Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ERROR #6

Open
jojoli123 opened this issue Jun 25, 2019 · 12 comments
Open

ERROR #6

jojoli123 opened this issue Jun 25, 2019 · 12 comments

Comments

@jojoli123
Copy link

python3 xsscon.py -u http://192.168.219.1/DVWA/security.php --cookie{'PHPSESSID':'ikjlbcge19u973s9sbh9hcnad4'}
usage: XSSCon -u [options]
xsscon.py: error: unrecognized arguments: --cookie{PHPSESSID:ikjlbcge19u973s9sbh9hcnad4}
@jojoli123
Copy link
Author

root@kali:~/XSSCon# python3 xsscon.py -u "http://192.168.219.1/DVWA/vulnerabilities/xss_r/" --cookie {'security':'low'}

\ / / / | / | _ __
\ /_ _ | | / _ | ' \ {v0.5 Final}
/ \ ) |) | || () | | | | https://github.com/menkrep1337/XSSCon
//__// __/|| ||
<<<<<<< HEAD

[11:02:27] [INFO] Starting XSSCon...

Traceback (most recent call last):
File "xsscon.py", line 74, in
start()
File "xsscon.py", line 52, in start
core.main(getopt.u,getopt.proxy,getopt.user_agent,check(getopt),getopt.cookie,getopt.method)
File "/root/XSSCon/lib/core.py", line 148, in main
self.session=session(proxy,headers,cookie)
File "/root/XSSCon/lib/helper/helper.py", line 26, in session
r.cookies.update(cookie)
File "/usr/lib/python3/dist-packages/requests/cookies.py", line 354, in update
super(RequestsCookieJar, self).update(other)
File "/usr/lib/python3.7/_collections_abc.py", line 846, in update
for key, value in other:
ValueError: not enough values to unpack (expected 2, got 1)
root@kali:~/XSSCon#

@jojoli123
Copy link
Author

root@kali:~/XSSCon# python3 xsscon.py -u "http://192.168.219.1/DVWA/vulnerabilities/xss_r/" --cookie {'security':'low';'PHPSESSID':'ikjlbcge19u973s9sbh9hcnad4'}

\ / / / | / | _ __
\ /_ _ | | / _ | ' \ {v0.5 Final}
/ \ ) |) | || () | | | | https://github.com/menkrep1337/XSSCon
//__// __/|| ||
<<<<<<< HEAD

[11:03:58] [INFO] Starting XSSCon...

Traceback (most recent call last):
File "xsscon.py", line 74, in
start()
File "xsscon.py", line 52, in start
core.main(getopt.u,getopt.proxy,getopt.user_agent,check(getopt),getopt.cookie,getopt.method)
File "/root/XSSCon/lib/core.py", line 148, in main
self.session=session(proxy,headers,cookie)
File "/root/XSSCon/lib/helper/helper.py", line 26, in session
r.cookies.update(cookie)
File "/usr/lib/python3/dist-packages/requests/cookies.py", line 354, in update
super(RequestsCookieJar, self).update(other)
File "/usr/lib/python3.7/_collections_abc.py", line 846, in update
for key, value in other:
ValueError: not enough values to unpack (expected 2, got 1)
bash: PHPSESSID:ikjlbcge19u973s9sbh9hcnad4}:未找到命令

@menkrep1337
Copy link
Owner

i will solve this problem

@menkrep1337
Copy link
Owner

or you can modify the script
lib/helper/helper.py
r.cookies.update({"v":"y"})

@jojoli123
Copy link
Author

Cookie saving is still a problem and cannot log into the background.

root@kali:~/XSSCon# python3 xsscon.py -u "http://192.168.219.1/DVWA/vulnerabilities/xss_r/" --cookie {"security":"low"}{"PHPSESSID":"ikjlbcge19u973s9sbh9hcnad4"}

\ / / / | / | _ __
\ /_ _ | | / _ | ' \ {v0.5 Final}
/ \ ) |) | || () | | | | https://github.com/menkrep1337/XSSCon
//__// __/|| ||
<<<<<<< HEAD

[17:06:44] [INFO] Starting XSSCon...

[17:06:44] [INFO] Checking connection to: http://192.168.219.1/DVWA/vulnerabilities/xss_r/
[17:06:44] [INFO] Connection estabilished 200
[17:06:44] [WARNING] Target have form with POST method: http://192.168.219.1/DVWA/vulnerabilities/xss_r/login.php
[17:06:44] [INFO] Collecting form input key.....
[17:06:44] [INFO] Form key name: username value: <script>alert(document.cookie)</script>
[17:06:44] [INFO] Form key name: password value: <script>alert(document.cookie)</script>
[17:06:44] [INFO] Form key name: Login value:
[17:06:44] [INFO] Form key name: user_token value: <script>alert(document.cookie)</script>
[17:06:44] [INFO] Sending payload (POST) method...
[17:06:44] [INFO] This page is safe from XSS (POST) attack but not 100% yet...

@menkrep1337
Copy link
Owner

Solved by json.loads
python3 xsscon.py -u "http://192.168.219.1/DVWA/vulnerabilities/xss_r/" --cookie {"security":"low","PHPSESSID":"ikjlbcge19u973s9sbh9hcnad4"}

@jojoli123
Copy link
Author

is error
root@kali:/XSSCon# python3 xsscon.py -u "http://192.168.219.1/DVWA/vulnerabilities/xss_r/" --cookie {"security":"low","PHPSESSID":"ikjlbcge19u973s9sbh9hcnad4"}
usage: XSSCon -u [options]
xsscon.py: error: unrecognized arguments: PHPSESSID:ikjlbcge19u973s9sbh9hcnad4
root@kali:/XSSCon# python3 xsscon.py -u "http://192.168.219.1/DVWA/vulnerabilities/xss_r/" --cookie {'security':'low','PHPSESSID':'ikjlbcge19u973s9sbh9hcnad4'}
usage: XSSCon -u [options]
xsscon.py: error: unrecognized arguments: PHPSESSID:ikjlbcge19u973s9sbh9hcnad4

@menkrep1337
Copy link
Owner

"{.....}"

@jojoli123
Copy link
Author

PVqp4piVvZFKJfKx98gvsZqTKQSxIZhveBEd2fNhLt7grWjQTqCJAuEdr'}"

\ / / / | / | _ __
\ /_ _ | | / _ | ' \ {v0.5 Final}
/ \ ) |) | || () | | | | https://github.com/menkrep1337/XSSCon
//__// __/|| ||
<<<<<<< HEAD

[17:46:03] [INFO] Starting XSSCon...

[17:46:03] [INFO] Checking connection to: http://192.168.219.1/DVWA/vulnerabilities/xss_r/
[17:46:04] [INFO] Connection estabilished 200
[17:46:04] [WARNING] Target have form with POST method: http://192.168.219.1/DVWA/vulnerabilities/xss_r/login.php
[17:46:04] [INFO] Collecting form input key.....
[17:46:04] [INFO] Form key name: username value: <script>console.log(5000/3000)</script>
[17:46:04] [INFO] Form key name: password value: <script>console.log(5000/3000)</script>
[17:46:04] [INFO] Form key name: Login value:
[17:46:04] [INFO] Form key name: user_token value: <script>console.log(5000/3000)</script>
[17:46:04] [INFO] Sending payload (POST) method...
[17:46:04] [INFO] This page is safe from XSS (POST) attack but not 100% yet...

@jojoli123
Copy link
Author

[17:44:45] [INFO] This page is safe from XSS (POST) attack but not 100% yet...
root@kali:~/XSSCon# python3 xsscon.py -u "http://192.168.219.1/DVWA/vulnerabilities/xss_r/" --cookie "{'security':'low','PHPSESSID':'4k5e5mqg68rrrodr0qd40pj9q7','BEEFHOOK':'Aq3nsG8uPdpMtKkz6MeR2gOPVqp4piVvZFKJfKx98gvsZqTKQSxIZhveBEd2fNhLt7grWjQTqCJAuEdr'}"

\ / / / | / | _ __
\ /_ _ | | / _ | ' \ {v0.5 Final}
/ \ ) |) | || () | | | | https://github.com/menkrep1337/XSSCon
//__// __/|| ||
<<<<<<< HEAD

[17:46:03] [INFO] Starting XSSCon...

[17:46:03] [INFO] Checking connection to: http://192.168.219.1/DVWA/vulnerabilities/xss_r/
[17:46:04] [INFO] Connection estabilished 200
[17:46:04] [WARNING] Target have form with POST method: http://192.168.219.1/DVWA/vulnerabilities/xss_r/login.php
[17:46:04] [INFO] Collecting form input key.....
[17:46:04] [INFO] Form key name: username value: <script>console.log(5000/3000)</script>
[17:46:04] [INFO] Form key name: password value: <script>console.log(5000/3000)</script>
[17:46:04] [INFO] Form key name: Login value:
[17:46:04] [INFO] Form key name: user_token value: <script>console.log(5000/3000)</script>
[17:46:04] [INFO] Sending payload (POST) method...
[17:46:04] [INFO] This page is safe from XSS (POST) attack but not 100% yet...
root@kali:~/XSSCon#

@menkrep1337
Copy link
Owner

XSSCon detect xss from action url

@menkrep1337
Copy link
Owner

Maybe xss script executed in different url

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@menkrep1337 @jojoli123