Sha256: 2652a1dd4714bb3c2dbd616e9eaf5896b6e8724f1ee981ff1521436ddb4b82e6

Contents?: true

Size: 1.16 KB

Versions: 6

Compression:

Stored size: 1.16 KB

Contents

require 'sinatra'
require 'sinatra/contrib'

def default
    'default'
end

def get_result( str )
    str = str.to_s

    if str.include?( '!this' ) || str.include?( 'return false' ) || str == '-1'
        'Could not find any results, bugger off!'
    elsif str.include?( 'this' ) || str.include?( 'return true' ) || str == default
        '1 item found: Blah blah blah...'
    else
        'No idea what you want mate...'
    end
end

get '/' do
    <<-EOHTML
        <a href="/link?input=default">Link</a>
        <a href="/form">Form</a>
        <a href="/cookie">Cookie</a>
        <a href="/header">Header</a>
    EOHTML
end

get '/link' do
    <<-EOHTML
        <a href="/link/append?input=default">Link</a>
    EOHTML
end

get '/link/append' do
    get_result( params['input'] )
end

get '/form' do
    <<-EOHTML
        <form action="/form/append">
            <input name='input' value='default' />
        </form>
    EOHTML
end

get '/form/append' do
    get_result( params['input'] )
end


get '/cookie' do
    <<-EOHTML
        <a href="/cookie/append">Cookie</a>
    EOHTML
end

get '/cookie/append' do
    cookies['cookie'] ||= default
    get_result( cookies['cookie'] )
end

Version data entries

6 entries across 6 versions & 1 rubygems

Version Path
arachni-1.0.5 spec/support/servers/checks/active/no_sql_injection_differential.rb
arachni-1.0.4 spec/support/servers/checks/active/no_sql_injection_differential.rb
arachni-1.0.3 spec/support/servers/checks/active/no_sql_injection_differential.rb
arachni-1.0.2 spec/support/servers/checks/active/no_sql_injection_differential.rb
arachni-1.0.1 spec/support/servers/checks/active/no_sql_injection_differential.rb
arachni-1.0 spec/support/servers/checks/active/no_sql_injection_differential.rb