RubygemsResearch

Sha256: 0f99e977d968fa35ce63eeff2d82519ad651298db613f62363dfb3087b1109e7

Contents?: true

Size: 1.71 KB

Versions: 14

Compression:

Stored size: 1.71 KB

require 'sinatra'
require 'sinatra/contrib'
require_relative '../module_server'

def attributes
    current_module::EVENT_ATTRS
end

def get_variations( str )
    attribute = env['PATH_INFO'].split( '/' ).last
    [ '', '"', "'" ].map { |q| "<a href='/' #{attribute}=#{q}#{str}#{q}>#{attribute}</a>" }.join
end

get '/' do
    <<-EOHTML
        <a href="/link/?input=default">Link</a>
        <a href="/form/">Form</a>
        <a href="/cookie/">Cookie</a>
        <a href="/header/">Header</a>
    EOHTML
end

get "/link/" do
    attributes.map do |attribute|
        <<-EOHTML
            <a href="#{attribute}?input=default">#{attribute}</a>
        EOHTML
    end.join
end

attributes.each do |attribute|
    get "/link/#{attribute}" do
        get_variations( params['input'] )
    end
end

get "/form/" do
    attributes.map do |attribute|
        <<-EOHTML
            <form action="/form/#{attribute}">
                <input name='input' value='default' />
            </form>
        EOHTML
    end.join
end

attributes.each do |attribute|
    get "/form/#{attribute}" do
        get_variations( params['input'] )
    end
end

get "/cookie/" do
    attributes.map do |attribute|
        cookies[attribute] ||= 'default-' + attribute
        <<-EOHTML
            <a href="#{attribute}">#{attribute}</a>
        EOHTML
    end.join
end

attributes.each do |attribute|
    get "/cookie/#{attribute}" do
        get_variations( cookies[attribute] )
    end
end

get "/header/" do
    attributes.map do |attribute|
        <<-EOHTML
            <a href="#{attribute}">#{attribute}</a>
        EOHTML
    end.join
end

attributes.each do |attribute|
    get "/header/#{attribute}" do
        get_variations( env['HTTP_USER_AGENT'] )
    end
end

Version data entries

14 entries across 14 versions & 1 rubygems

Version	Path
arachni-0.4.7	spec/support/servers/modules/audit/xss_event.rb
arachni-0.4.6	spec/support/servers/modules/audit/xss_event.rb
arachni-0.4.5.2	spec/support/servers/modules/audit/xss_event.rb
arachni-0.4.5.1	spec/support/servers/modules/audit/xss_event.rb
arachni-0.4.5	spec/support/servers/modules/audit/xss_event.rb
arachni-0.4.4	spec/support/servers/modules/audit/xss_event.rb
arachni-0.4.3.2	spec/support/servers/modules/audit/xss_event.rb
arachni-0.4.3.1	spec/support/servers/modules/audit/xss_event.rb
arachni-0.4.3	spec/support/servers/modules/audit/xss_event.rb
arachni-0.4.2	spec/servers/modules/audit/xss_event.rb
arachni-0.4.1.3	spec/servers/modules/audit/xss_event.rb
arachni-0.4.1.2	spec/servers/modules/audit/xss_event.rb
arachni-0.4.1.1	spec/servers/modules/audit/xss_event.rb
arachni-0.4.1	spec/servers/modules/audit/xss_event.rb