def test_no_reflection(self):
channel = Channel({
'url': 'http://127.0.0.1:15001/reflect/mako?inj2=asd2',
'force_level': [0, 0],
'injection_tag': '*'
})
detect_template_injection(channel, [Mako])
self.assertEqual(channel.data, {})
def test_reflection_point_dont_startswith(self):
channel = Channel({
'url':
'http://127.0.0.1:15001/startswith/mako?inj=*&startswith=thismustexists',
'force_level': [0, 0],
'injection_tag': '*'
})
detect_template_injection(channel, [Mako])
self.assertEqual(channel.data, {})
def test_reflection_multiple_point_no_tag(self):
channel = Channel({
'url': 'http://127.0.0.1:15001/reflect/mako?inj=asd&inj2=asd2',
'force_level': [0, 0],
'injection_tag': '*'
})
detect_template_injection(channel, [Mako])
del channel.data['os']
self.assertEqual(channel.data, self.expected_data)
def test_wrong_auth_reflection(self):
channel = Channel({
'url' : 'http://localhost:15001/reflect_cookieauth/mako?inj=asd*',
'force_level': [ 0, 0 ],
'headers' : [ 'Cookie: SID=WRONGSECRET' ],
'injection_tag': '*',
'technique': 'R'
})
detect_template_injection(channel, [ Mako ])
self.assertEqual(channel.data, {})
def test_reflection_point_startswith(self):
channel = Channel({
'url' : 'http://127.0.0.1:15001/startswith/mako?inj=thismustexists*&startswith=thismustexists',
'force_level': [ 0, 0 ],
'injection_tag': '*',
'technique': 'R'
})
detect_template_injection(channel, [ Mako ])
del channel.data['os']
self.assertEqual(channel.data, self.expected_data)
def test_custom_injection_tag(self):
template = '%s'
channel = Channel({
'url': 'http://127.0.0.1:15001/reflect/mako?tpl=%s&inj=~',
'force_level': [0, 0],
'injection_tag': '~'
})
detect_template_injection(channel, [Mako])
del channel.data['os']
self.assertEqual(channel.data, self.expected_data)
def test_header_reflection(self):
template = '%s'
channel = Channel({
'url': 'http://127.0.0.1:15001/header/mako',
'force_level': [0, 0],
'headers': ['User-Agent: *'],
'injection_tag': '*'
})
detect_template_injection(channel, [Mako])
del channel.data['os']
self.assertEqual(channel.data, self.expected_data)
def test_post_reflection(self):
template = '%s'
channel = Channel({
'url': 'http://127.0.0.1:15001/post/mako',
'force_level': [0, 0],
'data': 'inj=*&othervar=1',
'injection_tag': '*'
})
detect_template_injection(channel, [Mako])
del channel.data['os']
self.assertEqual(channel.data, self.expected_data)
def test_reflection_multiple_point(self):
template = '%s'
channel = Channel({
'url' : 'http://127.0.0.1:15001/reflect/mako?tpl=%s&asd=1&asd2=*&inj=*&inj2=*&inj3=*',
'force_level': [ 0, 0 ],
'injection_tag': '*'
})
detect_template_injection(channel, [ Mako ])
del channel.data['os']
self.assertEqual(channel.data, self.expected_data)
def test_url_reflection(self):
channel = Channel({
'url' : 'http://127.0.0.1:15001/url/mako/AA*AA',
'force_level': [ 0, 0 ],
'injection_tag': '*',
'technique': 'R'
})
detect_template_injection(channel, [ Mako ])
del channel.data['os']
self.assertEqual(channel.data, self.expected_data)
def test_custom_injection_tag(self):
template = '{* %s *}'
channel = Channel({
'url' : self.url.replace('*', '~') % template,
'force_level': [ 5, 5 ],
'injection_tag': '~'
})
detect_template_injection(channel, [ self.plugin ])
expected_data = self.expected_data.copy()
expected_data.update({ 'prefix': '*}', 'suffix' : '{*'})
self.assertEqual(channel.data, expected_data)
def test_custom_injection_tag(self):
template = '{* %s *}'
channel = Channel({
'url' : self.url.replace('*', '~') % template,
'force_level': [ 5, 5 ],
'injection_tag': '~',
'technique': 'RT'
})
detect_template_injection(channel, [ self.plugin ])
expected_data = self.expected_data.copy()
expected_data.update({ 'prefix': '*}', 'suffix' : '{*'})
self.assertEqual(channel.data, expected_data)
def test_custom_injection_tag(self):
template = '/* %s */'
channel = Channel({
'url': self.url.replace('*', '~') % template,
'force_level': [5, 0],
'injection_tag': '~',
'technique': 'RT'
})
detect_template_injection(channel, [self.plugin])
expected_data = self.expected_data.copy()
expected_data.update({'prefix': '*/', 'suffix': '/*'})
del channel.data['os']
self.assertEqual(channel.data, expected_data)
def test_quotes(self):
channel = Channel({
'url': 'http://127.0.0.1:15001/reflect/mako?inj=asd',
'force_level': [0, 0],
'injection_tag': '*'
})
obj = detect_template_injection(channel, [Mako])
result = obj.execute("""echo 1"2"'3'\\"\\'""")
self.assertEqual(result, """123"'""")
channel = Channel({
'url': 'http://127.0.0.1:15001/blind/mako?inj=asd',
'force_level': [0, 0],
'injection_tag': '*'
})
obj = detect_template_injection(channel, [Mako])
self.assertTrue(obj.execute_blind("""echo 1"2"'3'\\"\\'"""))
def _get_detection_obj_data(self, url, level = 0, closure_level = 0):
channel = Channel({
'url' : url,
'force_level': [ level, closure_level ],
'injection_tag': '*'
})
obj = detect_template_injection(channel, [ self.plugin ])
# Delete OS to make the tests portable
if 'os' in channel.data:
del channel.data['os']
return obj, channel.data
def _get_detection_obj_data(self, url, level = 0, closure_level = 0, technique = 'RT'):
channel = Channel({
'url' : url,
'force_level': [ level, closure_level ],
'injection_tag': '*',
'technique': technique
})
obj = detect_template_injection(channel, [ self.plugin ])
# Delete OS to make the tests portable
if 'os' in channel.data:
del channel.data['os']
return obj, channel.data
