-
Notifications
You must be signed in to change notification settings - Fork 17
/
index.htm
136 lines (128 loc) · 4.7 KB
/
index.htm
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
<!DOCTYPE html>
<html>
<head>
<link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png">
<link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png">
<link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png">
<link rel="manifest" href="/site.webmanifest">
<meta charset="utf-8">
</head>
<body>
<table class="fixed" border="0">
<col width="1000px" /><col width="500px" />
<tr><td>
<h2>WUD File Server</h2>
</td><td>
<table border="0">
<tr>
<td>
<label for="newfile">Upload a file</label>
</td>
<td>
<input id="filepath" type="hidden">
<input id="newfile" type="file" onchange="setpath()" style="width:100%;">
</td>
</tr>
<tr>
<td></td>
<td>
<button id="upload" type="button" onclick="upload()">Upload</button>
</td>
</tr>
</table>
</td></tr>
</table>
<table class="fixed" border="1">
<col width="800px" /><col width="300px" /><col width="300px" /><col width="100px" />
<thead>
<tr><th>Name</th><th>Type</th><th>Size (Bytes)</th><th>Delete</th></tr>
</thead>
<tbody id="cont-files">
</tbody>
</table>
</body>
<script>
function setpath() {
var default_path = document.getElementById("newfile").files[0].name;
document.getElementById("filepath").value = default_path;
}
function upload() {
var filePath = document.getElementById("filepath").value;
var upload_path = "/upload";
var fileInput = document.getElementById("newfile").files;
/* Max size of an individual file. Make sure this
* value is same as that set in file_server.c */
var MAX_FILE_SIZE = 20*1024*1024;
var MAX_FILE_SIZE_STR = "20MB";
if (fileInput.length == 0) {
alert("No file selected!");
} else if (filePath.length == 0) {
alert("File path on server is not set!");
} else if (filePath.indexOf(' ') >= 0) {
alert("File path on server cannot have spaces!");
} else if (filePath[filePath.length-1] == '/') {
alert("File name not specified after path!");
} else if (fileInput[0].size > MAX_FILE_SIZE) {
alert("File size must be less than " + MAX_FILE_SIZE_STR);
} else {
document.getElementById("newfile").disabled = true;
document.getElementById("filepath").disabled = true;
document.getElementById("upload").disabled = true;
var file = fileInput[0];
var xh = new XMLHttpRequest();
xh.onreadystatechange = function() {
if (xh.readyState == 4) {
if (xh.status == 200) {
document.open();
document.write(xh.responseText);
document.close();
} else if (xh.status == 0) {
alert("Server closed the connection abruptly!");
location.reload()
} else {
alert(xh.status + " Error!\n" + xh.responseText);
location.reload()
}
}
};
var formData = new FormData();
formData.append("filename", file);
xh.open("POST", upload_path);
xh.send(formData);
}
}
(function() {
var loadFiles = dir => {
var xh = new XMLHttpRequest();
xh.onreadystatechange = () => {
if (xh.readyState == 4 && xh.status == 200) {
var res = JSON.parse(xh.responseText);
var cont = document.querySelector('#cont-files');
cont.innerHTML = '';
res.forEach(i => {
var if_payload = '';
if( (i.name).match(/quack/) ) {
if_payload = ` [<a class="payload-runner" href="/runpayload?file=${i.name}">Run Payload</a>]`;
}
cont.innerHTML +=
`<tr>
<td><a href="${i.name}">${i.name.substring(1)}</a>${if_payload}</td>
<td>${i.type}</td>
<td>${i.size}</td>
<td>
<form method="post" action="/delete">
<input type="hidden" name="dir" value="${i.name}">
<button type="submit">Delete</button>
</form>
</td>
</tr>`;
});
};
};
xh.open("GET", "/list?dir=" + dir, true);
xh.send(null);
};
loadFiles(window.location.pathname);
})();
</script>
</html>