Fix XML inject + example 4
parent
febd5df763
commit
92146f2bcd
|
@ -103,20 +103,8 @@ class Requester(object):
|
|||
proxies=self.proxies
|
||||
)
|
||||
|
||||
# Handle FORM data
|
||||
else:
|
||||
if param == '': data_injected = value
|
||||
r = requests.post(
|
||||
self.protocol + "://" + self.host + self.action,
|
||||
headers=header_injected,
|
||||
data=data_injected,
|
||||
timeout=timeout,
|
||||
stream=stream,
|
||||
verify=False,
|
||||
proxies=self.proxies
|
||||
)
|
||||
else:
|
||||
if self.headers['Content-Type'] and "application/xml" in self.headers['Content-Type']:
|
||||
# Handle XML data
|
||||
elif self.headers['Content-Type'] and "application/xml" in self.headers['Content-Type']:
|
||||
if "*FUZZ*" in data_injected['__xml__']:
|
||||
|
||||
# replace the injection point with the payload
|
||||
|
@ -136,9 +124,23 @@ class Requester(object):
|
|||
else:
|
||||
logging.error("No injection point found ! (use -p)")
|
||||
exit(1)
|
||||
|
||||
# Handle FORM data
|
||||
else:
|
||||
logging.error("No injection point found ! (use -p)")
|
||||
exit(1)
|
||||
if param == '': data_injected = value
|
||||
r = requests.post(
|
||||
self.protocol + "://" + self.host + self.action,
|
||||
headers=header_injected,
|
||||
data=data_injected,
|
||||
timeout=timeout,
|
||||
stream=stream,
|
||||
verify=False,
|
||||
proxies=self.proxies
|
||||
)
|
||||
|
||||
else:
|
||||
logging.error("No injection point found ! (use -p)")
|
||||
exit(1)
|
||||
else:
|
||||
# String is immutable, we don't have to do a "forced" copy
|
||||
regex = re.compile(param+"=([^&]+)")
|
||||
|
|
|
@ -5,6 +5,7 @@
|
|||
from flask import Flask, request
|
||||
import re
|
||||
import subprocess
|
||||
import urllib.parse
|
||||
|
||||
app = Flask(__name__)
|
||||
|
||||
|
@ -39,15 +40,16 @@ def ssrf3():
|
|||
@app.route("/ssrf4", methods=['POST'])
|
||||
def ssrf4():
|
||||
data = request.data
|
||||
print(data.decode())
|
||||
regex = re.compile("url>(.*?)</url")
|
||||
try:
|
||||
url = regex.findall(data.decode())[0]
|
||||
data = urllib.parse.unquote(data)
|
||||
url = regex.findall(data)[0]
|
||||
print(url)
|
||||
content = command(f"curl {url}")
|
||||
return content
|
||||
|
||||
except Exception as e:
|
||||
return e
|
||||
|
||||
print(e)
|
||||
|
||||
# curl -v "http://127.0.0.1:5000/ssrf5" -H 'X-Custom-Header: http://example.com'
|
||||
@app.route("/ssrf5", methods=['GET'])
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
from core.utils import *
|
||||
import logging
|
||||
import os
|
||||
from argparse import ArgumentParser
|
||||
|
||||
name = "readfiles"
|
||||
description = "Read files from the target"
|
||||
|
|
Loading…
Reference in New Issue