Syntax for xss/sqli/web payloads. #143
Comments
|
Did you post about this in the forums? Can you post the exact line of code you are trying to execute when grabbing switch one? Are you sourcing bunny helpers? |
|
Viss, I was playing with this over the weekend and switch1/switch2 was working fine for me. But the better way to do this is include the the bunny_helpers.sh and use the variable $SWITCH_POSITION. Here are some files I was playing with. Throw them into one of the folders and play around. I did find issues as you said with escaping characters. Putting a contraction (it's, can't, etc...) in one of the external files causes problems. |
|
I did not post this in the forums. the code I was trying to execute was: <script>alert(1)</script> and I had to format it like this to finally execute:
Which as you can see is going to get overwhelming really fast the more characters I add that need escaping. I'll try again after loading the scripts and see if that helps. |
|
newer firmware release negates the need for bunny_helpers.sh
|
the wiki says that one can place payloads into "switch1/xss.txt" and that it can be called by saying:
Q switch1/xss.txt
However in practice, I cannot get this to function. I have even created a script to attempt to identify where the path is when the switch position is set to '1', and where the files live on disk. I'm getting weird mixed results.
Also, it would seem that the payloads:
<script>alert(1)</script>and
' or 1=1;--
Appear to need some heavy escaping.
Perhaps a howto for this sort of thing could be done? Or maybe a way to put the raw characters somewhere when specifying a file for reading the payload where the chars don't have to be escaped?
The text was updated successfully, but these errors were encountered: