Switching CSRF and CSRF2 to use variables rather than unneccessary files

mintsoft · Nov 27, 2016 · 0cfa967 · 0cfa967
1 parent 4d901a6
commit 0cfa967
Showing 1 changed file with 6 additions and 5 deletions.
diff --git a/doBackup.sh b/doBackup.sh
@@ -1,11 +1,12 @@
 #!/bin/bash
-username=$1;
-password=$2;
+hostname=$1;
+username=$2;
+password=$3;
 
-curl -Ss --insecure --cookie-jar cookies.txt https://router/diag_backup.php | grep "name='__csrf_magic'" | sed 's/.*value="\(.*\)".*/\1/' > csrf.txt
+csrf=$(curl -Ss --insecure --cookie-jar /tmp/cookies.txt https://$hostname/diag_backup.php | grep "name='__csrf_magic'" | sed 's/.*value="\(.*\)".*/\1/')
 
-curl -Ss --insecure --location --cookie-jar cookies.txt --cookie cookies.txt --data "login=Login&usernamefld=$username&passwordfld=$password&__csrf_magic=$(cat csrf.txt)" https://router/diag_backup.php  | grep "name='__csrf_magic'" | sed 's/.*value="\(.*\)".*/\1/' | head -n 1 > csrf2.txt
+csrf2=$(curl -Ss --insecure --location --cookie-jar cookies.txt --cookie cookies.txt --data "login=Login&usernamefld=$username&passwordfld=$password&__csrf_magic=$csrf" https://$hostname/diag_backup.php | grep "name='__csrf_magic'" | sed 's/.*value="\(.*\)".*/\1/' | head -n 1)
 
-curl -Ss --insecure --cookie cookies.txt --cookie-jar cookies.txt --data "Submit=download&donotbackuprrd=yes&__csrf_magic=$(cat csrf2.txt)" https://router/diag_backup.php > config-router-`date +%Y%m%d%H%M%S`.xml
+curl -Ss --insecure --cookie cookies.txt --cookie-jar cookies.txt --data "Submit=download&donotbackuprrd=yes&__csrf_magic=$csrf2" https://$hostname/diag_backup.php > config-router-`date +%Y%m%d%H%M%S`.xml
 
 rm csrf.txt csrf2.txt cookies.txt