blob: da4e52319f06e901d4c12911b42078b3b7bfe17c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>SSTI Payload Tester</title>
<script src="https://cdn.tailwindcss.com"></script>
</head>
<body class="bg-gray-100 font-sans">
<div class="container mx-auto p-6 max-w-4xl">
<h1 class="text-3xl font-bold text-gray-800 mb-6 text-center">SSTI Payload Tester</h1>
<div class="bg-white shadow-lg rounded-lg p-6">
<div class="mb-4">
<label for="payload" class="block text-sm font-medium text-gray-700">SSTI Payload</label>
<textarea id="payload" rows="4" class="mt-1 block w-full border-gray-300 rounded-md shadow-sm focus:ring-indigo-500 focus:border-indigo-500 sm:text-sm" placeholder="{{ 7 * 7 }}"></textarea>
</div>
<button onclick="executePayload()" class="w-full bg-indigo-600 text-white py-2 px-4 rounded-md hover:bg-indigo-700 focus:outline-none focus:ring-2 focus:ring-indigo-500">Execute</button>
<div id="results" class="mt-6 hidden">
<h2 class="text-lg font-semibold text-gray-800 mb-2">Results</h2>
<div class="mb-4">
<h3 class="text-sm font-medium text-gray-700">Output</h3>
<pre id="output" class="bg-gray-50 p-4 rounded-md text-sm text-gray-800 whitespace-pre-wrap break-words"></pre>
</div>
</div>
</div>
</div>
<script>
async function executePayload() {
const payload = document.getElementById('payload').value;
const response = await fetch('/execute', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ payload })
});
const data = await response.json();
const resultsDiv = document.getElementById('results');
resultsDiv.classList.remove('hidden');
document.getElementById('output').textContent = data.output || data.error || 'No output';
}
</script>
</body>
</html>
|