Python exact_delay 예제들

프로그래밍 언어: Python

네임스페이스/패키지 이름: core.controllers.delay_detection.exact_delay

메소드/함수: exact_delay

hotexamples.com에서의 예제들: 3

Python exact_delay - 3개의 예제가 발견되었습니다. 이것들은 오픈소스 프로젝트에서 추출된 Python의 core.controllers.delay_detection.exact_delay.exact_delay에 대한 실세계 최고 등급의 예제들입니다. 예제들을 평가하여 예제의 품질 향상에 도움을 줄 수 있습니다.

예제 #1

파일 보기

파일: blind_sqli_time_delay.py 프로젝트: 1d3df9903ad/w3af

 def is_injectable( self, mutant ):
     '''
     Check if this mutant is delay injectable or not.
     
     @mutant: The mutant object that I have to inject to
     @return: A vulnerability object or None if nothing is found
     '''
     for delay_obj in self._get_delays():
         
         ed = exact_delay(mutant, delay_obj, self._uri_opener)
         success, responses = ed.delay_is_controlled()
         
         if success:
             # Now I can be sure that I found a vuln, we control the response
             # time with the delay
             v = vuln.vuln( mutant )
             v.setName( 'Blind SQL injection vulnerability' )
             v.setSeverity(severity.HIGH)
             desc = 'Blind SQL injection using time delays was found at: %s'
             desc = desc % mutant.foundAt()
             v.setDesc( desc )
             v.setDc( mutant.getDc() )
             v.setId( [r.id for r in responses ] )
             v.setURI( r.getURI() )
             
             om.out.debug( v.getDesc() )
 
             return v
             
     return None

예제 #2

파일 보기

파일: osCommanding.py 프로젝트: 1d3df9903ad/w3af

 def _with_time_delay(self, freq):
     '''
     Tests an URL for OS Commanding vulnerabilities using time delays.
     
     @param freq: A fuzzableRequest
     '''
     fake_mutants = createMutants(freq, ['',])
     
     for mutant in fake_mutants:
         
         if self._has_bug(mutant):
             continue
         
         for delay_obj in self._get_wait_commands():
             
             ed = exact_delay(mutant, delay_obj, self._uri_opener)
             success, responses = ed.delay_is_controlled()
             
             if success:
                 v = vuln.vuln( mutant )
                 v.setPluginName(self.getName())
                 v.setName( 'OS commanding vulnerability' )
                 v.setSeverity(severity.HIGH)
                 v['os'] = delay_obj.get_OS()
                 v['separator'] = delay_obj.get_separator()
                 v.setDesc( 'OS Commanding was found at: ' + mutant.foundAt() )
                 v.setDc( mutant.getDc() )
                 v.setId( [r.id for r in responses] )
                 v.setURI( r.getURI() )
                 kb.kb.append( self, 'osCommanding', v )
                 
                 break

예제 #3

파일 보기

파일: eval.py 프로젝트: sanzomaldini/w3af

    def _fuzz_with_time_delay(self, freq):
        """
        Tests an URL for eval() usage vulnerabilities using time delays.
        @param freq: A fuzzableRequest
        """
        fake_mutants = createMutants(freq, [""])

        for mutant in fake_mutants:

            if self._has_bug(mutant):
                continue

            for delay_obj in self.WAIT_OBJ:

                ed = exact_delay(mutant, delay_obj, self._uri_opener)
                success, responses = ed.delay_is_controlled()

                if success:
                    v = vuln.vuln(mutant)
                    v.setPluginName(self.getName())
                    v.setId([r.id for r in responses])
                    v.setSeverity(severity.HIGH)
                    v.setName("eval() input injection vulnerability")
                    v.setDesc("eval() input injection was found at: " + mutant.foundAt())
                    kb.kb.append(self, "eval", v)
                    break