Esempio n. 1
0
    def test_from_template(self):
        fut = FileUploadTemplate()
        
        options = fut.get_options()
        options['url'].set_value('http://moth/w3af/audit/file_upload/uploader.php')
        options['data'].set_value('uploadedfile=&MAX_FILE_SIZE=10000000')
        options['file_vars'].set_value('uploadedfile')
        options['file_dest'].set_value('http://moth/w3af/audit/file_upload/uploads/')
        options['vulnerable_parameter'].set_value('uploadedfile')
        fut.set_options(options)

        fut.store_in_kb()
        vuln = self.kb.get(*fut.get_kb_location())[0]
        vuln_to_exploit_id = vuln.get_id()
        
        self._exploit_vuln(vuln_to_exploit_id, 'file_upload')
        
Esempio n. 2
0
    def test_from_template_534(self):
        fut = FileUploadTemplate()

        base_url = get_php_moth_http('/audit/file_upload/strange_extension_534/')

        options = fut.get_options()
        options['url'].set_value(base_url + 'uploader.534')
        options['data'].set_value('uploadedfile=&MAX_FILE_SIZE=10000000')
        options['file_vars'].set_value('uploadedfile')
        options['file_dest'].set_value(get_php_moth_http('/audit/file_upload/trivial/uploads/'))
        options['vulnerable_parameter'].set_value('uploadedfile')
        fut.set_options(options)

        fut.store_in_kb()
        vuln = self.kb.get(*fut.get_kb_location())[0]
        vuln_to_exploit_id = vuln.get_id()

        self._exploit_vuln(vuln_to_exploit_id, 'file_upload')
Esempio n. 3
0
    def test_from_template_534(self):
        fut = FileUploadTemplate()

        base_url = get_php_moth_http('/audit/file_upload/strange_extension_534/')

        options = fut.get_options()
        options['url'].set_value(base_url + 'uploader.534')
        options['data'].set_value('uploadedfile=&MAX_FILE_SIZE=10000000')
        options['file_vars'].set_value('uploadedfile')
        options['file_dest'].set_value(get_php_moth_http('/audit/file_upload/trivial/uploads/'))
        options['vulnerable_parameter'].set_value('uploadedfile')
        fut.set_options(options)

        fut.store_in_kb()
        vuln = self.kb.get(*fut.get_kb_location())[0]
        vuln_to_exploit_id = vuln.get_id()

        self._exploit_vuln(vuln_to_exploit_id, 'file_upload')