action = formDetails["action"] if checkStringContainKey(action,negKeywords)==False:#check the Negative keywords to filter out non-sensitive data if formDetails["method"].lower() == "get":# form is a get form, it cannot #load possible exploit payloads(may generate from phase2) with open('evaluation.json') as evaluates: evalData = json.load(evaluates) for item in evalData: ssciForm = Form(url, formDetails) # print '!!!!!formLength' # print len(ssciForm.formdata["parameter"]) parameters = ssciForm.formdata["parameter"] for name in parameters.keys(): # print 'name1:', name # print 'value:', parameters[name] valid_parameters = dict(ssciForm.fill_entries(payload=evalData[item], paramkey=name)) # print 'parameters!!!' # print valid_parameters try: newParam = '' r = client.get(action, params=urlencode(valid_parameters)) if r != None: if r.status_code == 200: # print r.content # print r.url injectSuccess = False if item == 'LFI1': if "root:/bin/bash" in r.content \ or 'root:/bin/sh' in r.content: print "injection success1!"
args, url, method = fill_login_form(response.url, response.content, login_user, login_pass) loginResponse = client.post(url, data=args, headers=dict(Referer=start_urls)) pprint(loginResponse) jsonform = [] if "Invalid" in response.content: pprint("Login failed") else: pprint("login successful") for formDetails in data: url = formDetails["url"] action = formDetails["action"] if checkStringContainKey(action,negKeywords)==False:#check the Negative keywords to filter out non-sensitive data if formDetails["method"].lower() == "get":# form is a get form, it cannot csrfForm = Form(url,formDetails) valid_parameters = dict(csrfForm.fill_entries()) try: r = client.get(action,params=urlencode(valid_parameters)) if r != None: if r.status_code == 200: #formDetails["url"] = url formDetails["parameter"] = valid_parameters if len(valid_parameters) != 0: jsonform.append(formDetails) #pprint("post form "+csrfForm.formdata["action"] + " is vulnerable to CSRF") continue except : '' elif formDetails["method"].lower() == "post":# form is a post form, check for CSRF csrfForm = Form(url,formDetails)
pprint(loginResponse) jsonform = [] if "Invalid" in response.content: pprint("Login failed") else: pprint("login successful") for formDetails in data: url = formDetails["url"] action = formDetails["action"] if checkStringContainKey( action, negKeywords ) == False: #check the Negative keywords to filter out non-sensitive data if formDetails["method"].lower( ) == "get": # form is a get form, it cannot csrfForm = Form(url, formDetails) valid_parameters = dict(csrfForm.fill_entries()) try: r = client.get(action, params=urlencode(valid_parameters)) if r != None: if r.status_code == 200: #formDetails["url"] = url formDetails["parameter"] = valid_parameters if len(valid_parameters) != 0: jsonform.append(formDetails) #pprint("post form "+csrfForm.formdata["action"] + " is vulnerable to CSRF") continue except: '' elif formDetails["method"].lower(