Skip to content

ru0/xcat

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits

README.md

README.md

 
 

algorithms.py

algorithms.py

 
 

cli.py

cli.py

 
 

display.py

display.py

 
 

features.py

features.py

 
 

oob.py

oob.py

 
 

payloads.py

payloads.py

 
 

requester.py

requester.py

 
 

shell.py

shell.py

 
 

Repository files navigation

XCat

XCat is a command line program that aides in the exploitation of blind XPath injection vulnerabilities.

fork from https://github.com/orf/xcat.

Vulnerable Web App

https://github.com/orf/xcat_app

Example

$xcat http://127.0.0.1:4567 query query=Lawyer --true-string="Rogue"

Fix Bugs

remove url second encode,comment lines in the requester.py.

#for param in params:
#    params[param] = quote(params[param], safe='')

TypeError: cannot use a string pattern on a bytes-like object

modifiy the ansitowin32.py.

def write(self, text):
    if(isinstance(text, bytes)):
        self.__convertor.write(text.decode('utf-8'))
    else:
        self.__convertor.write(text)

About

XPath injection Tool

Topics

xpath-injection

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages