You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I will use PortSwigger's "Basic server-side template injection (code context)" task as an example but I have encountered same issue elsewhere.
Currently there is no way to specify a second order url however it's pretty simple to implement. I didn't add specific switch but in code I just had add two lines.
I used this command line: ./sstimap.py -u "https://0a70002e03773a3d81129428007b00eb.web-security-academy.net/my-account/change-blog-post-author-display" -d "blog-post-author-display=user.first_name&csrf=xGbHC88kaLt5KmNUTq7zw3wZ3fMDDAGx" --cookie 'session=Sk45UsfrkQRg3siVdnHxV8uBhDFG20gJ' -A -e Tornado
And changed those lines:
second_order_url="https://0a70002e03773a3d81129428007b00eb.web-security-academy.net/post?postId=6"
try:
result = requests.request(method=self.http_method, url=url_params, params=get_params, data=post_params,
headers=header_params, proxies=self.proxies, verify=self.args.get('verify_ssl'), allow_redirects=False).text
result = requests.get(second_order_url,cookies=cookies,proxies=self.proxies,verify=False).text
simple if that checks if second_order_url is in self.args should suffice IMHO.
The text was updated successfully, but these errors were encountered:
Second order based on returned data (ID of the created post)
Reset required after every attempt (deleting a comment to fix HTTP error 500)
Reset based on data
Reset or second order not being HTTP (email, websockets, ...)
Some of this cases need some extra parameters that are unlikely to be used outside of them. I decided to move requesting functionality to a separate module in the future with a way to add custom parameters for that module.
For now, I don't have a lot of time, so this functionality will appear later.
Hi there!
Any update regarding the second order feature?
I started thinking of how to implement this, so feel free to share if you already have something in mind or some prototype.
@Molx32 I have some plans to add a way to do complex workflows with any amount of requests and a possibility for second order. This would also cover cases where you need to obtain a new session or remove your payloads to recover functionality on a vulnerable page.
I will use PortSwigger's "Basic server-side template injection (code context)" task as an example but I have encountered same issue elsewhere.
Currently there is no way to specify a second order url however it's pretty simple to implement. I didn't add specific switch but in code I just had add two lines.
I used this command line:
./sstimap.py -u "https://0a70002e03773a3d81129428007b00eb.web-security-academy.net/my-account/change-blog-post-author-display" -d "blog-post-author-display=user.first_name&csrf=xGbHC88kaLt5KmNUTq7zw3wZ3fMDDAGx" --cookie 'session=Sk45UsfrkQRg3siVdnHxV8uBhDFG20gJ' -A -e Tornado
And changed those lines:
simple if that checks if second_order_url is in self.args should suffice IMHO.
The text was updated successfully, but these errors were encountered: