modules/audit/code_injection.rb in arachni-0.4.2 vs modules/audit/code_injection.rb in arachni-0.4.3

@@ -19,11 +19,11 @@
 # but still needs some more testing.
 #
 #
 # @author Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
 #
-# @version 0.1.6
+# @version 0.2
 #
 # @see http://cwe.mitre.org/data/definitions/94.html
 # @see http://php.net/manual/en/function.eval.php
 # @see http://perldoc.perl.org/functions/eval.html
 # @see http://docs.python.org/py3k/library/functions.html#eval
@@ -38,57 +38,58 @@
 
     def self.rand2
         @rand2 ||= '4196403186331128'
     end
 
-    def self.opts
-        @opts ||= {
+    def self.options
+        @options ||= {
             substring: (rand1.to_i + rand2.to_i).to_s,
             format:    [Format::APPEND, Format::STRAIGHT],
             param_flip: false
         }
     end
 
     def self.code_strings
         # code strings to be injected to the webapp
-        @code_strings ||= [
-            "echo " + rand1 + "+" + rand2 + ";", # PHP
-            "print " + rand1 + "+" + rand2 + ";", # Perl
-            "print " + rand1 + "+" + rand2, # Python
-
-            # the 2 following will most likely print to the console but give them a shot
-            "Response.Write\x28" +  rand1  + '+' + rand2 + "\x29", # ASP
-            "puts " + rand1 + "+" + rand2 # Ruby
-        ]
+        @code_strings ||= {
+            php:    "echo #{rand1}+#{rand2};",
+            perl:   "print #{rand1}+#{rand2};",
+            python: "print #{rand1}+#{rand2}",
+            asp:    "Response.Write\x28#{rand1}+#{rand2}\x29"
+        }
     end
 
-    def self.generate_variations
-        @variations ||= code_strings.map do |str|
-            [ ';%s', "\";%s#", "';%s#" ].map { |var| var % str } | [str]
-        end.flatten.compact
+    def self.payloads
+        return @payloads if @payloads
+
+        @payloads = {}
+        code_strings.each do |platform, payload|
+            @payloads[platform] = [ ';%s', "\";%s#", "';%s#" ].
+                map { |var| var % payload } | [payload]
+        end
+        @payloads
     end
 
     def run
-        self.class.generate_variations.each { |var| audit( var, self.class.opts ) }
+        audit( self.class.payloads, self.class.options )
     end
 
     def self.info
         {
             name:        'Code injection',
             description: %q{It tries to inject code snippets into the
                 web application and assess whether or not the injection
                 was successful.},
             elements:    [ Element::FORM, Element::LINK, Element::COOKIE, Element::HEADER ],
             author:      'Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>',
-            version:     '0.1.6',
+            version:     '0.2',
             references:  {
                 'PHP'    => 'http://php.net/manual/en/function.eval.php',
                 'Perl'   => 'http://perldoc.perl.org/functions/eval.html',
                 'Python' => 'http://docs.python.org/py3k/library/functions.html#eval',
                 'ASP'    => 'http://www.aspdev.org/asp/asp-eval-execute/',
-                'Ruby'   => 'http://en.wikipedia.org/wiki/Eval#Ruby'
             },
-            targets:     %w(PHP Perl Python ASP Ruby),
+            targets:     %w(PHP Perl Python ASP),
             issue:       {
                 name:            %q{Code injection},
                 description:     %q{Arbitrary code can be injected into the web application
     which is then executed as part of the system.},
                 tags:            %w(code injection regexp),