Hacker Spotted !
"; - } - echo "- Sublime Patisserie !
- - sublimepatisserie@yopmail.com
- 01 23 45 67 89
- -
diff --git a/detection.py b/detection.py index bfa5a16..6517235 100644 --- a/detection.py +++ b/detection.py @@ -19,22 +19,20 @@ def analysis(path): for payload in payloads: regex = re.compile(payload[0]+regex_indicators) matches = regex.findall(content) - for vuln in matches: + for vuln in matches: # Security hole detected, is it protected ? if check_protection(payload[2], vuln) == False: declaration_text, line_declaration = "","" - # No declaration for $_GET, $_POST ... if check_exception(vuln[1]) == False: - # Look for the declaration of $something = xxxxx false_positive, declaration_text, line_declaration = check_declaration(content, vuln[1], path) - # Display all the informations - line_vuln = find_line_vuln(path, payload, vuln, content) - if not false_positive: - display(path, payload, vuln, line_vuln, declaration_text, line_declaration) + # Display all the vuln + line_vuln = find_line_vuln(path, payload, vuln, content) + if not false_positive: + display(path, payload, vuln, line_vuln, declaration_text, line_declaration) # Run thru every files and subdirectories diff --git a/functions.py b/functions.py index 764078b..261f499 100644 --- a/functions.py +++ b/functions.py @@ -17,14 +17,6 @@ def display(path,payload,vulnerability,line,declaration_text,declaration_line): vuln = vulnerability[0]+"\033[93m"+vulnerability[1]+"\033[0m"+vulnerability[2] vuln = "{}({})".format(payload[0], vuln) - # Declared at line 1 : $dest = $_GET['who']; - declared = "" - if not "$_" in vulnerability[1]: - if declaration_text != "": - declared = "Line n°\033[0;92m"+declaration_line+"\033[0m : "+ declaration_text - else: - declared = "Undeclared \033[0m"+ declaration_text+" in the file" - # Final Display rows, columns = os.popen('stty size', 'r').read().split() print "-" * (int(columns)-1) @@ -32,8 +24,18 @@ def display(path,payload,vulnerability,line,declaration_text,declaration_line): print "-" * (int(columns)-1) print "\033[1mLine \033[0m " + "\t"+line print "\033[1mCode \033[0m " + "\t"+vuln - print "\033[1mDeclaration \033[0m " + "\t"+declared+"\n" + # Declared at line 1 : $dest = $_GET['who']; + declared = "" + if not "$_" in vulnerability[1]: + if declaration_text != "": + declared = "Line n°\033[0;92m"+declaration_line+"\033[0m : "+ declaration_text + else: + declared = "Undeclared \033[0m"+ declaration_text+" in the file" + print "\033[1mDeclaration \033[0m " + "\t"+declared + + # Small delimiter + print "" # Find the line where the vulnerability is located def find_line_vuln(path,payload,vulnerability,content): @@ -100,10 +102,10 @@ def check_declaration(content, vuln, path): # TODO: Check constant then return True if constant because it's false positive declaration_text = "$"+vuln[1:] +declaration[0][0]+"="+declaration[0][1] line_declaration = find_line_declaration(declaration_text, content) - #regex_constant = re.compile("\$"+vuln[1:]+"([\t ]*)=[\t ]*([\"\'][a-zA-Z0-9]*?[\"\']);") - #false_positive = regex_constant.match(declaration_text) - #if false_positive: - # return (True, "","") + regex_constant = re.compile("\$"+vuln[1:]+"([\t ]*)=[\t ]*([\"\'][a-zA-Z0-9]*?[\"\']);") + false_positive = regex_constant.match(declaration_text) + if false_positive: + return (True, "","") return (False, declaration_text,line_declaration) return (False, "","") diff --git a/index.py b/index.py index c784b95..da85ed7 100644 --- a/index.py +++ b/index.py @@ -6,7 +6,6 @@ # Educational purpose only ! # TODO afficher toutes les modifications de la variable - -# TODO enlever les faux positifs : constantes # BUG variable multiple (check en recursif dans vuln) # BUG color var['something'] # BUG detection include diff --git a/test/include.php b/test/include.php index 8f42c84..eb4e76c 100755 --- a/test/include.php +++ b/test/include.php @@ -1,55 +1,12 @@ - -
- - -Clic to upload
+Click to upload
- - diff --git a/test/xss.php b/test/xss.php index e2aa2cd..8fa07e6 100755 --- a/test/xss.php +++ b/test/xss.php @@ -1,37 +1,11 @@ - - - -Suscribe to our newsletter try to win a travel to the Moon
- The mail ".$mail." has been registered in our database."; } + else{ + echo "The mail ".$_GET['mail']." has been registered in our database.
"; + } ?> - -