def attack_upload(self, original_request):
# Should not yield request as it will mark it as attacked
mutator = FileMutator(payloads=self.payloads)
current_parameter = None
vulnerable_parameter = False
for mutated_request, parameter, payload, flags in mutator.mutate(original_request):
try:
if current_parameter != parameter:
# Forget what we know about current parameter
current_parameter = parameter
vulnerable_parameter = False
elif vulnerable_parameter:
# If parameter is vulnerable, just skip till next parameter
continue
if self.verbose == 2:
print("[¨] {0}".format(mutated_request))
try:
response = self.crawler.send(mutated_request)
except RequestException as exception:
yield exception
else:
pattern = search_pattern(response.content, self.flag_to_patterns(flags))
if pattern and not self.false_positive(original_request, pattern):
self.add_vuln(
request_id=original_request.path_id,
category=Vulnerability.XXE,
level=Vulnerability.HIGH_LEVEL,
request=mutated_request,
info="XXE vulnerability leading to file disclosure",
parameter=parameter
)
self.log_red("---")
self.log_red(
Vulnerability.MSG_PARAM_INJECT,
self.MSG_VULN,
original_request.url,
parameter
)
self.log_red(Vulnerability.MSG_EVIL_REQUEST)
self.log_red(mutated_request.http_repr())
self.log_red("---")
vulnerable_parameter = True
self.vulnerables.add(original_request.path_id)
except KeyboardInterrupt as exception:
yield exception
async def attack_upload(self, original_request):
mutator = FileMutator(payloads=self.payloads)
current_parameter = None
vulnerable_parameter = False
for mutated_request, parameter, _payload, flags in mutator.mutate(original_request):
if current_parameter != parameter:
# Forget what we know about current parameter
current_parameter = parameter
vulnerable_parameter = False
elif vulnerable_parameter:
# If parameter is vulnerable, just skip till next parameter
continue
if self.verbose == 2:
print("[¨] {0}".format(mutated_request))
try:
response = await self.crawler.async_send(mutated_request)
except RequestError:
self.network_errors += 1
else:
pattern = search_pattern(response.content, self.flag_to_patterns(flags))
if pattern and not await self.false_positive(original_request, pattern):
self.add_vuln(
request_id=original_request.path_id,
category=NAME,
level=HIGH_LEVEL,
request=mutated_request,
info="XXE vulnerability leading to file disclosure",
parameter=parameter
)
self.log_red("---")
self.log_red(
Messages.MSG_PARAM_INJECT,
self.MSG_VULN,
original_request.url,
parameter
)
self.log_red(Messages.MSG_EVIL_REQUEST)
self.log_red(mutated_request.http_repr())
self.log_red("---")
vulnerable_parameter = True
self.vulnerables.add(original_request.path_id)