예제 #1
0
    def _hasNoBug(self, plugin_name, kb_name, uri, variable):
        '''
        Verify if a (uri, variable) has a reported vulnerability in the kb or not.
        
        @parameter plugin_name: The name of the plugin that supposingly reported the vulnerability
        @parameter kb_name: The name of the variable in the kb, where the vulnerability was saved.
        
        @parameter uri: The url object where we should search for bugs.
        @parameter variable: The variable that is queried for bugs.
        
        @return: True if the (uri, variable) has NO vulnerabilities reported.
        '''
        vuln_list = kb.getData(plugin_name, kb_name)
        url = uri.uri2url()

        for vuln in vuln_list:
            if vuln.getVar() == variable and vuln.getURL().uri2url() == url:
                return False

        return True
 def _hasNoBug( self, plugin_name, kb_name, uri, variable ):
     '''
     Verify if a (uri, variable) has a reported vulnerability in the kb or not.
     
     @parameter plugin_name: The name of the plugin that supposingly reported the vulnerability
     @parameter kb_name: The name of the variable in the kb, where the vulnerability was saved.
     
     @parameter uri: The url object where we should search for bugs.
     @parameter variable: The variable that is queried for bugs.
     
     @return: True if the (uri, variable) has NO vulnerabilities reported.
     '''
     vuln_list = kb.getData( plugin_name , kb_name )
     url = uri.uri2url()
     
     for vuln in vuln_list:
         if vuln.getVar() == variable and vuln.getURL().uri2url() == url:
             return False
             
     return True
예제 #3
0
 def end( self ):
     '''
     This method is called to check for permanent Xss. 
     Many times a xss isn't on the page we get after the GET/POST of the xss string.
     This method searches for the xss string on all the pages that are available.
     
     @return: None, vulns are saved to the kb.
     '''
     # self._tm.join( self )
     if self._check_stored_xss:
         for fuzzable_request in self._fuzzableRequests:
             response = self._sendMutant(fuzzable_request, analyze=False,
                                         useCache=False)
             
             for mutant, mutant_response_id in self._xssMutants:
                 # Remember that httpResponse objects have a faster "__in__" than
                 # the one in strings; so string in response.getBody() is slower than
                 # string in response                    
                 if mutant.getModValue() in response:
                     
                     v = vuln.vuln( mutant )
                     v.setPluginName(self.getName())
                     v.setURL( fuzzable_request.getURL() )
                     v.setDc( fuzzable_request.getDc() )
                     v.setMethod( fuzzable_request.getMethod() )
                     
                     v['permanent'] = True
                     v['write_payload'] = mutant
                     v['read_payload'] = fuzzable_request
                     v.setName( 'Permanent cross site scripting vulnerability' )
                     v.setSeverity(severity.HIGH)
                     msg = 'Permanent Cross Site Scripting was found at: ' + response.getURL()
                     msg += ' . Using method: ' + v.getMethod() + '. The XSS was sent to the'
                     msg += ' URL: ' + mutant.getURL()+ '. ' + mutant.printModValue()
                     v.setDesc( msg )
                     v.setId( [response.id, mutant_response_id] )
                     v.addToHighlight( mutant.getModValue() )
                     kb.append( self, 'xss', v )
                     break
     
     self.printUniq( kb.getData( 'xss', 'xss' ), 'VAR' )