def test_from_parts(self):
u = URL.from_parts('http', 'w3af.com', '/foo/bar.txt', None, 'a=b',
'frag')
self.assertEqual(u.path, '/foo/bar.txt')
self.assertEqual(u.scheme, 'http')
self.assertEqual(u.get_file_name(), 'bar.txt')
self.assertEqual(u.get_extension(), 'txt')
def _create_file(self):
'''
Create random name file php with random php content. To be used in the
remote file inclusion test.
:return: The file content to be served via the webserver.
Please note that the generated code works both in PHP and JSP without
any issues, since PHP will run everything between "<?" and "?>" and
JSP will run code between "<%" and "%>".
TODO: make this code compatible with: asp/aspx, jsp, js (nodejs), pl,
py, rb, etc. Some code snippets that might help to achieve this
task:
asp_code = 'response.write("%s");\n response.write("%s");' % (
rand1, rand2)
asp_code = '<% \n '+asp_code+'\n %>'
'''
with self._plugin_lock:
# First, generate the php file to be included.
rfi_result_part_1 = rand1 = rand_alnum(9)
rfi_result_part_2 = rand2 = rand_alnum(9)
rfi_result = rand1 + rand2
filename = rand_alnum(8)
php_jsp_code = '<? echo "%s"; echo "%s"; ?>'
php_jsp_code += '<%% out.print("%s"); out.print("%s"); %%>'
php_jsp_code = php_jsp_code % (rand1, rand2, rand1, rand2)
# Define the required parameters
netloc = self._listen_address + ':' + str(self._listen_port)
path = '/' + filename
rfi_url = URL.from_parts('http', netloc, path, None, None, None)
rfi_data = RFIData(
rfi_url, rfi_result_part_1, rfi_result_part_2, rfi_result)
return php_jsp_code, rfi_data
def _create_file(self):
'''
Create random name file php with random php content. To be used in the
remote file inclusion test.
:return: The file content to be served via the webserver.
Please note that the generated code works both in PHP and JSP without
any issues, since PHP will run everything between "<?" and "?>" and
JSP will run code between "<%" and "%>".
TODO: make this code compatible with: asp/aspx, jsp, js (nodejs), pl,
py, rb, etc. Some code snippets that might help to achieve this
task:
asp_code = 'response.write("%s");\n response.write("%s");' % (
rand1, rand2)
asp_code = '<% \n '+asp_code+'\n %>'
'''
with self._plugin_lock:
# First, generate the php file to be included.
rfi_result_part_1 = rand1 = rand_alnum(9)
rfi_result_part_2 = rand2 = rand_alnum(9)
rfi_result = rand1 + rand2
filename = rand_alnum(8)
php_jsp_code = '<? echo "%s"; echo "%s"; ?>'
php_jsp_code += '<%% out.print("%s"); out.print("%s"); %%>'
php_jsp_code = php_jsp_code % (rand1, rand2, rand1, rand2)
# Define the required parameters
netloc = self._listen_address + ':' + str(self._listen_port)
path = '/' + filename
rfi_url = URL.from_parts('http', netloc, path, None, None, None)
rfi_data = RFIData(rfi_url, rfi_result_part_1, rfi_result_part_2,
rfi_result)
return php_jsp_code, rfi_data
