def test_add_HTTPQSRequest(self): ds = disk_set() uri = url_object('http://w3af.org/?id=2') qsr1 = HTTPQSRequest(uri, method='GET', headers={'Referer': 'http://w3af.org/'}) uri = url_object('http://w3af.org/?id=3') qsr2 = HTTPQSRequest(uri, method='GET', headers={'Referer': 'http://w3af.com/'}) uri = url_object('http://w3af.org/?id=7') qsr3 = HTTPQSRequest(uri, method='FOO', headers={'Referer': 'http://w3af.com/'}) ds.add( qsr1 ) ds.add( qsr2 ) ds.add( qsr2 ) ds.add( qsr1 ) self.assertEqual( ds[0] , qsr1) self.assertEqual( ds[1] , qsr2) self.assertFalse( qsr3 in ds ) self.assertTrue( qsr2 in ds ) self.assertEqual( len(ds) , 2) # This forces an internal change in the URL object qsr2.getURL().url_string self.assertTrue( qsr2 in ds )
def fastExploit( self ): ''' Exploits a web app with [blind] sql injections vulns. The options are configured using the plugin options and setOptions() method. ''' om.out.debug( 'Starting sql_webshell fastExploit.' ) if any( lambda attr: attr is None, (self._url, self._method, self._data, self._injvar) ): raise w3afException('You have to configure the plugin parameters') else: if self._method == 'POST': freq = httpPostDataRequest(self._url) elif self._method == 'GET': freq = HTTPQSRequest(self._url) else: raise w3afException('Method not supported.') freq.setDc(parse_qs(self._data)) bsql = blind_sqli_response_diff(self._uri_opener) bsql.set_eq_limit(self._eq_limit) fake_mutants = createMutants(freq, [''], fuzzableParamList=[self._injvar,]) for mutant in fake_mutants: vuln_obj = bsql.is_injectable(mutant) if vuln_obj is not None: om.out.console('SQL injection verified, trying to create the DB driver.') # Try to get a shell using all vuln msg = 'Trying to exploit using vulnerability with id: ' + str(vuln_obj.getId()) msg += '. Please wait...' om.out.console(msg) shell_obj = self._generateShell(vuln_obj) if shell_obj is not None: kb.kb.append(self, 'shell', shell_obj) return [shell_obj, ] else: raise w3afException('No exploitable vulnerabilities found.')