def audit(self, freq ): ''' Tests an URL for xsrf vulnerabilities. @param freq: A fuzzableRequest ''' om.out.debug( 'xsrf plugin is testing: ' + freq.getURL() ) # Vulnerable by definition if freq.getMethod() == 'GET' and freq.getURI().hasQueryString(): # Now check if we already added this target URL to the list already_added = [ v.getURL() for v in self._vuln_simple ] if freq.getURL() not in already_added: # Vulnerable and not in list, add: v = vuln.vuln() v.setPluginName(self.getName()) v.setURL( freq.getURL() ) v.setDc( freq.getDc() ) v.setName( 'Cross site request forgery vulnerability' ) v.setSeverity(severity.LOW) v.setMethod( freq.getMethod() ) desc = 'The URL: ' + freq.getURL() + ' is vulnerable to cross-' desc += 'site request forgery.' v.setDesc( desc ) self._vuln_simple.append( v ) # This is a POST request that can be sent using a GET and querystring # Vulnerable by definition elif freq.getMethod() =='POST' and len ( freq.getDc() ) and \ isExchangable( self._uri_opener, freq ): # Now check if we already added this target URL to the list already_added = [ v.getURL() for v in self._vuln_complex ] if freq.getURL() not in already_added: # Vulnerable and not in list, add: v = vuln.vuln() v.setPluginName(self.getName()) v.setURL( freq.getURL() ) v.setSeverity(severity.LOW) v.setDc( freq.getDc() ) v.setName( 'Cross site request forgery vulnerability' ) v.setMethod( freq.getMethod() ) msg = 'The URL: ' + freq.getURL() + ' is vulnerable to cross-' msg += 'site request forgery. It allows the attacker to exchange' msg += ' the method from POST to GET when sendin data to the' msg += ' server.' v.setDesc( msg ) self._vuln_complex.append( v )