middleware-exploit

This fragment is not middleware code; it is a set of overtly malicious, actionable exploitation instructions aimed at compromising Tomcat/IIS and deploying webshells to obtain RCE. While it does not itself execute malware, its content is high risk because any system that ingests it for evaluation/training/automation would be incentivized to generate cybercrime guidance.

This fragment is a highly actionable offensive exploitation and backdoor-deployment guide, containing explicit payloads for server-side command execution (webshell creation, WAR/JSP deployment, reverse shell) and instructions to read sensitive application configuration. If included in a software supply-chain package, it should be treated as malicious/unacceptable content with critical review and removal required.

该技能与其“中间件漏洞利用”目的高度一致，但目的本身就是为 AI 代理提供对真实服务器实施攻击、上传 webshell 和获取 RCE 的方法论。未见明显第三方凭据窃取或可疑安装源，因此更像公开的进攻性利用指南，而不是伪装型供应链木马；但它属于高风险的 AI 代理攻击能力，应判定为高危、可被直接滥用于未授权入侵。