Joshua Rogers
Joshua Rogers
Hi all, I'm currently working on a clone of GTFOBins called GTFOArgs which is focused on argument injection: https://gtfoargs.github.io/ I hope I've done enough to mention the original project. Thought...
@cyrus-and: Hey, thanks for the reply and merging #373. The use-case for gtfoargs is when there is some code, for example the following PHP, in a codebase: `system("dos2unix " ....
Seems similar to mine indeed!:) Feel free to email me: joshua x joshua.hu
Bad example indeed:) Another example: ```python class_files = list_files(folder, allowed_ext=".java") subprocess.run(["/usr/bin/javac", "-d", "/tmp/rand"]+class_files) ``` The attacker must create two files: exploit.java and `-J-javaagent:exploit.java`. exploit.java contains a malicious Java Agent, and...
I don't have the ability to test at the moment, but is there any chance somebody could check whether the HTTP grammar I created works with the patch? ``` {...
What version of bash are you using? Have you made any modifications to the script at all?
nearly 10 years on, should we close this?:)
Also FYI, the response HTTP headers look like this: ``` HTTP/1.0 401 ;unauthorized Server: UPS_Server/1.0 Content-Type: text/html Cache-Control: no-cache Expires: Thu, 26 Oct 1995 00:00:00 GMT Connection: Close WWW-Authenticate: Basic...
``` curl 10.1.1.1 -i HTTP/1.0 200 ;OK Server: UPS_Server/1.0 Content-Type: text/html Cache-Control: no-cache Expires: Thu, 26 Oct 1995 00:00:00 GMT Connection: Close Start Page function Login() { document.myStartPage.submit(); //self.submit(); }...
``` # curl 10.1.1.1/index2.html -i -X POST -u 'admin:nottherealpassword' HTTP/1.0 401 ;unauthorized Server: UPS_Server/1.0 Content-Type: text/html Cache-Control: no-cache Expires: Thu, 26 Oct 1995 00:00:00 GMT Connection: Close WWW-Authenticate: Basic realm="DELL_DPI"...