Class: Arachni::Checks::NoSqlInjectionDifferential
- Inherits:
-
Arachni::Check::Base
- Object
- Arachni::Component::Base
- Arachni::Check::Base
- Arachni::Checks::NoSqlInjectionDifferential
- Defined in:
- components/checks/active/no_sql_injection_differential.rb
Overview
Constant Summary
Constants included from Arachni::Check::Auditor
Arachni::Check::Auditor::DOM_ELEMENTS_WITH_INPUTS, Arachni::Check::Auditor::ELEMENTS_WITH_INPUTS, Arachni::Check::Auditor::FILE_SIGNATURES, Arachni::Check::Auditor::FILE_SIGNATURES_PER_PLATFORM, Arachni::Check::Auditor::Format, Arachni::Check::Auditor::SOURCE_CODE_SIGNATURES_PER_PLATFORM
Constants included from Arachni
BANNER, Arachni::Cookie, Form, Header, JSON, Link, LinkTemplate, NestedCookie, Severity, UIForm, UIInput, VERSION, WEBSITE, WIKI, XML
Instance Attribute Summary
Attributes included from Arachni::Check::Auditor
Class Method Summary collapse
Instance Method Summary collapse
Methods inherited from Arachni::Check::Base
#browser_cluster, #clean_up, elements, exempt_platforms, has_exempt_platforms?, has_platforms?, #initialize, platforms, #plugins, prefer, #preferred, preferred, #prepare, #session, supports_platforms?
Methods included from Arachni::Check::Auditor
#audit, #audit_differential, #audit_signature, #audit_timeout, #audited, #audited?, #buffered_audit, #each_candidate_dom_element, #each_candidate_element, has_timeout_candidates?, #http, #initialize, #log, #log_issue, #log_remote_file, #log_remote_file_if_exists, #match_and_log, #max_issues, #preferred, reset, #skip?, timeout_audit_run, #trace_taint, #with_browser, #with_browser_cluster
Methods inherited from Arachni::Component::Base
author, description, fullname, #shortname, shortname, shortname=, version
Methods included from Arachni::Component::Output
#depersonalize_output, #depersonalize_output?, #intercept_print_message
Methods included from UI::Output
#caller_location, #debug?, #debug_level, #debug_level_1?, #debug_level_2?, #debug_level_3?, #debug_level_4?, #debug_off, #debug_on, #disable_only_positives, #error_buffer, #error_log_fd, #error_logfile, #has_error_log?, #included, #log_error, #mute, #muted?, #only_positives, #only_positives?, #print_bad, #print_debug, #print_debug_backtrace, #print_debug_exception, #print_debug_level_1, #print_debug_level_2, #print_debug_level_3, #print_debug_level_4, #print_error, #print_error_backtrace, #print_exception, #print_info, #print_line, #print_ok, #print_status, #print_verbose, #reroute_to_file, #reroute_to_file?, reset_output_options, #set_error_logfile, #unmute, #verbose?, #verbose_off, #verbose_on
Methods included from Arachni::Component::Utilities
Methods included from Utilities
#available_port, available_port_mutex, #bytes_to_kilobytes, #bytes_to_megabytes, #caller_name, #caller_path, #cookie_decode, #cookie_encode, #cookies_from_file, #cookies_from_parser, #cookies_from_response, #exception_jail, #exclude_path?, #follow_protocol?, #form_decode, #form_encode, #forms_from_parser, #forms_from_response, #full_and_absolute_url?, #generate_token, #get_path, #hms_to_seconds, #html_decode, #html_encode, #include_path?, #links_from_parser, #links_from_response, #normalize_url, #page_from_response, #page_from_url, #parse_set_cookie, #path_in_domain?, #path_too_deep?, #port_available?, #rand_port, #random_seed, #redundant_path?, #regexp_array_match, #remove_constants, #request_parse_body, #seconds_to_hms, #skip_page?, #skip_path?, #skip_resource?, #skip_response?, #to_absolute, #uri_decode, #uri_encode, #uri_parse, #uri_parse_query, #uri_parser, #uri_rewrite
Methods included from Arachni
URI, collect_young_objects, #get_long_win32_filename, jruby?, null_device, profile?, windows?
Constructor Details
This class inherits a constructor from Arachni::Check::Base
Class Method Details
.info ⇒ Object
32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 |
# File 'components/checks/active/no_sql_injection_differential.rb', line 32 def self.info { name: 'Blind NoSQL Injection (differential analysis)', description: %q{ It uses differential analysis to determine how different inputs affect the behavior of the web application and checks if the displayed behavior is consistent with that of a vulnerable application. }, elements: [ Element::Link, Element::Form, Element::Cookie, Element::NestedCookie ], author: 'Tasos "Zapotek" Laskos <[email protected]>', version: '0.1.3', platforms: [ :nosql ], issue: { name: %q{Blind NoSQL Injection (differential analysis)}, description: %q{ A NoSQL injection occurs when a value originating from the client's request is used within a NoSQL call without prior sanitisation. This can allow cyber-criminals to execute arbitrary NoSQL code and thus steal data, or use the additional functionality of the database server to take control of further server components. Arachni discovered that the affected page and parameter are vulnerable. This injection was detected as Arachni was able to inject specific NoSQL queries that if vulnerable result in the responses for each injection being different. This is known as a blind NoSQL injection vulnerability. }, tags: %w(nosql blind differential injection database), references: { 'OWASP' => 'https://www.owasp.org/index.php/Testing_for_NoSQL_injection' }, cwe: 89, severity: Severity::HIGH, remedy_guidance: %q{ The most effective remediation against NoSQL injection attacks is to ensure that NoSQL API calls are not constructed via string concatenation that includes unsanitized data. Sanitization is best achieved using existing escaping libraries. } } } end |
.options ⇒ Object
12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
# File 'components/checks/active/no_sql_injection_differential.rb', line 12 def self. return @options if @options pairs = [] [ '\'', '"', '' ].each do |q| { '%q;return true;var foo=%q' => '%q;return false;var foo=%q', '1%q||this%q' => '1%q||!this%q' }.each do |s_true, s_false| pairs << { s_true.gsub( '%q', q ) => s_false.gsub( '%q', q ) } end end @options = { false: '-1839', pairs: pairs } end |
Instance Method Details
#run ⇒ Object
28 29 30 |
# File 'components/checks/active/no_sql_injection_differential.rb', line 28 def run audit_differential self.class. end |