def is_injectable(self, mutant, delay_obj): """ Check if this mutant is delay injectable or not. @mutant: The mutant object that I have to inject to :return: A vulnerability object or None if nothing is found """ ed = ExactDelayController(mutant, delay_obj, self._uri_opener) ed.set_debugging_id(self.get_debugging_id()) success, responses = ed.delay_is_controlled() if success: # Now I can be sure that I found a vuln, we control the response # time with the delay desc = 'Blind SQL injection using time delays was found at: %s' desc %= mutant.found_at() response_ids = [r.id for r in responses] v = Vuln.from_mutant('Blind SQL injection vulnerability', desc, severity.HIGH, response_ids, 'blind_sqli', mutant) om.out.debug(v.get_desc()) return v
def is_injectable(self, mutant, delay_obj): """ Check if this mutant is delay injectable or not. @mutant: The mutant object that I have to inject to :return: A vulnerability object or None if nothing is found """ ed = ExactDelayController(mutant, delay_obj, self._uri_opener) ed.set_debugging_id(self.get_debugging_id()) success, responses = ed.delay_is_controlled() if success: # Now I can be sure that I found a vuln, we control the response # time with the delay desc = 'Blind SQL injection using time delays was found at: %s' desc = desc % mutant.found_at() response_ids = [r.id for r in responses] v = Vuln.from_mutant('Blind SQL injection vulnerability', desc, severity.HIGH, response_ids, 'blind_sqli', mutant) om.out.debug(v.get_desc()) return v
json_str = file(os.path.join(root, file_name)).read() yield language, json.loads(json_str) def _find_delay_in_mutant(self, (mutant, delay_obj), debugging_id=None): """ Try to delay the response and save a vulnerability if successful :param mutant: The mutant to modify and test :param delay_obj: The delay to use :param debugging_id: The debugging ID for logging """ if self._has_bug(mutant): return ed = ExactDelayController(mutant, delay_obj, self._uri_opener) ed.set_debugging_id(debugging_id) success, responses = ed.delay_is_controlled() if not success: return desc = 'Insecure deserialization vulnerability was found at: %s' desc %= mutant.found_at() v = Vuln.from_mutant('Insecure deserialization', desc, severity.HIGH, [r.id for r in responses], self.get_name(), mutant) self.kb_append_uniq(self, 'deserialization', v) def get_plugin_deps(self):