Jump to content
YOUR-AD-HERE
HOSTING
TOOLS
992Proxy

Locked xcat Automate XPath injection attacks

sQuo

By ADMINsQuo
in Hacking Tools

 Share

Recommended Posts

sQuo Hacker

ADMINsQuo

Posted
Posted

xcat Automate XPath injection attacks

 

XCat is a command line program that aides in the exploitation of XPath injection vulnerabilities. It boasts a wide range of features and can utilize the more advanced features of the XPath 2.0 specification (pattern matching, unicode normilization and even http requests) or gracefully degrade to using XPath 1.0 if they are not available.

 

XCat is built to exploit boolean XPath injections (Where only one bit of data can be extracted in one request) and it requires you to manually identifiy the exploit first, this does not do that for you.

Features

 

 

 

  • Exploits both GET and POST attacks
  • Extracts all nodes, comments, attributes and data from the entire XML document
  • Small and lightweight (only dependency is Twisted)
  • Parallel requests
  • XPath 2.0 supported (with graceful degrading to 1.0)
  • Regex pattern matching to reduce character search space
  • Unicode normalization
  • Advanced data postback through HTTP (see below)
  • Arbitrarily read XML files on the servers file system via the doc() function (see below)
  • Arbitrarily read text files on the servers file system via crafted SYSTEM entities

 

Examples

 

If you run a windows machine you can install IronPython and start the example application (example_application/ironpython_site.py). The simplest command you can run on this site is:

 

This is the hidden content, please

 

You have to specify a condition keyword or HTTP status code (true, false, error), an argument for the attack to be appended to and a HTTP method to use. The --autopwn flag will make xcat automatically detect more exotic features (xpath version, quote character and various out of bound attacks).

Usage

 

usage:

 

xcat.py [-h] [--method {GET,POST}] [--arg POST_ARGUMENT]

[--true TRUE_KEYWORD | --false FALSE_KEYWORD | --error ERROR_KEYWORD]

[--true-code TRUE_CODE | --false-code FAIL_CODE | --error-code ERROR_CODE]

[--autopwn] [--schema-only] [--quotecharacter QUOTE_CHARACTER]

[--executequery EXECUTEQUERY] [--max_search SEARCH_LIMIT]

[--timeout TIMEOUT] [--stepsize STEP_SIZE]

[--normalize {NFD,NFC,NFDK,NFKC}] [--xversion {1,2,auto}]

[--lowercase] [--regex] [--connectback CONNECTBACK]

[--notfoundstring NOTFOUNDCHAR] [--fileshell] [--getcwd]

[--useragent USER_AGENT] [--timeit] [--ignorecomments]

[--codepointstart CODEPOINTSTART]

URL

 

 

This is the hidden content, please

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.