components/checks/active/code_injection.rb in arachni-1.0.5 vs components/checks/active/code_injection.rb in arachni-1.0.6
- old
+ new
@@ -10,26 +10,26 @@
# but still needs some more testing.
#
#
# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
#
-# @version 0.2
+# @version 0.2.1
#
# @see http://cwe.mitre.org/data/definitions/94.html
# @see http://php.net/manual/en/function.eval.php
# @see http://perldoc.perl.org/functions/eval.html
# @see http://docs.python.org/py3k/library/functions.html#eval
# @see http://www.aspdev.org/asp/asp-eval-execute/
# @see http://en.wikipedia.org/wiki/Eval#Ruby
class Arachni::Checks::CodeInjection < Arachni::Check::Base
def self.rand1
- @rand1 ||= '287630581954'
+ @rand1 ||= '28763'
end
def self.rand2
- @rand2 ||= '4196403186331128'
+ @rand2 ||= '4196403'
end
def self.options
@options ||= {
substring: (rand1.to_i + rand2.to_i).to_s,
@@ -39,11 +39,11 @@
end
def self.code_strings
# code strings to be injected to the webapp
@code_strings ||= {
- php: "echo #{rand1}+#{rand2};",
+ php: "print #{rand1}+#{rand2};",
perl: "print #{rand1}+#{rand2};",
python: "print #{rand1}+#{rand2}",
asp: "Response.Write\x28#{rand1}+#{rand2}\x29"
}
end
@@ -70,10 +70,10 @@
Injects code snippets and assess whether or not execution was successful.
},
elements: [ Element::Form, Element::Link, Element::Cookie,
Element::Header, Element::LinkTemplate ],
author: 'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
- version: '0.2',
+ version: '0.2.1',
platforms: payloads.keys,
issue: {
name: %q{Code injection},
description: %q{