fxbg
(sunjester)
December 17, 2018, 12:11am
1
im accepting an argument in a bash script, it’s “50”. I need to add a period in between the numbers. also, sometimes the argument can be up to 4 numbers, ie; “4982”
no regex. (search and replace is off limits… don’t ask…)
but seems im getting closer
ver=$1
nvar=$(printf "%s." ${ver})
nvar=${nvar}
outputs: 50.
Here’s a quick one-liner:
in="4982"; for ((i=0; i < ${#in} - 1; i++)); do printf "%s." ${in:$i:1}; done; printf ${in:${#in} - 1:1}
Outputs: 4.9.8.2
I’m taking advantage of parameter expansions in Bash… you’ll want to know those they’re very useful.
Read this: http://wiki.bash-hackers.org/syntax/pe
fxbg
(sunjester)
December 17, 2018, 4:19am
3
yes I could have used a loop for sure, that’s just too much code. (i forgot to mention no loops in my first post). this is the script i have, i dont wanna use two args.
#/bin/sh
key=aESBUbLBlk**********************265QGUI
ver=$1
nver=$2
curl -s -H "Authorization: Token token=$key" https://wpvulndb.com/api/v3/wordpresses/$ver >json
cat json |jq -r '.["'$nver'"].vulnerabilities[].title'
rm json
i was using fold to split the string out, but I couldn’t get them to join back together.
(xenial)root@localhost:~/Downloads# echo "492"|fold -w1
4
9
2
I did have something from stackoverflow but it didn’t seem to work right.
arrays, bash
function join_by { local IFS="$1"; shift; echo "$*"; }
EPIPE
January 5, 2019, 5:36pm
4
If you don’t mind piping a lot
echo "492" | fold -w1 | grep \. | tr '\n' '.' | rev | cut -c2- | rev
and shorter version with similar logic:
echo "492" | fold -w1 | paste -sd "."
1 Like
fxbg
(sunjester)
January 7, 2019, 11:44pm
5
ahh paste. thanks man great fuxxing job
#/bin/sh
key=aESBUbLBlkRXU3xfIzBuCJaBNcBwIrT63ixK265QGUI
ver=$1
nver=`echo $1 |fold -w1 | paste -sd "."`
curl -s -H "Authorization: Token token=$key" https://wpvulndb.com/api/v3/wordpresses/$ver >json
cat json |jq -r '.["'$nver'"].vulnerabilities[].title'
rm json
(xenial)sunjester@localhost:/var/www/html/exploits$ sudo sh wp.sh 492
WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)
WordPress 3.7-4.9.4 - Remove localhost Default
WordPress 3.7-4.9.4 - Use Safe Redirect for Login
WordPress 3.7-4.9.4 - Escape Version in Generator Tag
WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion
WordPress <= 5.0 - Authenticated File Delete
WordPress <= 5.0 - Authenticated Post Type Bypass
WordPress <= 5.0 - PHP Object Injection via Meta Data
WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS)
WordPress <= 5.0 - Cross-Site Scripting (XSS) that could affect plugins
WordPress <= 5.0 - User Activation Screen Search Engine Indexing
WordPress <= 5.0 - File Upload to XSS on Apache Web Servers
system
(system)
Closed
January 16, 2019, 12:11am
6
This topic was automatically closed after 30 days. New replies are no longer allowed.