def test_from_parts(self): u = URL.from_parts('http', 'w3af.com', '/foo/bar.txt', None, 'a=b', 'frag') self.assertEqual(u.path, '/foo/bar.txt') self.assertEqual(u.scheme, 'http') self.assertEqual(u.get_file_name(), 'bar.txt') self.assertEqual(u.get_extension(), 'txt')
def _create_file(self): ''' Create random name file php with random php content. To be used in the remote file inclusion test. :return: The file content to be served via the webserver. Please note that the generated code works both in PHP and JSP without any issues, since PHP will run everything between "<?" and "?>" and JSP will run code between "<%" and "%>". TODO: make this code compatible with: asp/aspx, jsp, js (nodejs), pl, py, rb, etc. Some code snippets that might help to achieve this task: asp_code = 'response.write("%s");\n response.write("%s");' % ( rand1, rand2) asp_code = '<% \n '+asp_code+'\n %>' ''' with self._plugin_lock: # First, generate the php file to be included. rfi_result_part_1 = rand1 = rand_alnum(9) rfi_result_part_2 = rand2 = rand_alnum(9) rfi_result = rand1 + rand2 filename = rand_alnum(8) php_jsp_code = '<? echo "%s"; echo "%s"; ?>' php_jsp_code += '<%% out.print("%s"); out.print("%s"); %%>' php_jsp_code = php_jsp_code % (rand1, rand2, rand1, rand2) # Define the required parameters netloc = self._listen_address + ':' + str(self._listen_port) path = '/' + filename rfi_url = URL.from_parts('http', netloc, path, None, None, None) rfi_data = RFIData( rfi_url, rfi_result_part_1, rfi_result_part_2, rfi_result) return php_jsp_code, rfi_data
def _create_file(self): ''' Create random name file php with random php content. To be used in the remote file inclusion test. :return: The file content to be served via the webserver. Please note that the generated code works both in PHP and JSP without any issues, since PHP will run everything between "<?" and "?>" and JSP will run code between "<%" and "%>". TODO: make this code compatible with: asp/aspx, jsp, js (nodejs), pl, py, rb, etc. Some code snippets that might help to achieve this task: asp_code = 'response.write("%s");\n response.write("%s");' % ( rand1, rand2) asp_code = '<% \n '+asp_code+'\n %>' ''' with self._plugin_lock: # First, generate the php file to be included. rfi_result_part_1 = rand1 = rand_alnum(9) rfi_result_part_2 = rand2 = rand_alnum(9) rfi_result = rand1 + rand2 filename = rand_alnum(8) php_jsp_code = '<? echo "%s"; echo "%s"; ?>' php_jsp_code += '<%% out.print("%s"); out.print("%s"); %%>' php_jsp_code = php_jsp_code % (rand1, rand2, rand1, rand2) # Define the required parameters netloc = self._listen_address + ':' + str(self._listen_port) path = '/' + filename rfi_url = URL.from_parts('http', netloc, path, None, None, None) rfi_data = RFIData(rfi_url, rfi_result_part_1, rfi_result_part_2, rfi_result) return php_jsp_code, rfi_data