Contents

require 'sinatra'

# stupid to way to pretend vulnerability for :os_cmd_injection_timing
def eval( str )
    if delay = str.to_s.gsub( /\D/, ' ' ).split( ' ' ).uniq.last
        sleep delay.to_i
    end
end

get '/' do
    <<-HTML
        <form action='/trusted'>
            <input name="trusted_input"/>
        </form>

        <form action='/untrusted'>
            <input name="untrusted_input"/>
        </form>
    HTML
end

get '/trusted' do
    eval( params['trusted_input'] )
end

get '/untrusted' do
    sleep( 4 )
    eval( params['untrusted_input'] )
end

Version data entries

14 entries across 14 versions & 1 rubygems

Version	Path
arachni-0.4.7	spec/support/servers/plugins/meta/remedies/timing_attacks.rb
arachni-0.4.6	spec/support/servers/plugins/meta/remedies/timing_attacks.rb
arachni-0.4.5.2	spec/support/servers/plugins/meta/remedies/timing_attacks.rb
arachni-0.4.5.1	spec/support/servers/plugins/meta/remedies/timing_attacks.rb
arachni-0.4.5	spec/support/servers/plugins/meta/remedies/timing_attacks.rb
arachni-0.4.4	spec/support/servers/plugins/meta/remedies/timing_attacks.rb
arachni-0.4.3.2	spec/support/servers/plugins/meta/remedies/timing_attacks.rb
arachni-0.4.3.1	spec/support/servers/plugins/meta/remedies/timing_attacks.rb
arachni-0.4.3	spec/support/servers/plugins/meta/remedies/timing_attacks.rb
arachni-0.4.2	spec/servers/plugins/meta/remedies/timing_attacks.rb
arachni-0.4.1.3	spec/servers/plugins/meta/remedies/timing_attacks.rb
arachni-0.4.1.2	spec/servers/plugins/meta/remedies/timing_attacks.rb
arachni-0.4.1.1	spec/servers/plugins/meta/remedies/timing_attacks.rb
arachni-0.4.1	spec/servers/plugins/meta/remedies/timing_attacks.rb