oops, remove the ,80 since port is not needed. Well, in my case it wasn't working with port. notice it gives me 404, but this with my domain
>>> att=urllib2.urlopen(site+payload,80).readlines() Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/local/lib/python2.6/urllib2.py", line 124, in urlopen return _opener.open(url, data, timeout) File "/usr/local/lib/python2.6/urllib2.py", line 381, in open req = meth(req) File "/usr/local/lib/python2.6/urllib2.py", line 1057, in do_request_ 'Content-length', '%d' % len(data)) TypeError: object of type 'int' has no len() >>> att=urllib2.urlopen(site+payload).readlines() Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/local/lib/python2.6/urllib2.py", line 124, in urlopen return _opener.open(url, data, timeout) File "/usr/local/lib/python2.6/urllib2.py", line 389, in open response = meth(req, response) File "/usr/local/lib/python2.6/urllib2.py", line 502, in http_response 'http', request, response, code, msg, hdrs) File "/usr/local/lib/python2.6/urllib2.py", line 427, in error return self._call_chain(*args) File "/usr/local/lib/python2.6/urllib2.py", line 361, in _call_chain result = func(*args) File "/usr/local/lib/python2.6/urllib2.py", line 510, in http_error_default raise HTTPError(req.get_full_url(), code, msg, hdrs, fp) urllib2.HTTPError: HTTP Error 404: Not Found -Alex Goretoy http://www.alexgoretoy.com somebodywhoca...@gmail.com On Sun, Jan 11, 2009 at 5:58 AM, alex goretoy <aleksandr.gore...@gmail.com>wrote: > I would try: > > site="http://www.bput.org/" > payloads="<script>alert('xss')</script>" > attack= urllib2.urlopen(site+payloads,80).readlines() > > > -Alex Goretoy > http://www.alexgoretoy.com > somebodywhoca...@gmail.com > > > > On Sun, Jan 11, 2009 at 2:49 AM, Steve Holden <st...@holdenweb.com> wrote: > >> Paul Rubin wrote: >> > asit <lipu...@gmail.com> writes: >> >> site="www.bput.org" >> >> payloads="<script>alert('xss')</script>" >> >> attack= urllib2.urlopen(site+payloads,80).readlines() >> >> >> >> according to my best knowledge, the above code is correct. >> >> but why it throws exceptio ???? >> > >> > The code is incorrect. Look at the string ou are sending into >> > urlopen. What on earth are you trying to do? >> >> He's investigating potential cross-site scripting vulnerabilities. >> >> regards >> Steve >> -- >> Steve Holden +1 571 484 6266 +1 800 494 3119 >> Holden Web LLC http://www.holdenweb.com/ >> >> -- >> http://mail.python.org/mailman/listinfo/python-list >> > >
-- http://mail.python.org/mailman/listinfo/python-list