Example #1
0
    def _analyze_echo_result(self, mutant, response):
        """
        Do we have a reflected XSS?
        
        :return: None, record all the results in the kb.
        """
        # Add data for the persistent xss checking
        if self._check_persistent_xss:
            self._xss_mutants.append((mutant, response.id))

        with self._plugin_lock:

            if self._has_bug(mutant):
                return

            sent_payload = mutant.get_token_payload()

            # TODO: https://github.com/andresriancho/w3af/issues/12305
            body_lower = response.get_body().lower()
            sent_payload_lower = sent_payload.lower()

            for context in get_context_iter(body_lower, sent_payload_lower):
                if context.is_executable() or context.can_break():
                    self._report_vuln(mutant, response, sent_payload)
                    return
Example #2
0
    def _analyze_persistent_result(self, fuzzable_request, response):
        """
        After performing an HTTP request to "fuzzable_request" and getting
        "response" analyze if the response contains any of the information sent
        by any of the mutants.
        
        :return: None, Vuln (if any) are saved to the kb.
        """
        msg = 'Analyzing HTTP response %s to verify if XSS token was persisted'
        om.out.debug(msg % response.get_uri())

        if self._is_json_response(response):
            return

        body = response.get_body()

        for mutant, mutant_response_id in self._xss_mutants:

            sent_payload = mutant.get_token_payload()

            for context in get_context_iter(body, sent_payload):
                if context.is_executable() or context.can_break():
                    self._report_persistent_vuln(mutant, response,
                                                 mutant_response_id,
                                                 sent_payload,
                                                 fuzzable_request)
                    break
Example #3
0
File: xss.py Project: everping/w3af
    def _analyze_echo_result(self, mutant, response):
        """
        Do we have a reflected XSS?
        
        :return: None, record all the results in the kb.
        """
        # Add data for the persistent xss checking
        if self._check_persistent_xss:
            self._xss_mutants.append((mutant, response.id))

        with self._plugin_lock:
            
            if self._has_bug(mutant):
                return
            
            sent_payload = mutant.get_token_payload()

            # TODO: https://github.com/andresriancho/w3af/issues/12305
            body_lower = response.get_body().lower()
            sent_payload_lower = sent_payload.lower()

            for context in get_context_iter(body_lower, sent_payload_lower):
                if context.is_executable() or context.can_break():
                    self._report_vuln(mutant, response, sent_payload)
                    return
Example #4
0
    def _analyze_persistent_result(self, fuzzable_request, response):
        """
        After performing an HTTP request to "fuzzable_request" and getting
        "response" analyze if the response contains any of the information sent
        by any of the mutants.
        
        :return: None, Vuln (if any) are saved to the kb.
        """
        response_body = response.get_body()

        for mutant, mutant_response_id in self._xss_mutants:

            mod_value = mutant.get_mod_value()

            for context in get_context_iter(response_body, mod_value):
                if context.is_executable() or context.can_break(mod_value):
                    self._report_persistent_vuln(mutant, response,
                                                 mutant_response_id, mod_value,
                                                 fuzzable_request)
                    break
Example #5
0
    def _analyze_echo_result(self, mutant, response):
        """
        Do we have a reflected XSS?
        
        :return: None, record all the results in the kb.
        """
        # Add data for the persistent xss checking
        if self._check_persistent_xss:
            self._xss_mutants.append((mutant, response.id))

        with self._plugin_lock:

            if self._has_bug(mutant):
                return

            mod_value = mutant.get_mod_value()

            for context in get_context_iter(response.get_body(), mod_value):
                if context.is_executable() or context.can_break(mod_value):
                    self._report_vuln(mutant, response, mod_value)
                    return
Example #6
0
 def _analyze_persistent_result(self, fuzzable_request, response):
     """
     After performing an HTTP request to "fuzzable_request" and getting
     "response" analyze if the response contains any of the information sent
     by any of the mutants.
     
     :return: None, Vuln (if any) are saved to the kb.
     """
     response_body = response.get_body()
     
     for mutant, mutant_response_id in self._xss_mutants:
         
         mod_value = mutant.get_mod_value()
         
         for context in get_context_iter(response_body, mod_value):
             if context.is_executable() or context.can_break(mod_value):
                 self._report_persistent_vuln(mutant, response,
                                              mutant_response_id,
                                              mod_value,
                                              fuzzable_request)
                 break
Example #7
0
    def _analyze_echo_result(self, mutant, response):
        """
        Do we have a reflected XSS?
        
        :return: None, record all the results in the kb.
        """
        # Add data for the persistent xss checking
        if self._check_persistent_xss:
            self._xss_mutants.append((mutant, response.id))
        
        with self._plugin_lock:
            
            if self._has_bug(mutant):
                return
            
            mod_value = mutant.get_mod_value()

            for context in get_context_iter(response.get_body(), mod_value):
                if context.is_executable() or context.can_break(mod_value):
                    self._report_vuln(mutant, response, mod_value)
                    return
Example #8
0
File: xss.py Project: nolank86/w3af
    def _analyze_persistent_result(self, fuzzable_request, response):
        """
        After performing an HTTP request to "fuzzable_request" and getting
        "response" analyze if the response contains any of the information sent
        by any of the mutants.
        
        :return: None, Vuln (if any) are saved to the kb.
        """
        body_lower = response.get_body().lower()
        
        for mutant, mutant_response_id in self._xss_mutants:

            sent_payload = mutant.get_token_payload()
            sent_payload_lower = sent_payload.lower()

            for context in get_context_iter(body_lower, sent_payload):
                if context.is_executable() or context.can_break(sent_payload_lower):
                    self._report_persistent_vuln(mutant, response,
                                                 mutant_response_id,
                                                 sent_payload_lower,
                                                 fuzzable_request)
                    break
Example #9
0
    def _analyze_persistent_result(self, fuzzable_request, response):
        """
        After performing an HTTP request to "fuzzable_request" and getting
        "response" analyze if the response contains any of the information sent
        by any of the mutants.
        
        :return: None, Vuln (if any) are saved to the kb.
        """
        om.out.debug('Analyzing HTTP response %s to verify if XSS token was persisted.')

        body = response.get_body()

        for mutant, mutant_response_id in self._xss_mutants:

            sent_payload = mutant.get_token_payload()

            for context in get_context_iter(body, sent_payload):
                if context.is_executable() or context.can_break():
                    self._report_persistent_vuln(mutant, response,
                                                 mutant_response_id,
                                                 sent_payload,
                                                 fuzzable_request)
                    break