JBoss default configuration will have a background vulnerability, which occurs in jboss.deployment namespace

The Addurl () function in, which can download a war package remotely and extract it

Click flavor = URL, type = deploymentscanner to enter

Write the URL address of the war compressed file webshell in the input box, as shown in the figure above