def is_injectable(self, mutant, delay_obj):
        """
        Check if this mutant is delay injectable or not.

        @mutant: The mutant object that I have to inject to
        :return: A vulnerability object or None if nothing is found
        """
        ed = ExactDelayController(mutant, delay_obj, self._uri_opener)
        ed.set_debugging_id(self.get_debugging_id())
        success, responses = ed.delay_is_controlled()

        if success:
            # Now I can be sure that I found a vuln, we control the response
            # time with the delay
            desc = 'Blind SQL injection using time delays was found at: %s'
            desc %= mutant.found_at()

            response_ids = [r.id for r in responses]

            v = Vuln.from_mutant('Blind SQL injection vulnerability', desc,
                                 severity.HIGH, response_ids, 'blind_sqli',
                                 mutant)

            om.out.debug(v.get_desc())

            return v
    def is_injectable(self, mutant, delay_obj):
        """
        Check if this mutant is delay injectable or not.

        @mutant: The mutant object that I have to inject to
        :return: A vulnerability object or None if nothing is found
        """
        ed = ExactDelayController(mutant, delay_obj, self._uri_opener)
        ed.set_debugging_id(self.get_debugging_id())
        success, responses = ed.delay_is_controlled()

        if success:
            # Now I can be sure that I found a vuln, we control the response
            # time with the delay
            desc = 'Blind SQL injection using time delays was found at: %s'
            desc = desc % mutant.found_at()

            response_ids = [r.id for r in responses]

            v = Vuln.from_mutant('Blind SQL injection vulnerability', desc,
                                 severity.HIGH, response_ids, 'blind_sqli',
                                 mutant)

            om.out.debug(v.get_desc())

            return v
Beispiel #3
0
                    json_str = file(os.path.join(root, file_name)).read()
                    yield language, json.loads(json_str)

    def _find_delay_in_mutant(self, (mutant, delay_obj), debugging_id=None):
        """
        Try to delay the response and save a vulnerability if successful

        :param mutant: The mutant to modify and test
        :param delay_obj: The delay to use
        :param debugging_id: The debugging ID for logging
        """
        if self._has_bug(mutant):
            return

        ed = ExactDelayController(mutant, delay_obj, self._uri_opener)
        ed.set_debugging_id(debugging_id)
        success, responses = ed.delay_is_controlled()

        if not success:
            return

        desc = 'Insecure deserialization vulnerability was found at: %s'
        desc %= mutant.found_at()

        v = Vuln.from_mutant('Insecure deserialization', desc,
                             severity.HIGH, [r.id for r in responses],
                             self.get_name(), mutant)

        self.kb_append_uniq(self, 'deserialization', v)

    def get_plugin_deps(self):