def _hasNoBug(self, plugin_name, kb_name, uri, variable):
'''
Verify if a (uri, variable) has a reported vulnerability in the kb or not.
@parameter plugin_name: The name of the plugin that supposingly reported the vulnerability
@parameter kb_name: The name of the variable in the kb, where the vulnerability was saved.
@parameter uri: The url object where we should search for bugs.
@parameter variable: The variable that is queried for bugs.
@return: True if the (uri, variable) has NO vulnerabilities reported.
'''
vuln_list = kb.getData(plugin_name, kb_name)
url = uri.uri2url()
for vuln in vuln_list:
if vuln.getVar() == variable and vuln.getURL().uri2url() == url:
return False
return True
def _hasNoBug( self, plugin_name, kb_name, uri, variable ):
'''
Verify if a (uri, variable) has a reported vulnerability in the kb or not.
@parameter plugin_name: The name of the plugin that supposingly reported the vulnerability
@parameter kb_name: The name of the variable in the kb, where the vulnerability was saved.
@parameter uri: The url object where we should search for bugs.
@parameter variable: The variable that is queried for bugs.
@return: True if the (uri, variable) has NO vulnerabilities reported.
'''
vuln_list = kb.getData( plugin_name , kb_name )
url = uri.uri2url()
for vuln in vuln_list:
if vuln.getVar() == variable and vuln.getURL().uri2url() == url:
return False
return True
def end( self ):
'''
This method is called to check for permanent Xss.
Many times a xss isn't on the page we get after the GET/POST of the xss string.
This method searches for the xss string on all the pages that are available.
@return: None, vulns are saved to the kb.
'''
# self._tm.join( self )
if self._check_stored_xss:
for fuzzable_request in self._fuzzableRequests:
response = self._sendMutant(fuzzable_request, analyze=False,
useCache=False)
for mutant, mutant_response_id in self._xssMutants:
# Remember that httpResponse objects have a faster "__in__" than
# the one in strings; so string in response.getBody() is slower than
# string in response
if mutant.getModValue() in response:
v = vuln.vuln( mutant )
v.setPluginName(self.getName())
v.setURL( fuzzable_request.getURL() )
v.setDc( fuzzable_request.getDc() )
v.setMethod( fuzzable_request.getMethod() )
v['permanent'] = True
v['write_payload'] = mutant
v['read_payload'] = fuzzable_request
v.setName( 'Permanent cross site scripting vulnerability' )
v.setSeverity(severity.HIGH)
msg = 'Permanent Cross Site Scripting was found at: ' + response.getURL()
msg += ' . Using method: ' + v.getMethod() + '. The XSS was sent to the'
msg += ' URL: ' + mutant.getURL()+ '. ' + mutant.printModValue()
v.setDesc( msg )
v.setId( [response.id, mutant_response_id] )
v.addToHighlight( mutant.getModValue() )
kb.append( self, 'xss', v )
break
self.printUniq( kb.getData( 'xss', 'xss' ), 'VAR' )
