More indicators : Header injection , URL redirect, SQL etc

2017-08-05 15:23:40 +02:00 · 2017-08-05 15:23:40 +02:00 · ca3fba1758
parent 626c3581b8
commit ca3fba1758
2 changed files with 69 additions and 3 deletions
--- a/README.md
+++ b/README.md
@ -21,3 +21,10 @@ Currently detecting :
 - Local File Inclusion
 - Insecure emails
 - Cross Site Scripting
+ - Remote Commands Execution
+ - LDAP injection
+ - XPATH injection
+ - Header injection
+ - URL redirection
+
+Don't forget to read the [license](/LICENSE) ;)
--- a/indicators.py
+++ b/indicators.py
@ -6,6 +6,8 @@ regex_indicators = '\((.*?)(\$_GET\[.*?\]|\$_FILES\[.*?\]|\$_POST\[.*?\]|\$_REQU

 # Function_Name:String, Vulnerability_Name:String, Protection_Function:Array
 payloads = [
+
+  # Remote Command Execution
  ["eval","Remote Command Execution",["escapeshellarg","escapeshellcmd"]],
  ["popen","Remote Command Execution",["escapeshellarg","escapeshellcmd"]],
  ["system","Remote Command Execution",["escapeshellarg","escapeshellcmd"]],
@ -13,13 +15,17 @@ payloads = [
  ["exec","Remote Command Execution",["escapeshellarg","escapeshellcmd"]],
  ["shell_exec","Remote Command Execution",["escapeshellarg","escapeshellcmd"]],
  ["assert","Remote Command Execution",["escapeshellarg","escapeshellcmd"]],
-
+  ["proc_open","Remote Command Execution",["escapeshellarg","escapeshellcmd"]],
+  ["call_user_func","Remote Code Execution",[]],
+  ["call_user_func_array","Remote Code Execution",[]],
  ["preg_replace","Remote Command Execution",["preg_quote"]],
  ["ereg_replace","Remote Command Execution",["preg_quote"]],
  ["eregi_replace","Remote Command Execution",["preg_quote"]],
  ["mb_ereg_replace","Remote Command Execution",["preg_quote"]],
  ["mb_eregi_replace","Remote Command Execution",["preg_quote"]],

+  # File Inclusion / Path Traversal
+  ["virtual","File Inclusion",[]],
  ["include","File Inclusion",[]],
  ["require","File Inclusion",[]],
  ["include_once","File Inclusion",[]],
@ -28,30 +34,83 @@ payloads = [
  ["readfile","File Inclusion / Path Traversal",[]],
  ["file_get_contents","File Inclusion / Path Traversal",[]],
  ["show_source","File Inclusion / Path Traversal",[]],
-  ["highlight_file","File Inclusion / Path Traversal",[]],
+  ["fopen","File Inclusion / Path Traversal",[]],
+  ["file","File Inclusion / Path Traversal",[]],
+  ["fpassthru","File Inclusion / Path Traversal",[]],
+  ["gzopen","File Inclusion / Path Traversal",[]],
+  ["gzfile","File Inclusion / Path Traversal",[]],
+  ["gzpassthru","File Inclusion / Path Traversal",[]],
+  ["readgzfile","File Inclusion / Path Traversal",[]],

+  # MySQL(i) SQL Injection
  ["mysql_query","SQL Injection",["mysql_real_escape_string"]],
+  ["mysqli_multi_query","SQL Injection",["mysql_real_escape_string"]],
+  ["mysqli_send_query","SQL Injection",["mysql_real_escape_string"]],
+  ["mysqli_master_query","SQL Injection",["mysql_real_escape_string"]],
+  ["mysqli_master_query","SQL Injection",["mysql_real_escape_string"]],
  ["mysql_unbuffered_query","SQL Injection",["mysql_real_escape_string"]],
  ["mysql_db_query","SQL Injection",["mysql_real_escape_string"]],
  ["mysqli::real_query","SQL Injection",["mysql_real_escape_string"]],
  ["mysqli_real_query","SQL Injection",["mysql_real_escape_string"]],
  ["mysqli::query","SQL Injection",["mysql_real_escape_string"]],
  ["mysqli_query","SQL Injection",["mysql_real_escape_string"]],
+
+  # PostgreSQL Injection
  ["pg_query","SQL Injection",["pg_escape_string","pg_pconnect","pg_connect"]],
+  ["pg_send_query","SQL Injection",["pg_escape_string","pg_pconnect","pg_connect"]],
+
+  # SQLite SQL Injection
+  ["sqlite_array_query","SQL Injection",["sqlite_escape_string"]],
+  ["sqlite_exec","SQL Injection",["sqlite_escape_string"]],
+  ["sqlite_query","SQL Injection",["sqlite_escape_string"]],
+  ["sqlite_single_query","SQL Injection",["sqlite_escape_string"]],
+  ["sqlite_unbuffered_query","SQL Injection",["sqlite_escape_string"]],
+
+  # PDO SQL Injection
+  ["->arrayQuery","SQL Injection",["->prepare"]],
  ["->query","SQL Injection",["->prepare"]],
+  ["->queryExec","SQL Injection",["->prepare"]],
+  ["->singleQuery","SQL Injection",["->prepare"]],
+  ["->querySingle","SQL Injection",["->prepare"]],
  ["->exec","SQL Injection",["->prepare"]],
  ["->execute","SQL Injection",["->prepare"]],
+  ["->unbufferedQuery","SQL Injection",["->prepare"]],
+  ["->real_query","SQL Injection",["->prepare"]],
+  ["->multi_query","SQL Injection",["->prepare"]],
+  ["->send_query","SQL Injection",["->prepare"]],

+  # Cubrid SQL Injection
+  ["cubrid_unbuffered_query","SQL Injection",["cubrid_real_escape_string"]],
+  ["cubrid_query","SQL Injection",["cubrid_real_escape_string"]],
+
+  # MSSQL SQL Injection : Warning there is not any real_escape_string
+  ["mssql_query","SQL Injection",["mssql_escape"]],
+
+  # File Upload
  ["move_uploaded_file","File Upload",[]],

+  # Cross Site Scripting
  ["echo","Cross Site Scripting",["htmlentities","htmlspecialchars"]],
  ["print","Cross Site Scripting",["htmlentities","htmlspecialchars"]],
  ["printf","Cross Site Scripting",["htmlentities","htmlspecialchars"]],

+  # XPATH and LDAP
  ["xpath","XPATH Injection",[]],
  ["ldap_search","LDAP Injection",["Zend_Ldap","ldap_escape"]],

+  # Insecure E-Mail
  ["mail", "Insecure E-mail",[]],

-  ["unserialize", "PHP Object Injection",[]]
+  # PHP Objet Injection
+  ["unserialize", "PHP Object Injection",[]],
+
+  # Header Injection
+  ["header","Header Injection",[]],
+  ["HttpMessage::setHeaders","Header Injection",[]],
+  ["HttpRequest::setHeaders","Header Injection",[]],
+
+  # URL Redirection
+  ["http_redirect","URL Redirection",[]],
+  ["HttpMessage::setResponseCode","URL Redirection",[]],
+
 ]