crawler based on weak security of wpforms
This commit is contained in:
parent
9c61ba5ec0
commit
47db7bc5df
|
@ -0,0 +1 @@
|
||||||
|
**/data
|
|
@ -0,0 +1,2 @@
|
||||||
|
config.sh
|
||||||
|
data*
|
|
@ -0,0 +1,3 @@
|
||||||
|
[wpforms](https://wpforms.com/) uses an counter for `ENTRY_ID`s and seems to be vulnerable against CSRF :(
|
||||||
|
|
||||||
|
Once we have obtained a cookie, crawling is trivial…
|
|
@ -0,0 +1,27 @@
|
||||||
|
## common
|
||||||
|
|
||||||
|
DATA_DIR="./data"
|
||||||
|
|
||||||
|
## download
|
||||||
|
|
||||||
|
START=500 #57
|
||||||
|
END=500 #1000
|
||||||
|
|
||||||
|
WP_ADMIN_URL='https://example.com/wp-admin/admin.php'
|
||||||
|
FORM_ID=16993
|
||||||
|
NONCE='caffeeeeee'
|
||||||
|
AUTHORIZATION_HEADER='authorization: Basic Base64EncodedDataaaaaaaaaa=='
|
||||||
|
COOKIE_HEADER='cookie: wordpress_sec_thisCopiedFromTheBrower; wordpress_logged_in_; some_other_cookies'
|
||||||
|
|
||||||
|
## HEADERS_THAT_SEEM_TO_BE_NOT_REQUIRED
|
||||||
|
#-H 'authority: example.com' \
|
||||||
|
#-H 'upgrade-insecure-requests: 1' \
|
||||||
|
#-H 'cache-control: max-age=0' \
|
||||||
|
|
||||||
|
## merge
|
||||||
|
|
||||||
|
OUT="/tmp/example.csv"
|
||||||
|
|
||||||
|
## setup
|
||||||
|
|
||||||
|
[ -d $DATA_DIR ] || mkdir $DATA_DIR
|
|
@ -0,0 +1,18 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
source ./config.sh
|
||||||
|
|
||||||
|
function download() {
|
||||||
|
ENTRY=$1
|
||||||
|
OUT="${DATA_DIR}/${ENTRY}.csv"
|
||||||
|
echo $ENTRY
|
||||||
|
curl "${WP_ADMIN_URL}?page=wpforms-tools&view=export&action=wpforms_tools_single_entry_export_download&form=${FORM_ID}&entry_id=${ENTRY}&export_options%5B0%5D=csv&nonce=${NONCE}" \
|
||||||
|
-H "$COOKIE_HEADER" \
|
||||||
|
-H "$AUTHORIZATION_HEADER" \
|
||||||
|
--compressed | tee $OUT
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
for i in $(seq $START $END); do
|
||||||
|
download $i || exit
|
||||||
|
done
|
|
@ -0,0 +1,8 @@
|
||||||
|
## quick and dirty! TODO: replace grep -v
|
||||||
|
|
||||||
|
source ./config.sh
|
||||||
|
|
||||||
|
(cd $DATA_DIR; head -n1 $(ls | head -n1)) > $OUT
|
||||||
|
cat $DATA_DIR/* | grep -v 'Name,Land,Straße,Hausnummer' >> $OUT
|
||||||
|
|
||||||
|
wc -l $OUT
|
Loading…
Reference in New Issue