| 92 | |
| 93 | class ReqHandler(BaseHTTPRequestHandler): |
| 94 | def do_REQUEST(self): |
| 95 | path, query = self.path.split('?', 1) if '?' in self.path else (self.path, "") |
| 96 | params = {} |
| 97 | |
| 98 | if query: |
| 99 | params.update(parse_qs(query)) |
| 100 | |
| 101 | if "<script>" in unquote_plus(query): |
| 102 | self.send_response(INTERNAL_SERVER_ERROR) |
| 103 | self.send_header("X-Powered-By", "Express") |
| 104 | self.send_header("Connection", "close") |
| 105 | self.end_headers() |
| 106 | self.wfile.write("CLOUDFLARE_ERROR_500S_BOX".encode(UNICODE_ENCODING)) |
| 107 | return |
| 108 | |
| 109 | if hasattr(self, "data"): |
| 110 | if self.data.startswith('{') and self.data.endswith('}'): |
| 111 | params.update(json.loads(self.data)) |
| 112 | elif self.data.startswith('<') and self.data.endswith('>'): |
| 113 | params.update(dict((_[0], _[1].replace("'", "'").replace(""", '"').replace("<", '<').replace(">", '>').replace("&", '&')) for _ in re.findall(r'name="([^"]+)" value="([^"]*)"', self.data))) |
| 114 | else: |
| 115 | self.data = self.data.replace(';', '&') # Note: seems that Python3 started ignoring parameter splitting with ';' |
| 116 | params.update(parse_qs(self.data)) |
| 117 | |
| 118 | for name in self.headers: |
| 119 | params[name.lower()] = self.headers[name] |
| 120 | |
| 121 | if "cookie" in params: |
| 122 | for part in params["cookie"].split(';'): |
| 123 | part = part.strip() |
| 124 | if '=' in part: |
| 125 | name, value = part.split('=', 1) |
| 126 | params[name.strip()] = unquote_plus(value.strip()) |
| 127 | |
| 128 | for key in params: |
| 129 | if params[key] and isinstance(params[key], (tuple, list)): |
| 130 | params[key] = params[key][-1] |
| 131 | |
| 132 | self.url, self.params = path, params |
| 133 | |
| 134 | if self.url == '/': |
| 135 | if not any(_ in self.params for _ in ("id", "query")): |
| 136 | self.send_response(OK) |
| 137 | self.send_header("Content-type", "text/html; charset=%s" % UNICODE_ENCODING) |
| 138 | self.send_header("Connection", "close") |
| 139 | self.end_headers() |
| 140 | self.wfile.write(b"<!DOCTYPE html><html><head><title>vulnserver</title></head><body><h3>GET:</h3><a href='/?id=1'>link</a><hr><h3>POST:</h3><form method='post'>ID: <input type='text' name='id'><input type='submit' value='Submit'></form></body></html>") |
| 141 | else: |
| 142 | code, output = OK, "" |
| 143 | |
| 144 | try: |
| 145 | if self.params.get("echo", ""): |
| 146 | output += "%s<br>" % self.params["echo"] |
| 147 | |
| 148 | if self.params.get("reflect", ""): |
| 149 | output += "%s<br>" % self.params.get("id") |
| 150 | |
| 151 | with _lock: |