def test_no_reflection(self): channel = Channel({ 'url': 'http://127.0.0.1:15001/reflect/mako?inj2=asd2', 'force_level': [0, 0], 'injection_tag': '*' }) detect_template_injection(channel, [Mako]) self.assertEqual(channel.data, {})
def test_reflection_point_dont_startswith(self): channel = Channel({ 'url': 'http://127.0.0.1:15001/startswith/mako?inj=*&startswith=thismustexists', 'force_level': [0, 0], 'injection_tag': '*' }) detect_template_injection(channel, [Mako]) self.assertEqual(channel.data, {})
def test_reflection_multiple_point_no_tag(self): channel = Channel({ 'url': 'http://127.0.0.1:15001/reflect/mako?inj=asd&inj2=asd2', 'force_level': [0, 0], 'injection_tag': '*' }) detect_template_injection(channel, [Mako]) del channel.data['os'] self.assertEqual(channel.data, self.expected_data)
def test_wrong_auth_reflection(self): channel = Channel({ 'url' : 'http://localhost:15001/reflect_cookieauth/mako?inj=asd*', 'force_level': [ 0, 0 ], 'headers' : [ 'Cookie: SID=WRONGSECRET' ], 'injection_tag': '*', 'technique': 'R' }) detect_template_injection(channel, [ Mako ]) self.assertEqual(channel.data, {})
def test_reflection_point_startswith(self): channel = Channel({ 'url' : 'http://127.0.0.1:15001/startswith/mako?inj=thismustexists*&startswith=thismustexists', 'force_level': [ 0, 0 ], 'injection_tag': '*', 'technique': 'R' }) detect_template_injection(channel, [ Mako ]) del channel.data['os'] self.assertEqual(channel.data, self.expected_data)
def test_custom_injection_tag(self): template = '%s' channel = Channel({ 'url': 'http://127.0.0.1:15001/reflect/mako?tpl=%s&inj=~', 'force_level': [0, 0], 'injection_tag': '~' }) detect_template_injection(channel, [Mako]) del channel.data['os'] self.assertEqual(channel.data, self.expected_data)
def test_header_reflection(self): template = '%s' channel = Channel({ 'url': 'http://127.0.0.1:15001/header/mako', 'force_level': [0, 0], 'headers': ['User-Agent: *'], 'injection_tag': '*' }) detect_template_injection(channel, [Mako]) del channel.data['os'] self.assertEqual(channel.data, self.expected_data)
def test_post_reflection(self): template = '%s' channel = Channel({ 'url': 'http://127.0.0.1:15001/post/mako', 'force_level': [0, 0], 'data': 'inj=*&othervar=1', 'injection_tag': '*' }) detect_template_injection(channel, [Mako]) del channel.data['os'] self.assertEqual(channel.data, self.expected_data)
def test_reflection_multiple_point(self): template = '%s' channel = Channel({ 'url' : 'http://127.0.0.1:15001/reflect/mako?tpl=%s&asd=1&asd2=*&inj=*&inj2=*&inj3=*', 'force_level': [ 0, 0 ], 'injection_tag': '*' }) detect_template_injection(channel, [ Mako ]) del channel.data['os'] self.assertEqual(channel.data, self.expected_data)
def test_url_reflection(self): channel = Channel({ 'url' : 'http://127.0.0.1:15001/url/mako/AA*AA', 'force_level': [ 0, 0 ], 'injection_tag': '*', 'technique': 'R' }) detect_template_injection(channel, [ Mako ]) del channel.data['os'] self.assertEqual(channel.data, self.expected_data)
def test_custom_injection_tag(self): template = '{* %s *}' channel = Channel({ 'url' : self.url.replace('*', '~') % template, 'force_level': [ 5, 5 ], 'injection_tag': '~' }) detect_template_injection(channel, [ self.plugin ]) expected_data = self.expected_data.copy() expected_data.update({ 'prefix': '*}', 'suffix' : '{*'}) self.assertEqual(channel.data, expected_data)
def test_custom_injection_tag(self): template = '{* %s *}' channel = Channel({ 'url' : self.url.replace('*', '~') % template, 'force_level': [ 5, 5 ], 'injection_tag': '~', 'technique': 'RT' }) detect_template_injection(channel, [ self.plugin ]) expected_data = self.expected_data.copy() expected_data.update({ 'prefix': '*}', 'suffix' : '{*'}) self.assertEqual(channel.data, expected_data)
def test_custom_injection_tag(self): template = '/* %s */' channel = Channel({ 'url': self.url.replace('*', '~') % template, 'force_level': [5, 0], 'injection_tag': '~', 'technique': 'RT' }) detect_template_injection(channel, [self.plugin]) expected_data = self.expected_data.copy() expected_data.update({'prefix': '*/', 'suffix': '/*'}) del channel.data['os'] self.assertEqual(channel.data, expected_data)
def test_quotes(self): channel = Channel({ 'url': 'http://127.0.0.1:15001/reflect/mako?inj=asd', 'force_level': [0, 0], 'injection_tag': '*' }) obj = detect_template_injection(channel, [Mako]) result = obj.execute("""echo 1"2"'3'\\"\\'""") self.assertEqual(result, """123"'""") channel = Channel({ 'url': 'http://127.0.0.1:15001/blind/mako?inj=asd', 'force_level': [0, 0], 'injection_tag': '*' }) obj = detect_template_injection(channel, [Mako]) self.assertTrue(obj.execute_blind("""echo 1"2"'3'\\"\\'"""))
def _get_detection_obj_data(self, url, level = 0, closure_level = 0): channel = Channel({ 'url' : url, 'force_level': [ level, closure_level ], 'injection_tag': '*' }) obj = detect_template_injection(channel, [ self.plugin ]) # Delete OS to make the tests portable if 'os' in channel.data: del channel.data['os'] return obj, channel.data
def _get_detection_obj_data(self, url, level = 0, closure_level = 0, technique = 'RT'): channel = Channel({ 'url' : url, 'force_level': [ level, closure_level ], 'injection_tag': '*', 'technique': technique }) obj = detect_template_injection(channel, [ self.plugin ]) # Delete OS to make the tests portable if 'os' in channel.data: del channel.data['os'] return obj, channel.data