def audit(self, freq ):
'''
Tests an URL for xsrf vulnerabilities.
@param freq: A fuzzableRequest
'''
om.out.debug( 'xsrf plugin is testing: ' + freq.getURL() )
# Vulnerable by definition
if freq.getMethod() == 'GET' and freq.getURI().hasQueryString():
# Now check if we already added this target URL to the list
already_added = [ v.getURL() for v in self._vuln_simple ]
if freq.getURL() not in already_added:
# Vulnerable and not in list, add:
v = vuln.vuln()
v.setPluginName(self.getName())
v.setURL( freq.getURL() )
v.setDc( freq.getDc() )
v.setName( 'Cross site request forgery vulnerability' )
v.setSeverity(severity.LOW)
v.setMethod( freq.getMethod() )
desc = 'The URL: ' + freq.getURL() + ' is vulnerable to cross-'
desc += 'site request forgery.'
v.setDesc( desc )
self._vuln_simple.append( v )
# This is a POST request that can be sent using a GET and querystring
# Vulnerable by definition
elif freq.getMethod() =='POST' and len ( freq.getDc() ) and \
isExchangable( self._uri_opener, freq ):
# Now check if we already added this target URL to the list
already_added = [ v.getURL() for v in self._vuln_complex ]
if freq.getURL() not in already_added:
# Vulnerable and not in list, add:
v = vuln.vuln()
v.setPluginName(self.getName())
v.setURL( freq.getURL() )
v.setSeverity(severity.LOW)
v.setDc( freq.getDc() )
v.setName( 'Cross site request forgery vulnerability' )
v.setMethod( freq.getMethod() )
msg = 'The URL: ' + freq.getURL() + ' is vulnerable to cross-'
msg += 'site request forgery. It allows the attacker to exchange'
msg += ' the method from POST to GET when sendin data to the'
msg += ' server.'
v.setDesc( msg )
self._vuln_complex.append( v )
