Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Simple XSS Fuzzer
- #!!/usr/bin/python
- # -*- coding: utf-8 -*-
- """
- Created on Tue Aug 4 13:31:47 2015
- @author: johto
- please input url: http://domain.com/?id=[x]
- """
- from bs4 import BeautifulSoup
- import urllib
- furl = raw_input("Please enter URL: ")
- url = furl.split('?')
- payload = '--"--><johto>"(bingo[])"</johto>'
- exploit = url[1].replace('[x]',payload)
- if furl.find('?')>0 :
- #item=url[1]
- #print url[1].split('&')
- args={}
- for item in exploit.split('&'):
- args[item.split('=')[0]] = item.split('=')[1]
- hack = urllib.urlopen(str(url[0]) +'?' + urllib.urlencode(args))
- html= BeautifulSoup(hack.read(),"lxml")
- print html.find_all('johto')
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement