Exemplo n.º 1
0
 def php(code):
     vulns = []
     for idx, cd in enumerate(code):
         pattern = re.findall(r"unserialize\(\S*\)", cd, re.I)
         if pattern != []:
             vulns.append({"line": idx, "match": pattern[0] })
             utils.printLine(idx, "PHP Object Injection", pattern[0])
     return vulns
Exemplo n.º 2
0
 def ope(code):
     vulns = []
     for idx, cd in enumerate(code):
         pattern = re.findall(r"wp_redirect\(\S*\)", cd, re.I)
         if pattern != []:
             vulns.append({"line": idx, "match": pattern[0] })
             utils.printLine(idx, "Open Redirect", pattern[0])
     return vulns
Exemplo n.º 3
0
 def auth(code):
     blacklist = [r'is_admin\(\S*\)', r'is_user_admin\(\S*\)']
     vulns = []
     for bl in blacklist:
         for idx, cd in enumerate(code):
             pattern = re.findall(bl, cd, re.I)
             if pattern != []:
                 vulns.append({"line": idx, "match": pattern[0] })
                 utils.printLine(idx, "Authorization Hole", pattern[0])
     return vulns
Exemplo n.º 4
0
 def pce(code):
     blacklist = [r'eval\(\S*\)', r'assert\(\S*\)', r'preg_replace\(\S*\)']
     vulns = []
     for bl in blacklist:
         for idx, cd in enumerate(code):
             pattern = re.findall(bl, cd, re.I)
             if pattern != []:
                 vulns.append({"line": idx, "match": pattern[0] })
                 utils.printLine(idx, "PHP Code Execution", pattern[0])
     return vulns
Exemplo n.º 5
0
 def fin(code):
     blacklist = [r'include\(\S*\)', r'require\(\S*\)',
                  r'include_once\(\S*\)', r'require_once\(\S*\)', r'fread\(\S*\)']
     vulns = []
     for bl in blacklist:
         for idx, cd in enumerate(code):
             pattern = re.findall(bl, cd, re.I)
             if pattern != []:
                 vulns.append({"line": idx, "match": pattern[0] })
                 utils.printLine(idx, "File Inclusion", pattern[0])
     return vulns
Exemplo n.º 6
0
 def csrf(code):
     blacklist = [r'wp_nonce_field\(\S*\)', r'wp_nonce_url\(\S*\)',
                  r'wp_verify_nonce\(\S*\)', r'check_admin_referer\(\S*\)']
     vulns = []
     for bl in blacklist:
         for idx, cd in enumerate(code):
             pattern = re.findall(bl, cd, re.I)
             if pattern != []:
                 vulns.append({"line": idx, "match": pattern[0] })
                 utils.printLine(idx, "Cross-Site Request Forgery", pattern[0])
     return vulns
Exemplo n.º 7
0
 def com(code):
     blacklist = [r'system\(\S*\)', r'exec\(\S*\)',
                  r'passthru\(\S*\)', r'shell_exec\(\S*\)']
     vulns = []
     for bl in blacklist:
         for idx, cd in enumerate(code):
             pattern = re.findall(bl, cd, re.I)
             if pattern != []:
                 vulns.append({"line": idx, "match": pattern[0] })
                 utils.printLine(idx, "Command Execution", pattern[0])
     return vulns
Exemplo n.º 8
0
 def fid(code):
     blacklist = [r'file\(\S*\)', r'readfile\(\S*\)',
                  r'file_get_contents\(\S*\)']
     vulns = []
     for bl in blacklist:
         for idx, cd in enumerate(code):
             pattern = re.findall(bl, cd, re.I)
             if pattern != []:
                 vulns.append({"line": idx, "match": pattern[0] })
                 utils.printLine(idx, "File Download", pattern[0])
     return vulns
Exemplo n.º 9
0
 def xss(code):
     blacklist = [r'\$_GET\[\S*\]', r'\$_POST\[\S*\]', r'\$_REQUEST\[\S*\]', r'\$_SERVER\[\S*\]', r'\$_COOKIE\[\S*\]',
                  r'add_query_arg\(\S*\)', r'remove_query_arg\(\S*\)']
     vulns = []
     for bl in blacklist:
         for idx, cd in enumerate(code):
             pattern = re.findall(bl, cd, re.I)
             if pattern != []:
                 vulns.append({"line": idx, "match": pattern[0] })
                 utils.printLine(idx, "Cross-Site Scripting", pattern[0])
     return vulns
     
Exemplo n.º 10
0
 def sql(code):
     blacklist = [r'\$wpdb->query\(\S*\)', r'\$wpdb->get_var\(\S*\)', r'\$wpdb->get_row\(\S*\)', r'\$wpdb->get_col\(\S*\)',
                  r'\$wpdb->get_results\(\S*\)', r'\$wpdb->replace\(\S*\)', r'esc_sql\(\S*\)', r'escape\(\S*\)', r'esc_like\(\S*\)',
                  r'like_escape\(\S*\)']
     vulns = []
     for bl in blacklist:
         for idx, cd in enumerate(code):
             pattern = re.findall(bl, cd, re.I)
             if pattern != []:
                 vulns.append({"line": idx, "match": pattern[0] })
                 utils.printLine(idx, "Sql Injection", pattern[0])
     return vulns