How to find precise nonce values from a virtualhost directory?


 
Thread Tools Search this Thread
Top Forums UNIX for Beginners Questions & Answers How to find precise nonce values from a virtualhost directory?
# 1  
Old 04-15-2020
How to find precise nonce values from a virtualhost directory?

I am unable to grep nonce values from various files in a directory, values are similar to nonce="736ee1470b", nonce="5a5cb02bc7" and nonce='268b7857a4ef3f4331efaad5ae975b6025c789b71c5c4e5bb001db7bbf9c4c07'.


When I use grep, the console gets filed up with long gibberish like this

Code:
response",what:"",alt:"alternate",altOffset:0,addColor:"#ffff33",delColor:"#faafaa",dimAddColor:"#ffff33",dimDelColor:"#ff3333",confirm:null,addBefore:null,addAfter:null,delBefore:null,delAfter:null,dimBefore:null,dimAfter:null},nonce:function(e,t){var n=wpAjax.unserialize(e.attr("href")),i=u("#"+t.element);return t.nonce||n._ajax_nonce||i.find('input[name="_ajax_nonce"]').val()||n._wpnonce||i.find('input[name="_wpnonce"]').val()||0},parseData:function(e,t){var n,i=[];try{(n=(n=u(e).data("wp-lists")||"").match(new RegExp(t+":[\\S]+")))&&(i=n[0].split(":"))}catch(e){}return i},pre:function(e,t,n){var i,o,s;return t=u.extend({},this.wpList.settings,{element:null,nonce:0,target:e.get(0)},t||{}),!(u.isFunction(t.confirm)&&(i=u("#"+t.element),"add"!==n&&(o=i.css("backgroundColor"),i.css("backgroundColor","#ff9966")),s=t.confirm.call(this,e,t,n,o),"add"!==n&&i.css("backgroundColor",o),!s))&&t},ajaxAdd:function(e,n){var t,i,o,s,a=this,l=u(e),r=p.parseData(l,"add");return n=n||{},(n=p.pre.call(a,l,n,"add")).element=r[2]||l.prop("id")||n.element||null,n.addColor=r[3]?"#"+r[3]:n.addColor,!!n&&(l.is('[id="'+n.element+'-submit"]')?!n.element||(n.action="add-"+n.what,n.nonce=p.nonce(l,n),!!wpAjax.validateForm("#"+n.element)&&(n.data=u.param(u.extend({_ajax_nonce:n.nonce,action:n.action},wpAjax.unserialize(r[4]||""))),t=u("#"+n.element+" :input").not('[name="_ajax_nonce"], [name="_wpnonce"], [name="action"]'),(i=u.isFunction(t.fieldSerialize)?t.fieldSerialize():t.serialize())&&(n.data+="&"+i),!(!u.isFunction(n.addBefore)||(n=n.addBefore(n)))||(!n.data.match(/_ajax_nonce=[a-f0-9]+/)||(n.success=function(e){return o=wpAjax.parseAjaxResponse(e,n.response,n.element),s=e,!(!o||o.errors)&&(!0===o||(u.each(o.responses,function(){p.add.call(a,this.data,u.extend({},n,{position:this.position||0,id:this.id||0,oldId:this.oldId||null}))}),a.wpList.recolor(),u(a).trigger("wpListAddEnd",[n,a.wpList]),void p.clear.call(a,"#"+n.element)))},n.complete=function(e,t){u.isFunction(n.addAfter)&&n.addAfter(s,u.extend({xml:e,status:t,parsed:o},n))},u.ajax(n),!1)))):!p.add.call(a,l,n))},ajaxDel:function(e,n){var i,o,s,t=this,a=u(e),l=p.parseData(a,"delete");return n=n||{},(n=p.pre.call(t,a,n,"delete")).element=l[2]||n.element||null,n.delColor=l[3]?"#"+l[3]:n.delColor,!(!n||

I am using
Code:
find . | xargs grep -sw 'nonce=' | grep [[:alnum:]]

Please let me know how to extract precise values.
# 2  
Old 04-15-2020
Wouldn't some decent, representative input sample data be wonderful?
Try
Code:
grep -o "nonce=['\"][^'\"]*['\"]" file

This User Gave Thanks to RudiC For This Post:
# 3  
Old 04-15-2020
Quote:
Originally Posted by RudiC
Wouldn't some decent, representative input sample data be wonderful?
Try
Code:
grep -o "nonce=['\"][^'\"]*['\"]" file


Thank you. That printed all cached files from ./wp-content/cache/wpo-cache/5X.XX.XX.XX/index.html, I will try using them in CSP. I guess all nonces are there in cached content.
# 4  
Old 04-16-2020
Even more precise is
Code:
grep -Eo "nonce=('[^']*'|\"[^\"]*\")" file

where a ' ' may contain a " and vice versa.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

[zenity] precise progress bar

Hello everyone, Is it possible to have a precise progress bar in zenity during the execution of the following: find -type f \( -not -name "$file_name".md5 \) -exec md5sum '{}' \; > "$file_name".md5Currently I am using zenity --title="Running..." --progress --pulsate --auto-close... (1 Reply)
Discussion started by: soichiro
1 Replies

2. Shell Programming and Scripting

SVN for actual VirtualHost

hi, Earlier I had this thread posted on "UNIX for Experts" Group here in unix.com, but somehow no one bothered to respond, so I thought someone might be able to help me here. In short, I have to make accessible a directory via SVN to all 5 developers, call it /var/www/html/beta3 ... (0 Replies)
Discussion started by: busyboy
0 Replies

3. Linux

Apache/2.2.25 VirtualHost not working

I am having problems in implementing the virtual hosts here in my server. I have this one cloud dev server: Amazon Linux AMI release 2013.03 (based on RHEL like CentOS) with Apache 2.2.25 installed and I'm trying to create 2 virtual hosts: test-kalc.tk and test2-kalc.tk. If I go to... (2 Replies)
Discussion started by: jpdoria
2 Replies

4. Solaris

Precise system uptime??

OK folks, my first post here.. hope the community can come up with a clever solution. Cross posting this in the Solaris and Shell scripting forums, as problem is scripting problem specifically on Solaris platform. I am trying to detect a host's uptime with greater precision than is offered up... (1 Reply)
Discussion started by: Yeaboem
1 Replies

5. Shell Programming and Scripting

Solaris, Perl, and precise system uptime??

OK folks, my first post here.. hope the community can come up with a clever solution. Cross posting this in the Solaris and Shell scripting forums, as problem is scripting problem specifically on Solaris platform. I am trying to detect a host's uptime with greater precision than is offered up... (1 Reply)
Discussion started by: Yeaboem
1 Replies

6. Shell Programming and Scripting

virtualhost script

can anyone help me to write a script to delete the virtualhost entry in apache vhosts.conf file: hint: when i enter ./deletedomain test.com it should delete the test.com virtualhost entry from vhosts.conf file (2 Replies)
Discussion started by: pssooraj72
2 Replies

7. Shell Programming and Scripting

find values between values in two different fields

Hi, I need help to find values between two different fields based on $6 (NUM) AND $1 (CD), within the same ID. The result should show the values between the NUMs which will be extracted from within $3 and $2 in data.txt file below. data.txt ex 139 142 Sc_1000004 ID 4 CD ... (2 Replies)
Discussion started by: redse171
2 Replies

8. Web Development

Apache virtualhost dinternal domain

Hello, I have have installed two web applications on one server with one IP address and one domain name (mynet.intra). Is it possible to configure in apache 2.2 that access to one application would be from "app1.mynet.intra" and to another application from address "app2.mynet.intra"? Document... (1 Reply)
Discussion started by: kreno
1 Replies

9. Web Development

Apache: Forward Proxy Via Virtualhost

I've set up a forward proxy within a VirtualHost (see below) on Apache 2.2.11. I then browse using mydomain.com:80 as the proxy - I've also tried using the IP address of the VirtualHost xxx.xxx.xxx.xxx:80. It works fine, the only problem is that in both cases the server's main IP address is always... (2 Replies)
Discussion started by: krunksta
2 Replies

10. UNIX for Dummies Questions & Answers

Apache httpd.conf <VirtualHost> issue

I have just configured httpd.conf on a new Redhat 9 install. Below are my additions to httpd.conf. Everything works fine except that when typing http://spetnik.d2g.com into my web browser, I am sent to the "Default catch all" site. Any clues? NameVirtualHost *:80 #Default catch all ... (5 Replies)
Discussion started by: Spetnik
5 Replies
Login or Register to Ask a Question