Esempio n. 1
0
    def start(self, tag, attrib):
        """
        <vulnerability id="[87]" method="GET" name="Cross site scripting vulnerability"
                       plugin="xss" severity="Medium" url="http://moth/w3af/audit/xss/simple_xss_no_script_2.php"
                       var="text">
        """
        if tag == "vulnerability":
            name = attrib["name"]
            plugin = attrib["plugin"]

            v = MockVuln(name, None, "High", 1, plugin)
            v.set_url(URL(attrib["url"]))

            self.vulns.append(v)
Esempio n. 2
0
    def _from_html_get_vulns(self):
        vuln_url_re = re.compile('<b>URL:</b> (.*?)<br />')
        vulns = []

        for line in file(self.OUTPUT_FILE):

            mo = vuln_url_re.search(line)
            if mo:
                url = URL(mo.group(1))
                v = MockVuln('TestCase', None, 'High', 1, 'plugin')
                v.set_url(url)
                vulns.append(v)

        return vulns
Esempio n. 3
0
    def _from_txt_get_vulns(self):
        file_vulns = []
        vuln_regex = 'SQL injection in a .*? was found at: "(.*?)"' \
                     ', using HTTP method (.*?). The sent .*?data was: "(.*?)"'
        vuln_re = re.compile(vuln_regex)

        for line in file(self.OUTPUT_FILE):
            mo = vuln_re.search(line)

            if mo:
                v = MockVuln('TestCase', None, 'High', 1, 'plugin')
                v.set_url(URL(mo.group(1)))
                v.set_method(mo.group(2))

                file_vulns.append(v)

        return file_vulns
Esempio n. 4
0
    def _from_txt_get_vulns(self):
        file_vulns = []
        vuln_regex = 'SQL injection in a .*? was found at: "(.*?)"' \
                     ', using HTTP method (.*?). The sent .*?data was: "(.*?)"'
        vuln_re = re.compile(vuln_regex)

        for line in file(self.OUTPUT_FILE):
            mo = vuln_re.search(line)

            if mo:
                v = MockVuln('TestCase', None, 'High', 1, 'plugin')
                v.set_url(URL(mo.group(1)))
                v.set_method(mo.group(2))
                
                file_vulns.append(v)

        return file_vulns
Esempio n. 5
0
 def start(self, tag, attrib):
     '''
     <vulnerability id="[87]" method="GET" name="Cross site scripting vulnerability"
                    plugin="xss" severity="Medium" url="http://moth/w3af/audit/xss/simple_xss_no_script_2.php"
                    var="text">
     '''
     if tag == 'vulnerability':
         name = attrib['name']
         plugin = attrib['plugin']
         
         v = MockVuln(name, None, 'High', 1, plugin)
         v.set_url(URL(attrib['url']))
         
         self.vulns.append(v)
     
     # <body content-encoding="text">
     elif tag == 'body':
         content_encoding = attrib['content-encoding']
         
         assert content_encoding == 'text'
         self._inside_body = True
Esempio n. 6
0
    def start(self, tag, attrib):
        '''
        <vulnerability id="[87]" method="GET" name="Cross site scripting vulnerability"
                       plugin="xss" severity="Medium" url="http://moth/w3af/audit/xss/simple_xss_no_script_2.php"
                       var="text">
        '''
        if tag == 'vulnerability':
            name = attrib['name']
            plugin = attrib['plugin']

            v = MockVuln(name, None, 'High', 1, plugin)
            v.set_url(URL(attrib['url']))

            self.vulns.append(v)

        # <body content-encoding="text">
        elif tag == 'body':
            content_encoding = attrib['content-encoding']

            assert content_encoding == 'text'
            self._inside_body = True