def check_on_lfi(self, task, thread_no):
"""
线程执行函数,检测单个URL上的LFI漏洞
:task: (url, is_post, code, depth)的元组
:thread_no: 当前线程号
"""
url, query = extract_path_query(task[0])
is_post = task[1]
# 对payload中的所有payload挨个检查,一个成功则退出
for payload in self.payloads:
# 检测到退出标志置位,退出
if self.exit_flag:
self.log(['Thread killed, abort on %s' % task[0]], DEBUG)
break
# 发送payload,检查参数位置
index = send_payload(url, is_post, query, payload,
self.analyze_lfi_result, self.cookie)
if index == -1:
continue
# 打印,并保存payload
self.log([
'[VULNERABLE] ' + task[0], ' [LOCATION] ' + query[index][0],
' [PAYLOAD] ' + payload
], not DEBUG)
self.kb.save_data(LFI, (task[0], query[index][0], payload, 'LFI'))
break
else:
self.log(['[INVULNERABLE] ' + task[0]], DEBUG)
def check_on_url_redirect(self, task, thread_no):
"""
线程执行函数,检测单个URL上的URL跳转漏洞
:task: (url, is_post, code, depth)的元组
:thread_no: 当前线程号
"""
url, query = extract_path_query(task[0])
is_post = task[1]
# 对payload中的所有payload挨个检查,一个成功则退出
for payload in self.payloads:
# 检测到退出标志置位,退出
if self.exit_flag:
self.log(['Thread killed, abort on %s' % task[0]], DEBUG)
break
# 发送payload,检查参数位置
index = send_payload(url, is_post, query, payload, self.analyze_urlredirect_result, self.cookie)
if index == -1:
continue
# 打印,并保存payload
self.log(['[VULNERABLE] ' + task[0], '[LOCATION] ' + query[index][0], '[PAYLOAD] ' + payload], not DEBUG)
self.kb.save_data(URL_REDIRECT, (task[0], query[index][0], payload, 'URL_REDIRECT'))
break
else:
self.log(['[INVULNERABLE] ' + task[0]], DEBUG)