Class: Watobo::Modules::Active::Sap::Its_xss

Inherits:
ActiveCheck
  • Object
show all
Defined in:
modules/active/sap/its_xss.rb

Constant Summary

Constants included from Constants

Constants::AC_GROUP_APACHE, Constants::AC_GROUP_DOMINO, Constants::AC_GROUP_ENUMERATION, Constants::AC_GROUP_FILE_INCLUSION, Constants::AC_GROUP_FLASH, Constants::AC_GROUP_GENERIC, Constants::AC_GROUP_JBOSS, Constants::AC_GROUP_JOOMLA, Constants::AC_GROUP_SAP, Constants::AC_GROUP_SQL, Constants::AC_GROUP_TYPO3, Constants::AC_GROUP_XSS, Constants::AUTH_TYPE_BASIC, Constants::AUTH_TYPE_DIGEST, Constants::AUTH_TYPE_NONE, Constants::AUTH_TYPE_NTLM, Constants::CHAT_SOURCE_AUTO_SCAN, Constants::CHAT_SOURCE_FUZZER, Constants::CHAT_SOURCE_INTERCEPT, Constants::CHAT_SOURCE_MANUAL, Constants::CHAT_SOURCE_MANUAL_SCAN, Constants::CHAT_SOURCE_PROXY, Constants::CHAT_SOURCE_UNDEF, Constants::DEFAULT_PORT_HTTP, Constants::DEFAULT_PORT_HTTPS, Constants::FINDING_TYPE_HINT, Constants::FINDING_TYPE_INFO, Constants::FINDING_TYPE_UNDEFINED, Constants::FINDING_TYPE_VULN, Constants::FIRST_TIME_FILE, Constants::GUI_REGULAR_FONT_SIZE, Constants::GUI_SMALL_FONT_SIZE, Constants::ICON_PATH, Constants::LOG_DEBUG, Constants::LOG_INFO, Constants::SCAN_CANCELED, Constants::SCAN_FINISHED, Constants::SCAN_PAUSED, Constants::SCAN_STARTED, Constants::TE_CHUNKED, Constants::TE_COMPRESS, Constants::TE_DEFLATE, Constants::TE_GZIP, Constants::TE_IDENTITY, Constants::TE_NONE, Constants::VULN_RATING_CRITICAL, Constants::VULN_RATING_HIGH, Constants::VULN_RATING_INFO, Constants::VULN_RATING_LOW, Constants::VULN_RATING_MEDIUM, Constants::VULN_RATING_UNDEFINED

Instance Method Summary collapse

Methods included from CheckInfoMixin::InfoMethods

#check_group, #check_name

Constructor Details

#initialize(project, prefs = {}) ⇒ Its_xss

Returns a new instance of Its_xss.


48
49
50
51
52
# File 'modules/active/sap/its_xss.rb', line 48

def initialize(project, prefs={})
  @project = project
  super(project, prefs)
  
end

Instance Method Details

#generateChecks(chat) ⇒ Object


54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
# File 'modules/active/sap/its_xss.rb', line 54

def generateChecks(chat)
  
  #
  #  Check GET-Parameters
  #
  begin
    
    if chat.request.url.to_s =~ /!$/ then 
      checker = proc{
      test = chat.copyRequest
      new_p = "~urlmime"
      new_v = "\"><script>alert('watobo')</script><img src=\""
      test.add_get_parm(new_p,new_v)
      
      test_request,test_response = doRequest(test,:default => true)
                      
      if test_response.join =~ /watobo/i then
        #test_chat = Chat.new(test,test_response,chat.id)
        addFinding(test_request,test_response,
        :test_item => chat.request.url.to_s,
               :check_pattern => "#{new_p}",
               :proof_pattern => "#{new_v}",
               :chat => chat,
               :title => new_p
                )
      end
      [ test_request, test_response ]
      }
      yield checker
    end            
    
  rescue => bang
    puts bang
    puts "ERROR!! #{Module.nesting[0].name}"
    raise
 
    
  end
end