc/rowsets/Edit.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/jdbc/rowsets/Search.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/jdbc/rowsets/Error.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/jdbc/rowsets/Patients.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/jdbc/rowsets/jdbcRowSetsEar/jdbcRowSetsWar/Edit.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/jdbc/rowsets/jdbcRowSetsEar/jdbcRowSetsWar/Search.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/jdbc/rowsets/jdbcRowSetsEar/jdbcRowSetsWar/ExamplesHeader.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/jdbc/rowsets/jdbcRowSetsEar/jdbcRowSetsWar/Error.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/jdbc/rowsets/jdbcRowSetsEar/jdbcRowSetsWar/Patients.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/jdbc/rowsets/jdbcRowSetsEar/jdbcRowSetsWar/ExamplesFooter.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/jdbc/rowsets/jdbcRowSetsEar/jdbcRowSetsWar/Confirmation.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/jdbc/rowsets/Confirmation.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/security/sslclient/SnoopServlet.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/security/samlsso/loginapp/loginWar/loginerror.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/security/samlsso/loginapp/loginWar/loginform.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/security/samlsso/loginapp/loginWar/loginapp.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/security/samlsso/targetapp/targetWar/target_cnm.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/security/samlsso/targetapp/targetWar/defaulturl.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/security/samlsso/targetapp/targetWar/target.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/cluster/sessionrep/inmemrep/Session.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/common/base/webapp/ExamplesUtils.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/common/base/webapp/ExamplesHeader.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/common/base/webapp/ExamplesFooter.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/physician/assembly/target/exploded/physician/physician-web/login.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/physician/assembly/target/exploded/physician/physician-web/physician/viewRecordCreationResult.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/physician/assembly/target/exploded/physician/physician-web/physician/addPrescription.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/physician/assembly/target/exploded/physician/physician-web/physician/createRecord.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/physician/assembly/target/exploded/physician/physician-web/physician/viewRecordSummary.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/physician/assembly/target/exploded/physician/physician-web/physician/viewPatients.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/physician/assembly/target/exploded/physician/physician-web/physician/viewPatient.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/physician/assembly/target/exploded/physician/physician-web/physician/viewRecordDetail.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/physician/web/war/login.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/physician/web/war/physician/viewRecordCreationResult.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/physician/web/war/physician/addPrescription.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/physician/web/war/physician/createRecord.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/physician/web/war/physician/viewRecordSummary.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/physician/web/war/physician/viewPatients.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/physician/web/war/physician/viewPatient.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/physician/web/war/physician/viewRecordDetail.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/physician/web/target/exploded/physician-web/login.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/physician/web/target/exploded/physician-web/physician/viewRecordCreationResult.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/physician/web/target/exploded/physician-web/physician/addPrescription.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/physician/web/target/exploded/physician-web/physician/createRecord.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/physician/web/target/exploded/physician-web/physician/viewRecordSummary.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/physician/web/target/exploded/physician-web/physician/viewPatients.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/physician/web/target/exploded/physician-web/physician/viewPatient.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/physician/web/target/exploded/physician-web/physician/viewRecordDetail.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/medrec/assembly/target/exploded/medrec/medrec-web/viewPatientRegistrationResult.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/medrec/assembly/target/exploded/medrec/medrec-web/admin/viewApprovalResult.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/medrec/assembly/target/exploded/medrec/medrec-web/admin/home.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/medrec/assembly/target/exploded/medrec/medrec-web/admin/viewNewlyRegisteredPatients.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/medrec/assembly/target/exploded/medrec/medrec-web/admin/viewNewlyRegisteredPatient.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/medrec/assembly/target/exploded/medrec/medrec-web/index.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/medrec/assembly/target/exploded/medrec/medrec-web/patient/viewRecordSummary.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/medrec/assembly/target/exploded/medrec/medrec-web/patient/viewLoginResult.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/medrec/assembly/target/exploded/medrec/medrec-web/patient/viewPatient.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/medrec/assembly/target/exploded/medrec/medrec-web/patient/viewRecordDetail.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/medrec/assembly/target/exploded/medrec/medrec-web/loginPatient.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/medrec/assembly/target/exploded/medrec/medrec-web/loginAdmin.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/medrec/assembly/target/exploded/medrec/medrec-web/registerPatient.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/medrec/web/war/viewPatientRegistrationResult.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/medrec/web/war/admin/viewApprovalResult.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/medrec/web/war/admin/home.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/medrec/web/war/admin/viewNewlyRegisteredPatients.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/medrec/web/war/admin/viewNewlyRegisteredPatient.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/medrec/web/war/index.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/medrec/web/war/patient/viewRecordSummary.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/medrec/web/war/patient/viewLoginResult.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/medrec/web/war/patient/viewPatient.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/medrec/web/war/patient/viewRecordDetail.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/medrec/web/war/loginPatient.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/medrec/web/war/loginAdmin.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/medrec/web/war/registerPatient.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/medrec/web/target/exploded/medrec-web/viewPatientRegistrationResult.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/medrec/web/target/exploded/medrec-web/admin/viewApprovalResult.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/medrec/web/target/exploded/medrec-web/admin/home.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/medrec/web/target/exploded/medrec-web/admin/viewNewlyRegisteredPatients.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/medrec/web/target/exploded/medrec-web/admin/viewNewlyRegisteredPatient.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/medrec/web/target/exploded/medrec-web/index.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/medrec/web/target/exploded/medrec-web/patient/viewRecordSummary.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/medrec/web/target/exploded/medrec-web/patient/viewLoginResult.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/medrec/web/target/exploded/medrec-web/patient/viewPatient.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/medrec/web/target/exploded/medrec-web/patient/viewRecordDetail.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/medrec/web/target/exploded/medrec-web/loginPatient.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/medrec/web/target/exploded/medrec-web/loginAdmin.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/medrec/web/target/exploded/medrec-web/registerPatient.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/dist/modules/exploded/physician-web/login.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/dist/modules/exploded/physician-web/physician/viewRecordCreationResult.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/dist/modules/exploded/physician-web/physician/addPrescription.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/dist/modules/exploded/physician-web/physician/createRecord.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/dist/modules/exploded/physician-web/physician/viewRecordSummary.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/dist/modules/exploded/physician-web/physician/viewPatients.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/dist/modules/exploded/physician-web/physician/viewPatient.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/dist/modules/exploded/physician-web/physician/viewRecordDetail.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/dist/modules/exploded/medrec-web/viewPatientRegistrationResult.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/dist/modules/exploded/medrec-web/admin/viewApprovalResult.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/dist/modules/exploded/medrec-web/admin/home.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/dist/modules/exploded/medrec-web/admin/viewNewlyRegisteredPatients.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/dist/modules/exploded/medrec-web/admin/viewNewlyRegisteredPatient.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/dist/modules/exploded/medrec-web/index.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/dist/modules/exploded/medrec-web/patient/viewRecordSummary.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/dist/modules/exploded/medrec-web/patient/viewLoginResult.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/dist/modules/exploded/medrec-web/patient/viewPatient.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/dist/modules/exploded/medrec-web/patient/viewRecordDetail.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/dist/modules/exploded/medrec-web/loginPatient.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/dist/modules/exploded/medrec-web/loginAdmin.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/dist/modules/exploded/medrec-web/registerPatient.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/dist/standalone/exploded/physician/physician-web/login.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/dist/standalone/exploded/physician/physician-web/physician/viewRecordCreationResult.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/dist/standalone/exploded/physician/physician-web/physician/addPrescription.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/dist/standalone/exploded/physician/physician-web/physician/createRecord.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/dist/standalone/exploded/physician/physician-web/physician/viewRecordSummary.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/dist/standalone/exploded/physician/physician-web/physician/viewPatients.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/dist/standalone/exploded/physician/physician-web/physician/viewPatient.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/dist/standalone/exploded/physician/physician-web/physician/viewRecordDetail.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/dist/standalone/exploded/medrec/medrec-web/viewPatientRegistrationResult.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/dist/standalone/exploded/medrec/medrec-web/admin/viewApprovalResult.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/dist/standalone/exploded/medrec/medrec-web/admin/home.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/dist/standalone/exploded/medrec/medrec-web/admin/viewNewlyRegisteredPatients.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/dist/standalone/exploded/medrec/medrec-web/admin/viewNewlyRegisteredPatient.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/dist/standalone/exploded/medrec/medrec-web/index.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/dist/standalone/exploded/medrec/medrec-web/patient/viewRecordSummary.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/dist/standalone/exploded/medrec/medrec-web/patient/viewLoginResult.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/dist/standalone/exploded/medrec/medrec-web/patient/viewPatient.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/dist/standalone/exploded/medrec/medrec-web/patient/viewRecordDetail.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/dist/standalone/exploded/medrec/medrec-web/loginPatient.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/dist/standalone/exploded/medrec/medrec-web/loginAdmin.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/dist/standalone/exploded/medrec/medrec-web/registerPatient.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec-spring/modules/physician/web/war/login.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec-spring/modules/physician/web/war/physician/viewRecordCreationResult.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec-spring/modules/physician/web/war/physician/addPrescription.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec-spring/modules/physician/web/war/physician/createRecord.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec-spring/modules/physician/web/war/physician/viewRecordSummary.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec-spring/modules/physician/web/war/physician/viewPatients.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec-spring/modules/physician/web/war/physician/viewPatient.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec-spring/modules/physician/web/war/physician/viewRecordDetail.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec-spring/modules/medrec/web/war/viewPatientRegistrationResult.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec-spring/modules/medrec/web/war/admin/viewApprovalResult.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec-spring/modules/medrec/web/war/admin/home.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec-spring/modules/medrec/web/war/admin/viewNewlyRegisteredPatients.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec-spring/modules/medrec/web/war/admin/viewNewlyRegisteredPatient.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec-spring/modules/medrec/web/war/index.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec-spring/modules/medrec/web/war/patient/viewRecordSummary.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec-spring/modules/medrec/web/war/patient/viewLoginResult.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec-spring/modules/medrec/web/war/patient/viewPatient.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec-spring/modules/medrec/web/war/patient/viewRecordDetail.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec-spring/modules/medrec/web/war/loginPatient.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec-spring/modules/medrec/web/war/loginAdmin.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec-spring/modules/medrec/web/war/registerPatient.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/sipserver/examples/build/convergence/client/index.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/sipserver/examples/build/convergence/client/submit_profile.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/sipserver/examples/build/genericRegistrar/list.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/sipserver/examples/build/genericRegistrar/dump.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/sipserver/examples/build/terminating_proxy/b2bua/terminateAll.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/sipserver/examples/build/terminating_proxy/b2bua/terminateCall.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/sipserver/examples/build/terminating_proxy/b2bua/index.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/sipserver/examples/build/terminating_proxy/b2bua/admin.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/sipserver/examples/build/registrar/list.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/sipserver/examples/build/registrar/dump.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/sipserver/examples/build/findme/conf.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/sipserver/examples/build/findme/list.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/sipserver/examples/build/findme/index.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/sipserver/examples/build/findme/dump.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/sipserver/examples/build/findme/start_conf.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/sipserver/examples/src/convergence/client/src/index.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/sipserver/examples/src/convergence/client/src/submit_profile.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/sipserver/examples/src/genericRegistrar/src/list.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/sipserver/examples/src/genericRegistrar/src/dump.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/sipserver/examples/src/terminating_proxy/b2bua/src/terminateAll.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/sipserver/examples/src/terminating_proxy/b2bua/src/terminateCall.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/sipserver/examples/src/terminating_proxy/b2bua/src/index.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/sipserver/examples/src/terminating_proxy/b2bua/src/admin.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/sipserver/examples/src/registrar/src/list.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/sipserver/examples/src/findme/src/conf.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/sipserver/examples/src/findme/src/index.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/sipserver/examples/src/findme/src/start_conf.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/webapp/layouts/standalone_layout.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/webapp/layouts/domainHealthTable.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/webapp/layouts/twoTablesLayout_netui.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/webapp/layouts/twoTablesWithButtonsLayout.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/webapp/layouts/policyEditorLayout.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/webapp/layouts/formAndTableLayout_netui.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/webapp/layouts/configNoTransactAndTables_netui.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/webapp/layouts/tablePreferencesLayout.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/webapp/layouts/policyEditorLayoutNoMethods.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/webapp/layouts/formWithButtonsLayout_netui.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/webapp/layouts/configBaseLayout_netui.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/webapp/layouts/assistantNoFieldsLayout_netui.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/webapp/layouts/webAppAndModulePolicyEditorLayout.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/webapp/layouts/assistantBaseLayout_netui.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/webapp/layouts/tableBaseMonitoringLayout.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/webapp/layouts/assistantTreeEditor.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/webapp/layouts/summarypage.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/webapp/layouts/roleEditorLayout.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/webapp/layouts/configBaseLayoutNoTransact.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/webapp/layouts/fourTablesLayout_netui.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/webapp/layouts/rootLevelPolicyEditorLayout.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/webapp/layouts/configTreeEditor.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/webapp/layouts/roFormAndTableLayout_netui.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/webapp/layouts/threeTablesLayout_netui.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/webapp/layouts/deploymentDependenciesTreeLayout.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/webapp/layouts/tableBaseLayout_netui.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/webapp/layouts/deploymentVariableLayout_netui.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/webapp/layouts/roForm.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/webapp/layouts/filterAndTableLayout_netui.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/webapp/layouts/webAppAndModuleRoleEditorLayout.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/webapp/layouts/configNoFieldsLayout_netui.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/webapp/layouts/configIntroLayout_netui.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/webapp/layouts/assistantFormAndTableLayout_netui.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/webapp/layouts/configBaseLayoutWithButtons_netui.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/consolehelp/index.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/consolehelp/framework/skeletons/console/page.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/consolehelp/framework/skeletons/console/buttondelete.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/consolehelp/framework/skeletons/console/theme.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/consolehelp/framework/skeletons/console/togglebutton.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/consolehelp/framework/skeletons/console/flowlayout.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/consolehelp/framework/skeletons/console/abstractbutton.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/consolehelp/framework/skeletons/console/twocollayout.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/consolehelp/framework/skeletons/console/body.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/consolehelp/framework/skeletons/console/shell.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/consolehelp/framework/skeletons/console/window.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/consolehelp/framework/skeletons/console/titlebar.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/consolehelp/framework/skeletons/console/borderlayout.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/consolehelp/framework/skeletons/console/book.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/consolehelp/framework/skeletons/console/nolayout.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/consolehelp/framework/skeletons/console/buttonfloat.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/consolehelp/framework/skeletons/console/footer.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/consolehelp/framework/skeletons/console/abstractmenu.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/consolehelp/framework/skeletons/console/placeholder.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/consolehelp/framework/skeletons/console/head.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/consolehelp/framework/skeletons/console/multilevelmenu.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/consolehelp/framework/skeletons/console/gridlayout.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/consolehelp/framework/skeletons/console/header.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/consolehelp/framework/skeletons/console/singlelevelmenu.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/consolehelp/framework/skeletons/console/desktop.jsp

?

哇，好多jsp執行路徑啊，那我們選一個執行路徑來上傳唄，比如：

?

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/consolehelp/index.jsp

?

上傳之后，你會發現，無論如何，在執行的時候，他都會直接跳轉到正常頁面

?

上傳頁面：http://10.80.1.61:7001/console/consolehelp/abc.jsp

?

正常頁面：http://10.80.1.61:7001/console/login/LoginForm.jsp

?

說明代碼設置了錯誤自動重定向，怎么改，我也改不來。

?

那么，沒辦法咯~

?

2.?按照正常的思路，找到index.jsp執行路徑，直接修改index.jsp，如圖：

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/build/examplesWebApp/index.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/build/mainWebApp/index.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/webapp/pubsub/stock/stockEar/stockWar/index.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/webapp/pubsub/stock/stockWar/index.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/spring/sconfig/WEB/web/index.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/examples/src/examples/ejb/ejb30/src/jsp/index.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/medrec/assembly/target/exploded/medrec/medrec-web/index.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/medrec/web/war/index.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/modules/medrec/web/target/exploded/medrec-web/index.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/dist/modules/exploded/medrec-web/index.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec/dist/standalone/exploded/medrec/medrec-web/index.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/server/medrec-spring/modules/medrec/web/war/index.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/sipserver/examples/build/convergence/client/index.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/sipserver/examples/build/terminating_proxy/b2bua/index.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/sipserver/examples/build/findme/index.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/sipserver/examples/src/convergence/client/src/index.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/sipserver/examples/src/terminating_proxy/b2bua/src/index.jsp

/opt/Oracle/Middleware/wlserver_10.3/samples/sipserver/examples/src/findme/src/index.jsp

/opt/Oracle/Middleware/wlserver_10.3/server/lib/consoleapp/consolehelp/index.jsp

?

其實，你會發現，只要代碼設置了錯誤自動重定向，無論你怎么修改，基本沒戲。

?

也就是：在代碼設置了錯誤自動重定向時，上傳=修改。

?

3. 按照正常的思路，開ssh，破解root密碼的話，須Linux主機reboot，不夠隱蔽，那么，我們就不要這樣做了。

?

4.破解系統后臺密碼，研究了下，后臺不能拿shell。

?

山重水復疑無路~

?

再研究下3，發現，其實，只要2個條件，就可以遠程管理系統

?

1.新建一個/etc/passwd文件，不含x

2.新建一個ssh文件，開22

?

Reboot?Linux，完成。

?

也，可以回到從前：http://10.80.1.61:7001/console/login/LoginForm.jsp，如圖：

我們想，將LoginForm.jsp替換成我們自己的后門文件，vim編輯修改不了代碼，那么，我們可以采用覆蓋替換的方式來實現。

?

但是，這里有一個問題，拿到shell之后，需要還原LoginForm.jsp代碼內容，否則，涉及法律問題，后果自負。

轉載于:https://www.cnblogs.com/milantgh/p/6108402.html

創作挑戰賽新人創作獎勵來咯，堅持創作打卡瓜分現金大獎

總結

以上是生活随笔為你收集整理的weblogic安全漫谈的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。