Class: Arachni::Modules::Audit::SimpleCmdExec

Inherits:
Arachni::Module::Base show all
Includes:
Arachni::Module::Registrar, Arachni::UI::Output
Defined in:
modules/audit/simple_cmd_exec.rb

Overview

Simple shell command injection module.
It audits links, forms and cookies.

@author: Anastasios “Zapotek” Laskos 

                                     <tasos.laskos@gmail.com>
                                     <zapotek@segfault.gr>

@version: $Rev: 371 $

See Also:

Class Method Summary (collapse)

Instance Method Summary (collapse)

Methods included from Arachni::Module::Registrar

#add_storage, #get_storage, #get_store, included, #register_results

Methods included from Arachni::UI::Output

#debug!, #debug?, #only_positives!, #only_positives?, #print_debug, #print_debug_backtrace, #print_debug_pp, #print_error, #print_info, #print_line, #print_ok, #print_status, #print_verbose, #verbose!, #verbose?

Methods inherited from Arachni::Module::Base

#clean_up, deps, #get_cookie_simple, #get_cookies, #get_cookies_simple, #get_data_file, #get_form_simple, #get_forms, #get_forms_simple, #get_links, #get_links_simple, #get_request_headers, #get_response_headers, #prepare

Methods included from Arachni::Module::Auditor

#audit_cookies, #audit_forms, #audit_headers, #audit_links, #get_matches, #inject_each_var

Methods included from Arachni::Module::Trainer

#train

Methods included from Arachni::Module::ElementDB

#init_cookies, #init_forms, #init_links, #update_cookies, #update_forms, #update_links, #work_on_cookies, #work_on_forms, #work_on_links

Constructor Details

- (SimpleCmdExec) initialize(page)

A new instance of SimpleCmdExec 



36
37
38
39
40
41
42
43
44
 
# File 'modules/audit/simple_cmd_exec.rb', line 36

def initialize( page )
    super( page )

    @__cmd_id_regex   = /100434/ixm
    @__cmd_id         = '100434'
    @__injection_str  = '; expr 978 + 99456'
    
    @results = []
end

Class Method Details

+ (Object) info 



67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
 
# File 'modules/audit/simple_cmd_exec.rb', line 67

def self.info
    {
        'Name'           => 'SimpleCmdExec',
        'Description'    => %q{Simple shell command execution recon module},
        'Elements'       => [
            Vulnerability::Element::FORM,
            Vulnerability::Element::LINK,
            Vulnerability::Element::COOKIE
        ],
        'Author'         => 'zapotek',
        'Version'        => '$Rev: 371 $',
        'References'     => {
             'OWASP'         => 'http://www.owasp.org/index.php/OS_Command_Injection'
        },

        'Targets'        => { 'PHP' => 'all' },
            
        'Vulnerability'   => {
            'Name'        => %q{OS command injection},
            'Description' => %q{The web application allows an attacker to
                execute OS commands.},
            'CWE'         => '78',
            'Severity'    => Vulnerability::Severity::HIGH,
            'CVSSV2'       => '9.0',
            'Remedy_Guidance'    => '',
            'Remedy_Code' => '',
        }

    }
end

Instance Method Details

- (Object) run 



46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
 
# File 'modules/audit/simple_cmd_exec.rb', line 46

def run( )
    
    audit_links( @__injection_str, @__cmd_id_regex, @__cmd_id ).each {
        |res|
        @results << Vulnerability.new( res.merge( self.class.info ) )
    }

    audit_forms( @__injection_str, @__cmd_id_regex, @__cmd_id ).each {
        |res|
        @results << Vulnerability.new( res.merge( self.class.info ) )
    }

    audit_cookies( @__injection_str, @__cmd_id_regex, @__cmd_id ).each {
        |res|
        @results << Vulnerability.new( res.merge( self.class.info ) )
    }
    
    register_results( @results )
end