modules/audit/os_cmd_injection.rb in arachni-0.4.1.3 vs modules/audit/os_cmd_injection.rb in arachni-0.4.2
- old
+ new
@@ -1,7 +1,7 @@
=begin
- Copyright 2010-2012 Tasos Laskos <tasos.laskos@gmail.com>
+ Copyright 2010-2013 Tasos Laskos <tasos.laskos@gmail.com>
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
@@ -17,22 +17,23 @@
#
# Simple OS command injection module.
#
# @author Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
#
-# @version 0.1.6
+# @version 0.1.8
#
# @see http://cwe.mitre.org/data/definitions/78.html
# @see http://www.owasp.org/index.php/OS_Command_Injection
#
class Arachni::Modules::OSCmdInjection < Arachni::Module::Base
def self.opts
@opts ||= {
regexp: [
/root:x:0:0:.+:[0-9a-zA-Z\/]+/,
- /\[boot loader\](.*)\[operating systems\]/
+ /\[boot loader\](.*)\[operating systems\]/,
+ /\[fonts\](.*)\[extensions\]/
],
format: [ Format::STRAIGHT, Format::APPEND ]
}
end
@@ -55,10 +56,10 @@
{
name: 'OS command injection',
description: %q{Tries to find operating system command injections.},
elements: [ Element::FORM, Element::LINK, Element::COOKIE, Element::HEADER ],
author: 'Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> ',
- version: '0.1.6',
+ version: '0.1.8',
references: {
'OWASP' => 'http://www.owasp.org/index.php/OS_Command_Injection'
},
targets: %w(Windows Unix),
issue: {