def handle(self, attack_event):
php_source_code_s = """<code><span style="color: #000000">
<span style="color: #0000BB"><?php<br />page </span><span style="color: #007700">= </span><span style="color: #0000BB">$_GET</span><span style="color: #007700">[</span><span style="color: #DD0000">'page'</span><span style="color: #007700">];<br />include(</span><span style="color: #0000BB">page</span><span style="color: #007700">);<br /></span><span style="color: #0000BB">?><br /></span>
</span>"""
php_source_code_w = """<?php
page = $_GET['page']; include(page); ?>"""
# php -h
# -s Output HTML syntax highlighted source.
# -w Output source with stripped comments and whitespace.
if attack_event.parsed_request.parameters == '-s' or attack_event.parsed_request.parameters == '-s+%3d':
attack_event.response = php_source_code_s
return attack_event
if attack_event.parsed_request.parameters == '-w' or attack_event.parsed_request.parameters == '-w+%3d':
attack_event.response = php_source_code_w
return attack_event
# Handle remote code execution
if attack_event.parsed_request.method == 'POST' and \
'auto_prepend_file=php://input' in attack_event.parsed_request.parameters and \
'-d' in attack_event.parsed_request.parameters:
# Read the PHP POST payload calculate the md5 checksum and save the file
# Then call the PHP sandbox and return the expected results
# TODO verify if it's a valid PHP code?
php_file_name = self.store_file(attack_event.parsed_request.body)
attack_event.response = sandbox.run(php_file_name, self.data_dir)
return attack_event
# fallback to display vulnerable source code
attack_event.response = php_source_code_w
return attack_event
def handle(self, attack_event):
if attack_event.parsed_request.method == "GET":
attack_event.file_name = self.download_file(attack_event.parsed_request.url)
elif attack_event.parsed_request.method == "POST":
# FIXME: I don't think this is going to work...
"""attack_event.file_name = self.download_file(
attack_event.parsed_request.body)"""
pass
if attack_event.file_name:
attack_event.response += sandbox.run(attack_event.file_name, self.data_dir)
return attack_event
def handle(self, attack_event):
if attack_event.http_request.command == 'GET':
attack_event.file_name = self.download_file(
attack_event.http_request.path)
elif attack_event.http_request.command == 'POST':
pass
else:
logger.error("Unsupported method: {0}".format(attack_event.http_request.command))
if attack_event.file_name:
response = sandbox.run(attack_event.file_name, self.data_dir)
attack_event.http_request.set_raw_response(response)
return attack_event
def handle(self, attack_event):
if attack_event.http_request.command == 'GET':
attack_event.file_name = self.download_file(
attack_event.http_request.path)
elif attack_event.http_request.command == 'POST':
pass
else:
logger.error("Unsupported method: {0}".format(attack_event.http_request.command))
if attack_event.file_name:
response = sandbox.run(attack_event.file_name, self.data_dir)
attack_event.http_request.set_raw_response(response)
return attack_event
def handle(self, attack_event):
if attack_event.parsed_request.method == 'GET':
attack_event.file_name = self.download_file(
attack_event.parsed_request.url)
elif attack_event.parsed_request.method == 'POST':
# FIXME: I don't think this is going to work...
"""attack_event.file_name = self.download_file(
attack_event.parsed_request.body)"""
pass
if attack_event.file_name:
attack_event.response += sandbox.run(attack_event.file_name, self.data_dir)
return attack_event
def handle(self, attack_event):
if attack_event.http_request.command == 'GET':
attack_event.file_name = self.download_file(
attack_event.http_request.path)
elif attack_event.http_request.command == 'POST':
# FIXME: I don't think this is going to work...
"""attack_event.file_name = self.download_file(
attack_event.http_request.request_body)"""
pass
if attack_event.file_name:
response = sandbox.run(attack_event.file_name, self.data_dir)
attack_event.http_request.set_raw_response(response)
return attack_event
def handle(self, attack_event):
if attack_event.http_request.command == 'GET':
attack_event.file_name = self.download_file(
attack_event.http_request.path)
elif attack_event.http_request.command == 'POST':
# FIXME: I don't think this is going to work...
"""attack_event.file_name = self.download_file(
attack_event.http_request.request_body)"""
pass
if attack_event.file_name:
response = sandbox.run(attack_event.file_name, self.data_dir)
attack_event.http_request.set_raw_response(response)
return attack_event
def handle(self, attack_event):
php_source_code_s = """<code><span style="color: #000000">
<span style="color: #0000BB"><?php<br />page </span><span style="color: #007700">= </span><span style="color: #0000BB">$_GET</span><span style="color: #007700">[</span><span style="color: #DD0000">'page'</span><span style="color: #007700">];<br />include(</span><span style="color: #0000BB">page</span><span style="color: #007700">);<br /></span><span style="color: #0000BB">?><br /></span>
</span>"""
php_source_code_w = """<?php
page = $_GET['page']; include(page); ?>"""
query_dict = attack_event.http_request.request_query
url = urllib.unquote(
attack_event.http_request.request_url).decode('utf8')
# php -h
# -s Output HTML syntax highlighted source.
# -w Output source with stripped comments and whitespace.
if '-s' in query_dict or '-s+%3d' in query_dict:
attack_event.http_request.set_raw_response(php_source_code_s)
return attack_event
if '-w' in query_dict or '-w+%3d' in query_dict:
attack_event.http_request.set_raw_response(php_source_code_w)
return attack_event
# Handle remote code execution
if attack_event.http_request.request_verb == "POST" and \
"auto_prepend_file=php://input" in url and \
'-d' in url:
print 'good stuff'
# Read the PHP POST payload calculate the md5 checksum and save the file
# Then call the PHP sandbox and return the expected results
# TODO verify if it's a valid PHP code?
php_file_name = self.store_file(
attack_event.http_request.request_body)
response = sandbox.run(php_file_name, self.data_dir)
print '---'
print response
attack_event.http_request.set_raw_response(response)
print '---'
return attack_event
# fallback to display vulnerable source code
attack_event.http_request.set_raw_response(php_source_code_w)
return attack_event
def handle(self, attack_event):
php_source_code_s = """<code><span style="color: #000000">
<span style="color: #0000BB"><?php<br />page </span><span style="color: #007700">= </span><span style="color: #0000BB">$_GET</span><span style="color: #007700">[</span><span style="color: #DD0000">'page'</span><span style="color: #007700">];<br />include(</span><span style="color: #0000BB">page</span><span style="color: #007700">);<br /></span><span style="color: #0000BB">?><br /></span>
</span>"""
php_source_code_w = """<?php
page = $_GET['page']; include(page); ?>"""
query_dict = attack_event.http_request.request_query
url = attack_event.http_request.request_url
# php -h
# -s Output HTML syntax highlighted source.
# -w Output source with stripped comments and whitespace.
if '-s' in query_dict or '-s+%3d' in query_dict:
attack_event.http_request.set_raw_response(php_source_code_s)
return attack_event
if '-w' in query_dict or '-w+%3d' in query_dict:
attack_event.http_request.set_raw_response(php_source_code_w)
return attack_event
# Handle remote code execution
if attack_event.http_request.request_verb == "POST" and \
"auto_prepend_file=php://input" in url and \
'-d' in url:
print 'good stuff'
# Read the PHP POST payload calculate the md5 checksum and save the file
# Then call the PHP sandbox and return the expected results
# TODO verify if it's a valid PHP code?
php_file_name = self.store_file(attack_event.http_request.request_body)
response = sandbox.run(php_file_name, self.data_dir)
print '---'
print response
attack_event.http_request.set_raw_response(response)
print '---'
return attack_event
# fallback to display vulnerable source code
attack_event.http_request.set_raw_response(php_source_code_w)
return attack_event
