oops, remove the ,80 since port is not needed. Well, in my case it wasn't working with port. notice it gives me 404, but this with my domain<br><br>>>> att=urllib2.urlopen(site+payload,80).readlines()<br>Traceback (most recent call last):<br>
File "<stdin>", line 1, in <module><br> File "/usr/local/lib/python2.6/urllib2.py", line 124, in urlopen<br> return _opener.open(url, data, timeout)<br> File "/usr/local/lib/python2.6/urllib2.py", line 381, in open<br>
req = meth(req)<br> File "/usr/local/lib/python2.6/urllib2.py", line 1057, in do_request_<br> 'Content-length', '%d' % len(data))<br>TypeError: object of type 'int' has no len()<br>
<br>>>> att=urllib2.urlopen(site+payload).readlines()<br>Traceback (most recent call last):<br> File "<stdin>", line 1, in <module><br> File "/usr/local/lib/python2.6/urllib2.py", line 124, in urlopen<br>
return _opener.open(url, data, timeout)<br> File "/usr/local/lib/python2.6/urllib2.py", line 389, in open<br> response = meth(req, response)<br> File "/usr/local/lib/python2.6/urllib2.py", line 502, in http_response<br>
'http', request, response, code, msg, hdrs)<br> File "/usr/local/lib/python2.6/urllib2.py", line 427, in error<br> return self._call_chain(*args)<br> File "/usr/local/lib/python2.6/urllib2.py", line 361, in _call_chain<br>
result = func(*args)<br> File "/usr/local/lib/python2.6/urllib2.py", line 510, in http_error_default<br> raise HTTPError(req.get_full_url(), code, msg, hdrs, fp)<br>urllib2.HTTPError: HTTP Error 404: Not Found<br>
<br clear="all">-Alex Goretoy<br><a href="http://www.alexgoretoy.com">http://www.alexgoretoy.com</a><br><a href="mailto:somebodywhocarez@gmail.com">somebodywhocarez@gmail.com</a><br>
<br><br><div class="gmail_quote">On Sun, Jan 11, 2009 at 5:58 AM, alex goretoy <span dir="ltr"><<a href="mailto:aleksandr.goretoy@gmail.com">aleksandr.goretoy@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
I would try:<br><br>site="<a href="http://www.bput.org/" target="_blank">http://www.bput.org</a>/"<div class="Ih2E3d"><br>
payloads="<script>alert('xss')<div></script>"<br>
attack= urllib2.urlopen(site+payloads,80).readlines()</div><br><br clear="all"></div><font color="#888888">-Alex Goretoy<br><a href="http://www.alexgoretoy.com" target="_blank">http://www.alexgoretoy.com</a><br><a href="mailto:somebodywhocarez@gmail.com" target="_blank">somebodywhocarez@gmail.com</a></font><div>
<div></div><div class="Wj3C7c"><br>
<br><br><div class="gmail_quote">On Sun, Jan 11, 2009 at 2:49 AM, Steve Holden <span dir="ltr"><<a href="mailto:steve@holdenweb.com" target="_blank">steve@holdenweb.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div>Paul Rubin wrote:<br>
> asit <<a href="mailto:lipun4u@gmail.com" target="_blank">lipun4u@gmail.com</a>> writes:<br>
>> site="<a href="http://www.bput.org" target="_blank">www.bput.org</a>"<br>
>> payloads="<script>alert('xss')</script>"<br>
>> attack= urllib2.urlopen(site+payloads,80).readlines()<br>
>><br>
>> according to my best knowledge, the above code is correct.<br>
>> but why it throws exceptio ????<br>
><br>
> The code is incorrect. Look at the string ou are sending into<br>
> urlopen. What on earth are you trying to do?<br>
<br>
</div>He's investigating potential cross-site scripting vulnerabilities.<br>
<br>
regards<br>
<font color="#888888"> Steve<br>
</font><div>--<br>
Steve Holden +1 571 484 6266 +1 800 494 3119<br>
Holden Web LLC <a href="http://www.holdenweb.com/" target="_blank">http://www.holdenweb.com/</a><br>
<br>
--<br>
</div><div><div></div><div><a href="http://mail.python.org/mailman/listinfo/python-list" target="_blank">http://mail.python.org/mailman/listinfo/python-list</a><br>
</div></div></blockquote></div><br>
</div></div></blockquote></div><br>