swisskyrepo
/
SSRFmap
mirror of https://github.com/swisskyrepo/SSRFmap.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix XML inject + example 4

pull/53/head
Swissky 2024-06-08 23:29:47 +02:00
parent febd5df763
commit 92146f2bcd
3 changed files with 24 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
core/requester.py
View File

@ -103,20 +103,8 @@ class Requester(object):
proxies=self.proxies proxies=self.proxies
) )
# Handle FORM data # Handle XML data
else: elif self.headers['Content-Type'] and "application/xml" in self.headers['Content-Type']:
if param == '': data_injected = value
r = requests.post(
self.protocol + "://" + self.host + self.action,
headers=header_injected,
data=data_injected,
timeout=timeout,
stream=stream,
verify=False,
proxies=self.proxies
)
else:
if self.headers['Content-Type'] and "application/xml" in self.headers['Content-Type']:
if "*FUZZ*" in data_injected['__xml__']: if "*FUZZ*" in data_injected['__xml__']:
# replace the injection point with the payload # replace the injection point with the payload
@ -136,9 +124,23 @@ class Requester(object):
else: else:
logging.error("No injection point found ! (use -p)") logging.error("No injection point found ! (use -p)")
exit(1) exit(1)
# Handle FORM data
else: else:
logging.error("No injection point found ! (use -p)") if param == '': data_injected = value
exit(1) r = requests.post(
self.protocol + "://" + self.host + self.action,
headers=header_injected,
data=data_injected,
timeout=timeout,
stream=stream,
verify=False,
proxies=self.proxies
)
else:
logging.error("No injection point found ! (use -p)")
exit(1)
else: else:
# String is immutable, we don't have to do a "forced" copy # String is immutable, we don't have to do a "forced" copy
regex = re.compile(param+"=([^&]+)") regex = re.compile(param+"=([^&]+)")

10
examples/example.py
View File

@ -5,6 +5,7 @@
from flask import Flask, request from flask import Flask, request
import re import re
import subprocess import subprocess
import urllib.parse
app = Flask(__name__) app = Flask(__name__)
@ -39,15 +40,16 @@ def ssrf3():
@app.route("/ssrf4", methods=['POST']) @app.route("/ssrf4", methods=['POST'])
def ssrf4(): def ssrf4():
data = request.data data = request.data
print(data.decode())
regex = re.compile("url>(.*?)</url") regex = re.compile("url>(.*?)</url")
try: try:
url = regex.findall(data.decode())[0] data = urllib.parse.unquote(data)
url = regex.findall(data)[0]
print(url)
content = command(f"curl {url}") content = command(f"curl {url}")
return content return content
except Exception as e:
return e
except Exception as e:
print(e)
# curl -v "http://127.0.0.1:5000/ssrf5" -H 'X-Custom-Header: http://example.com' # curl -v "http://127.0.0.1:5000/ssrf5" -H 'X-Custom-Header: http://example.com'
@app.route("/ssrf5", methods=['GET']) @app.route("/ssrf5", methods=['GET'])

1
modules/readfiles.py
View File

@ -1,7 +1,6 @@
from core.utils import * from core.utils import *
import logging import logging
import os import os
from argparse import ArgumentParser
name = "readfiles" name = "readfiles"
description = "Read files from the target" description = "Read files from the target"