Fix XML inject + example 4

pull/53/head
Swissky 2024-06-08 23:29:47 +02:00
parent febd5df763
commit 92146f2bcd
3 changed files with 24 additions and 21 deletions

View File

@ -103,20 +103,8 @@ class Requester(object):
proxies=self.proxies
)
# Handle FORM data
else:
if param == '': data_injected = value
r = requests.post(
self.protocol + "://" + self.host + self.action,
headers=header_injected,
data=data_injected,
timeout=timeout,
stream=stream,
verify=False,
proxies=self.proxies
)
else:
if self.headers['Content-Type'] and "application/xml" in self.headers['Content-Type']:
# Handle XML data
elif self.headers['Content-Type'] and "application/xml" in self.headers['Content-Type']:
if "*FUZZ*" in data_injected['__xml__']:
# replace the injection point with the payload
@ -136,6 +124,20 @@ class Requester(object):
else:
logging.error("No injection point found ! (use -p)")
exit(1)
# Handle FORM data
else:
if param == '': data_injected = value
r = requests.post(
self.protocol + "://" + self.host + self.action,
headers=header_injected,
data=data_injected,
timeout=timeout,
stream=stream,
verify=False,
proxies=self.proxies
)
else:
logging.error("No injection point found ! (use -p)")
exit(1)

View File

@ -5,6 +5,7 @@
from flask import Flask, request
import re
import subprocess
import urllib.parse
app = Flask(__name__)
@ -39,15 +40,16 @@ def ssrf3():
@app.route("/ssrf4", methods=['POST'])
def ssrf4():
data = request.data
print(data.decode())
regex = re.compile("url>(.*?)</url")
try:
url = regex.findall(data.decode())[0]
data = urllib.parse.unquote(data)
url = regex.findall(data)[0]
print(url)
content = command(f"curl {url}")
return content
except Exception as e:
return e
except Exception as e:
print(e)
# curl -v "http://127.0.0.1:5000/ssrf5" -H 'X-Custom-Header: http://example.com'
@app.route("/ssrf5", methods=['GET'])

View File

@ -1,7 +1,6 @@
from core.utils import *
import logging
import os
from argparse import ArgumentParser
name = "readfiles"
description = "Read files from the target"