From 0cfa967ee9decb67375bf651a6f59344679749eb Mon Sep 17 00:00:00 2001 From: Rob Date: Sun, 2 Oct 2016 21:04:21 +0100 Subject: [PATCH] Switching CSRF and CSRF2 to use variables rather than unneccessary files --- doBackup.sh | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/doBackup.sh b/doBackup.sh index b44d8ed..fa6c717 100755 --- a/doBackup.sh +++ b/doBackup.sh @@ -1,11 +1,12 @@ #!/bin/bash -username=$1; -password=$2; +hostname=$1; +username=$2; +password=$3; -curl -Ss --insecure --cookie-jar cookies.txt https://router/diag_backup.php | grep "name='__csrf_magic'" | sed 's/.*value="\(.*\)".*/\1/' > csrf.txt +csrf=$(curl -Ss --insecure --cookie-jar /tmp/cookies.txt https://$hostname/diag_backup.php | grep "name='__csrf_magic'" | sed 's/.*value="\(.*\)".*/\1/') -curl -Ss --insecure --location --cookie-jar cookies.txt --cookie cookies.txt --data "login=Login&usernamefld=$username&passwordfld=$password&__csrf_magic=$(cat csrf.txt)" https://router/diag_backup.php | grep "name='__csrf_magic'" | sed 's/.*value="\(.*\)".*/\1/' | head -n 1 > csrf2.txt +csrf2=$(curl -Ss --insecure --location --cookie-jar cookies.txt --cookie cookies.txt --data "login=Login&usernamefld=$username&passwordfld=$password&__csrf_magic=$csrf" https://$hostname/diag_backup.php | grep "name='__csrf_magic'" | sed 's/.*value="\(.*\)".*/\1/' | head -n 1) -curl -Ss --insecure --cookie cookies.txt --cookie-jar cookies.txt --data "Submit=download&donotbackuprrd=yes&__csrf_magic=$(cat csrf2.txt)" https://router/diag_backup.php > config-router-`date +%Y%m%d%H%M%S`.xml +curl -Ss --insecure --cookie cookies.txt --cookie-jar cookies.txt --data "Submit=download&donotbackuprrd=yes&__csrf_magic=$csrf2" https://$hostname/diag_backup.php > config-router-`date +%Y%m%d%H%M%S`.xml rm csrf.txt csrf2.txt cookies.txt \ No newline at end of file