def _verify_vuln( self, vuln_obj ): ''' This command verifies a vuln. This is really hard work! @parameter vuln_obj: The vulnerability to exploit. @return : True if vuln can be exploited. ''' # Get the shells extension = vuln_obj.getURL().getExtension() # I get a list of tuples with code and extension to use shell_code_list = shell_handler.get_shell_code( extension ) for code, real_extension in shell_code_list: # Prepare for exploitation... function_reference = getattr( self._urlOpener , vuln_obj.getMethod() ) data_container = vuln_obj.getDc() data_container[ vuln_obj.getVar() ] = code try: http_res = function_reference( vuln_obj.getURL(), str(data_container) ) except Exception: continue else: cut_result = self._define_exact_cut( http_res.getBody(), shell_handler.SHELL_IDENTIFIER ) if cut_result: self._shell_code = code return True # All failed! return False
def _verify_vuln(self, vuln_obj): ''' This command verifies a vuln. This is really hard work! :param vuln_obj: The vulnerability to exploit. :return : True if vuln can be exploited. ''' # Get the shells extension = vuln_obj.get_url().get_extension() # I get a list of tuples with code and extension to use shell_code_list = shell_handler.get_shell_code(extension) for code, real_extension in shell_code_list: # Prepare for exploitation... function_reference = getattr(self._uri_opener, vuln_obj.get_method()) data_container = vuln_obj.get_dc() data_container[vuln_obj.get_var()] = code try: http_res = function_reference(vuln_obj.get_url(), str(data_container)) except w3afException, w3: msg = 'An error ocurred while trying to exploit the eval()'\ ' vulnerability. Original exception: "%s".' om.out.debug(msg % w3) else: if shell_handler.SHELL_IDENTIFIER in http_res.get_body(): msg = 'Sucessfully exploited eval() vulnerability using'\ ' the following code snippet: "%s...".' % code[:35] om.out.debug(msg) self._shell_code = code return True
def test_get_shell_code_invalid_extension(self): shells = get_shell_code('123456') self.assertEqual(len(shells), 1) php_shell_code, lang = shells[0] self.assertEqual(lang, 'php') self.assertIn('echo ', php_shell_code)
def test_get_shell_code_extension_force(self): shells = get_shell_code('php', True) self.assertEqual(len(shells), 1) php_shell_code, lang = shells[0] self.assertEqual(lang, 'php') self.assertIn('echo ', php_shell_code)
def test_get_shell_code_invalid_extension(self): shells = get_shell_code("123456") self.assertEqual(len(shells), 1) php_shell_code, lang = shells[0] self.assertEqual(lang, "php") self.assertIn("echo ", php_shell_code)
def test_get_shell_code_extension_force(self): shells = get_shell_code("php", True) self.assertEqual(len(shells), 1) php_shell_code, lang = shells[0] self.assertEqual(lang, "php") self.assertIn("echo ", php_shell_code)