Ejemplo n.º 1
0
    def audit(self, freq ):
        '''
        Tests an URL for xsrf vulnerabilities.
        
        @param freq: A fuzzableRequest
        '''
        om.out.debug( 'xsrf plugin is testing: ' + freq.getURL() )

        # Vulnerable by definition
        if freq.getMethod() == 'GET' and freq.getURI().hasQueryString():
            
            # Now check if we already added this target URL to the list
            already_added = [ v.getURL() for v in self._vuln_simple ]
            if freq.getURL() not in already_added:
                
                # Vulnerable and not in list, add:
                v = vuln.vuln()
                v.setPluginName(self.getName())
                v.setURL( freq.getURL() )
                v.setDc( freq.getDc() )
                v.setName( 'Cross site request forgery vulnerability' )
                v.setSeverity(severity.LOW)
                v.setMethod( freq.getMethod() )
                desc = 'The URL: ' + freq.getURL() + ' is vulnerable to cross-'
                desc += 'site request forgery.'
                v.setDesc( desc )
                self._vuln_simple.append( v )
        
        # This is a POST request that can be sent using a GET and querystring
        # Vulnerable by definition
        elif freq.getMethod() =='POST' and len ( freq.getDc() ) and \
             isExchangable( self._uri_opener, freq ):
            
            # Now check if we already added this target URL to the list
            already_added = [ v.getURL() for v in self._vuln_complex ]
            if freq.getURL() not in already_added:
                
                # Vulnerable and not in list, add:
                v = vuln.vuln()
                v.setPluginName(self.getName())
                v.setURL( freq.getURL() )
                v.setSeverity(severity.LOW)
                v.setDc( freq.getDc() )
                v.setName( 'Cross site request forgery vulnerability' )
                v.setMethod( freq.getMethod() )
                msg = 'The URL: ' + freq.getURL() + ' is vulnerable to cross-'
                msg += 'site request forgery. It allows the attacker to exchange'
                msg += ' the method from POST to GET when sendin data to the'
                msg += ' server.'
                v.setDesc( msg )
                self._vuln_complex.append( v )