Skip to content

Commit

Permalink
.
Browse files Browse the repository at this point in the history
  • Loading branch information
@kazet
kazet committed Oct 31, 2024
1 parent ac84c01 commit f1bb4e9
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 16 deletions.
3 changes: 3 additions & 0 deletions artemis/reporting/modules/nuclei/translations/nuclei_messages/pl_PL.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -998,6 +998,9 @@
"Redwood Report2Web 4.3.4.5 and 4.5.3 contains a cross-site scripting vulnerability in the login panel which allows remote attackers to inject JavaScript via the signIn.do urll parameter.": "Redwood Report2Web 4.3.4.5 i 4.5.3 zawiera podatność "
+ REFLECTED_XSS_DESCRIPTION
+ UPDATE_HINT,
"Keycloak 8.0 and prior contains a cross-site scripting vulnerability. An attacker can execute arbitrary script and thus steal cookie-based authentication credentials and launch other attacks.": "Keycloak w wersji 8.0 i wcześniejszych zawiera podatność "
+ REFLECTED_XSS_DESCRIPTION
+ UPDATE_HINT,
"Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in ThemePunch OHG Essential Grid plugin <= 3.1.0 versions.": "Wtyczka WordPress o nazwie ThemePunch OHG Essential Grid w wersji do 3.1.0 włącznie zawiera podatność "
+ REFLECTED_XSS_DESCRIPTION
+ WORDPRESS_UPDATE_HINT,
Expand Down
32 changes: 16 additions & 16 deletions test/modules/test_sql_injection_detector.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,14 +20,14 @@ def test_sql_injection_detector(self) -> None:
(call,) = self.mock_db.save_task_result.call_args_list

sqli_message = (
"http://test-apache-with-sql-injection-postgres/sql_injection.php?error='&event='&excerpt='&export='&f='&"
"http://test-apache-with-sql-injection-postgres:80/sql_injection.php?error='&event='&excerpt='&export='&f='&"
"features='&fid='&field='&field_id='&fields='&file='&file_name='&filename='&files='&filter='&firstname='&"
"first_name='&flag='&fname='&folder='&foo='&form='&format='&from='&function='&g='&gid='&gmt_offset='&go='"
"&group='&group_id='&groups='&h='&hash='&height='&hidden='&history='&host='&hostname='&html='&i='&id='&ID"
"='&id_base='&ids='&image='&img='&import='&index=': It appears that this URL is vulnerable to SQL injection"
)
time_base_sqli_message = (
"http://test-apache-with-sql-injection-postgres/sql_injection.php?error='||pg_sleep(5)||'&event='||pg_slee"
"http://test-apache-with-sql-injection-postgres:80/sql_injection.php?error='||pg_sleep(5)||'&event='||pg_slee"
"p(5)||'&excerpt='||pg_sleep(5)||'&export='||pg_sleep(5)||'&f='||pg_sleep(5)||'&features='||pg_sleep(5)||'"
"&fid='||pg_sleep(5)||'&field='||pg_sleep(5)||'&field_id='||pg_sleep(5)||'&fields='||pg_sleep(5)||'&file='|"
"|pg_sleep(5)||'&file_name='||pg_sleep(5)||'&filename='||pg_sleep(5)||'&files='||pg_sleep(5)||'&filter='||p"
Expand All @@ -42,11 +42,11 @@ def test_sql_injection_detector(self) -> None:
"at this URL is vulnerable to time-based SQL injection"
)
sqli_by_headers_message = (
"http://test-apache-with-sql-injection-postgres/headers_vuln.php: "
"http://test-apache-with-sql-injection-postgres:80/headers_vuln.php: "
"It appears that this URL is vulnerable to SQL injection through HTTP Headers"
)
time_base_sqli_by_headers_message = (
"http://test-apache-with-sql-injection-postgres/headers_vuln.php: "
"http://test-apache-with-sql-injection-postgres:80/headers_vuln.php: "
"It appears that this URL is vulnerable to time-based SQL injection through HTTP Headers"
)

Expand All @@ -58,16 +58,16 @@ def test_sql_injection_detector(self) -> None:
self.assertEqual(len(call.kwargs["data"]["result"]), 4)

def test_is_url_with_parameters(self) -> None:
url_with_payload = "http://test-apache-with-sql-injection-postgres?id=3"
current_url = "http://test-apache-with-sql-injection-postgres"
url_with_payload = "http://test-apache-with-sql-injection-postgres:80?id=3"
current_url = "http://test-apache-with-sql-injection-postgres:80"

self.assertTrue(self.karton_class.is_url_with_parameters(url_with_payload))
self.assertFalse(self.karton_class.is_url_with_parameters(current_url))

def test_are_request_efficient(self) -> None:
current_url = "http://test-apache-with-sql-injection-postgres/sql_injection.php?id=1"
url_with_sleep_payload = "http://test-apache-with-sql-injection-postgres/sql_injection.php?id='||pg_sleep(5)||'"
url_to_headers_vuln = "http://test-apache-with-sql-injection-postgres/headers_vuln.php"
current_url = "http://test-apache-with-sql-injection-postgres:80/sql_injection.php?id=1"
url_with_sleep_payload = "http://test-apache-with-sql-injection-postgres:80/sql_injection.php?id='||pg_sleep(5)||'"
url_to_headers_vuln = "http://test-apache-with-sql-injection-postgres:80/headers_vuln.php"

self.assertTrue(self.karton_class.are_requests_time_efficient(SqlInjectionDetector, current_url))
self.assertFalse(self.karton_class.are_requests_time_efficient(SqlInjectionDetector, url_with_sleep_payload))
Expand All @@ -78,9 +78,9 @@ def test_are_request_efficient(self) -> None:
)

def test_contains_error(self) -> None:
current_url = "http://test-apache-with-sql-injection-postgres/sql_injection.php?id=5"
url_with_payload = "http://test-apache-with-sql-injection-postgres/sql_injection.php?id='"
url_to_headers_vuln = "http://test-apache-with-sql-injection-postgres/headers_vuln.php"
current_url = "http://test-apache-with-sql-injection-postgres:80/sql_injection.php?id=5"
url_with_payload = "http://test-apache-with-sql-injection-postgres:80/sql_injection.php?id='"
url_to_headers_vuln = "http://test-apache-with-sql-injection-postgres:80/headers_vuln.php"

self.assertFalse(self.karton.contains_error(current_url, http_requests.get(current_url)))
self.assertTrue(self.karton.contains_error(url_with_payload, http_requests.get(url_with_payload)))
Expand All @@ -104,14 +104,14 @@ def test_sql_injection_detector(self) -> None:
(call,) = self.mock_db.save_task_result.call_args_list

sqli_message = (
"http://test-apache-with-sql-injection-mysql/sql_injection.php?error='&event='&excerpt='&export='&f='&feat"
"http://test-apache-with-sql-injection-mysql:80/sql_injection.php?error='&event='&excerpt='&export='&f='&feat"
"ures='&fid='&field='&field_id='&fields='&file='&file_name='&filename='&files='&filter='&firstname='&first"
"_name='&flag='&fname='&folder='&foo='&form='&format='&from='&function='&g='&gid='&gmt_offset='&go='&group"
"='&group_id='&groups='&h='&hash='&height='&hidden='&history='&host='&hostname='&html='&i='&id='&ID='&id_b"
"ase='&ids='&image='&img='&import='&index=': It appears that this URL is vulnerable to SQL injection"
)
time_base_sqli_message = (
"http://test-apache-with-sql-injection-mysql/sql_injection.php?error='||sleep(5)||'&event='||sleep(5)||'&e"
"http://test-apache-with-sql-injection-mysql:80/sql_injection.php?error='||sleep(5)||'&event='||sleep(5)||'&e"
"xcerpt='||sleep(5)||'&export='||sleep(5)||'&f='||sleep(5)||'&features='||sleep(5)||'&fid='||sleep(5)||'&f"
"ield='||sleep(5)||'&field_id='||sleep(5)||'&fields='||sleep(5)||'&file='||sleep(5)||'&file_name='||sleep("
"5)||'&filename='||sleep(5)||'&files='||sleep(5)||'&filter='||sleep(5)||'&firstname='||sleep(5)||'&first_n"
Expand All @@ -125,11 +125,11 @@ def test_sql_injection_detector(self) -> None:
"QL injection"
)
sqli_by_headers_message = (
"http://test-apache-with-sql-injection-mysql/headers_vuln.php: "
"http://test-apache-with-sql-injection-mysql:80/headers_vuln.php: "
"It appears that this URL is vulnerable to SQL injection through HTTP Headers"
)
time_base_sqli_by_headers_message = (
"http://test-apache-with-sql-injection-mysql/headers_vuln.php: "
"http://test-apache-with-sql-injection-mysql:80/headers_vuln.php: "
"It appears that this URL is vulnerable to time-based SQL injection "
"through HTTP Headers"
)
Expand Down

0 comments on commit f1bb4e9

Please sign in to comment.