def putfunc(engine):
template = request.values.get('tpl')
if not template:
template = '%s'
injection = request.values.get('inj')
if engine == 'mako':
return MakoTemplates(template % injection).render()
elif engine == 'jinja2':
return Jinja2Template(template % injection).render()
def putfunc(engine):
template = request.values.get('tpl')
if not template:
template = '%s'
injection = request.values.get('inj')
if engine == 'mako':
return MakoTemplates(template % injection, lookup=mylookup).render()
elif engine == 'jinja2':
return Jinja2Env.from_string(template % injection).render()
def headerfunc(engine):
template = request.headers.get('tpl')
if not template:
template = '%s'
injection = request.headers.get('User-Agent')
if engine == 'mako':
return MakoTemplates(template % injection).render()
elif engine == 'jinja2':
return Jinja2Template(template % injection).render()
def headerfunc(engine):
template = request.headers.get('tpl')
if not template:
template = '%s'
injection = request.headers.get('User-Agent')
if engine == 'mako':
return randomword() + MakoTemplates(
template % injection, lookup=mylookup).render() + randomword()
elif engine == 'jinja2':
return randomword() + Jinja2Env.from_string(
template % injection).render() + randomword()
def reflect(engine):
template = request.values.get('tpl')
if not template:
template = '%s'
injection = request.values.get('inj')
if engine == 'mako':
return randomword() + MakoTemplates(
template % injection, lookup=mylookup).render() + randomword()
elif engine == 'jinja2':
return randomword() + Jinja2Env.from_string(
template % injection).render() + randomword()
def limited(engine):
template = request.values.get('tpl')
if not template:
template = '%s'
length = int(request.values.get('limit', 6))
injection = request.values.get('inj', '')
if len(injection) > length:
return 'Inj too long'
if engine == 'mako':
return MakoTemplates(template % injection).render()
elif engine == 'jinja2':
return Jinja2Template(template % injection).render()
def limited(engine):
template = request.values.get('tpl')
if not template:
template = '%s'
length = int(request.values.get('limit'))
injection = request.values.get('inj', '')
if len(injection) > length:
return 'Inj too long'
if engine == 'mako':
return randomword() + MakoTemplates(
template % injection, lookup=mylookup).render() + randomword()
elif engine == 'jinja2':
return randomword() + Jinja2Env.from_string(
template % injection).render() + randomword()
def startswithtest(engine):
template = request.values.get('tpl')
if not template:
template = '%s'
str_startswith = request.values.get('startswith')
injection = request.values.get('inj', '')
if not injection.startswith(str_startswith):
return 'Missing startswith'
if engine == 'mako':
return randomword() + MakoTemplates(
template % injection, lookup=mylookup).render() + randomword()
elif engine == 'jinja2':
return randomword() + Jinja2Env.from_string(
template % injection).render() + randomword()
def url_reflect(engine, injection):
template = request.values.get('tpl')
if not template:
template = '%s'
if engine == 'mako':
return randomword() + MakoTemplates(
template % injection, lookup=mylookup).render() + randomword()
elif engine == 'jinja2':
return randomword() + Jinja2Env.from_string(
template % injection).render() + randomword()
elif engine == 'eval':
return randomword() + str(eval(template % injection)) + randomword()
elif engine == 'tornado':
return randomword() + tornado.template.Template(
template % injection).generate() + randomword()
def blind(engine):
template = request.values.get('tpl')
if not template:
template = '%s'
injection = request.values.get('inj')
if engine == 'mako':
MakoTemplates(template % injection, lookup=mylookup).render()
elif engine == 'jinja2':
Jinja2Env.from_string(template % injection).render()
elif engine == 'eval':
eval(template % injection)
elif engine == 'tornado':
tornado.template.Template(template % injection).generate()
return randomword()
def reflect_cookieauth(engine):
if not request.cookies.get('SID') == 'SECRET':
return randomword()
template = request.values.get('tpl')
if not template:
template = '%s'
injection = request.values.get('inj')
if engine == 'mako':
return randomword() + MakoTemplates(
template % injection, lookup=mylookup).render() + randomword()
elif engine == 'jinja2':
return randomword() + Jinja2Env.from_string(
template % injection).render() + randomword()
elif engine == 'eval':
return randomword() + str(eval(template % injection)) + randomword()
elif engine == 'tornado':
return randomword() + tornado.template.Template(
template % injection).generate() + randomword()
