GitHub

XCat

XCat is a command line program that aides in the exploitation of blind XPath injection vulnerabilities.

fork from https://github.com/orf/xcat.

Vulnerable Web App

https://github.com/orf/xcat_app

Example

$xcat http://127.0.0.1:4567 query query=Lawyer --true-string="Rogue"

Fix Bugs

remove url second encode,comment lines in the requester.py.

#for param in params:
#    params[param] = quote(params[param], safe='')

TypeError: cannot use a string pattern on a bytes-like object

modifiy the ansitowin32.py.

def write(self, text):
    if(isinstance(text, bytes)):
        self.__convertor.write(text.decode('utf-8'))
    else:
        self.__convertor.write(text)

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
README.md		README.md
algorithms.py		algorithms.py
cli.py		cli.py
display.py		display.py
features.py		features.py
oob.py		oob.py
payloads.py		payloads.py
requester.py		requester.py
shell.py		shell.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

XCat

Vulnerable Web App

Example

Fix Bugs

About

Releases

Packages

Languages

ru0/xcat

Folders and files

Latest commit

History

Repository files navigation

XCat

Vulnerable Web App

Example

Fix Bugs

About

Topics

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages