优化了POC,不再是一次性验证 Optimized POC, no longer a one-time validation
Warning: This program will destroy log information integrity, please back up server data! Use only if you have server penetration test authorization!
pocsuite -r CVE-2022-22965_POC_EXP.py -u url
如下图,程序会自动生成一个随机的jsp网页,会随机生成jsp密码,修改jsp中cmd传入的参数,可以实现命令自由
As shown below, the program will automatically generate a random JSP page, will randomly generate JSP password, modify the parameters of CMD in JSP, can achieve command freedom