From ca3fba17581f00efb88c209754ecd8bb77e4075f Mon Sep 17 00:00:00 2001 From: Swissky Date: Sat, 5 Aug 2017 15:23:40 +0200 Subject: [PATCH] More indicators : Header injection , URL redirect, SQL etc --- README.md | 7 ++++++ indicators.py | 65 ++++++++++++++++++++++++++++++++++++++++++++++++--- 2 files changed, 69 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index beaa7a0..27f3a28 100644 --- a/README.md +++ b/README.md @@ -21,3 +21,10 @@ Currently detecting : - Local File Inclusion - Insecure emails - Cross Site Scripting + - Remote Commands Execution + - LDAP injection + - XPATH injection + - Header injection + - URL redirection + +Don't forget to read the [license](/LICENSE) ;) diff --git a/indicators.py b/indicators.py index 4784e2f..d233f02 100644 --- a/indicators.py +++ b/indicators.py @@ -6,6 +6,8 @@ regex_indicators = '\((.*?)(\$_GET\[.*?\]|\$_FILES\[.*?\]|\$_POST\[.*?\]|\$_REQU # Function_Name:String, Vulnerability_Name:String, Protection_Function:Array payloads = [ + + # Remote Command Execution ["eval","Remote Command Execution",["escapeshellarg","escapeshellcmd"]], ["popen","Remote Command Execution",["escapeshellarg","escapeshellcmd"]], ["system","Remote Command Execution",["escapeshellarg","escapeshellcmd"]], @@ -13,13 +15,17 @@ payloads = [ ["exec","Remote Command Execution",["escapeshellarg","escapeshellcmd"]], ["shell_exec","Remote Command Execution",["escapeshellarg","escapeshellcmd"]], ["assert","Remote Command Execution",["escapeshellarg","escapeshellcmd"]], - + ["proc_open","Remote Command Execution",["escapeshellarg","escapeshellcmd"]], + ["call_user_func","Remote Code Execution",[]], + ["call_user_func_array","Remote Code Execution",[]], ["preg_replace","Remote Command Execution",["preg_quote"]], ["ereg_replace","Remote Command Execution",["preg_quote"]], ["eregi_replace","Remote Command Execution",["preg_quote"]], ["mb_ereg_replace","Remote Command Execution",["preg_quote"]], ["mb_eregi_replace","Remote Command Execution",["preg_quote"]], + # File Inclusion / Path Traversal + ["virtual","File Inclusion",[]], ["include","File Inclusion",[]], ["require","File Inclusion",[]], ["include_once","File Inclusion",[]], @@ -28,30 +34,83 @@ payloads = [ ["readfile","File Inclusion / Path Traversal",[]], ["file_get_contents","File Inclusion / Path Traversal",[]], ["show_source","File Inclusion / Path Traversal",[]], - ["highlight_file","File Inclusion / Path Traversal",[]], + ["fopen","File Inclusion / Path Traversal",[]], + ["file","File Inclusion / Path Traversal",[]], + ["fpassthru","File Inclusion / Path Traversal",[]], + ["gzopen","File Inclusion / Path Traversal",[]], + ["gzfile","File Inclusion / Path Traversal",[]], + ["gzpassthru","File Inclusion / Path Traversal",[]], + ["readgzfile","File Inclusion / Path Traversal",[]], + # MySQL(i) SQL Injection ["mysql_query","SQL Injection",["mysql_real_escape_string"]], + ["mysqli_multi_query","SQL Injection",["mysql_real_escape_string"]], + ["mysqli_send_query","SQL Injection",["mysql_real_escape_string"]], + ["mysqli_master_query","SQL Injection",["mysql_real_escape_string"]], + ["mysqli_master_query","SQL Injection",["mysql_real_escape_string"]], ["mysql_unbuffered_query","SQL Injection",["mysql_real_escape_string"]], ["mysql_db_query","SQL Injection",["mysql_real_escape_string"]], ["mysqli::real_query","SQL Injection",["mysql_real_escape_string"]], ["mysqli_real_query","SQL Injection",["mysql_real_escape_string"]], ["mysqli::query","SQL Injection",["mysql_real_escape_string"]], ["mysqli_query","SQL Injection",["mysql_real_escape_string"]], + + # PostgreSQL Injection ["pg_query","SQL Injection",["pg_escape_string","pg_pconnect","pg_connect"]], + ["pg_send_query","SQL Injection",["pg_escape_string","pg_pconnect","pg_connect"]], + + # SQLite SQL Injection + ["sqlite_array_query","SQL Injection",["sqlite_escape_string"]], + ["sqlite_exec","SQL Injection",["sqlite_escape_string"]], + ["sqlite_query","SQL Injection",["sqlite_escape_string"]], + ["sqlite_single_query","SQL Injection",["sqlite_escape_string"]], + ["sqlite_unbuffered_query","SQL Injection",["sqlite_escape_string"]], + + # PDO SQL Injection + ["->arrayQuery","SQL Injection",["->prepare"]], ["->query","SQL Injection",["->prepare"]], + ["->queryExec","SQL Injection",["->prepare"]], + ["->singleQuery","SQL Injection",["->prepare"]], + ["->querySingle","SQL Injection",["->prepare"]], ["->exec","SQL Injection",["->prepare"]], ["->execute","SQL Injection",["->prepare"]], + ["->unbufferedQuery","SQL Injection",["->prepare"]], + ["->real_query","SQL Injection",["->prepare"]], + ["->multi_query","SQL Injection",["->prepare"]], + ["->send_query","SQL Injection",["->prepare"]], + # Cubrid SQL Injection + ["cubrid_unbuffered_query","SQL Injection",["cubrid_real_escape_string"]], + ["cubrid_query","SQL Injection",["cubrid_real_escape_string"]], + + # MSSQL SQL Injection : Warning there is not any real_escape_string + ["mssql_query","SQL Injection",["mssql_escape"]], + + # File Upload ["move_uploaded_file","File Upload",[]], + # Cross Site Scripting ["echo","Cross Site Scripting",["htmlentities","htmlspecialchars"]], ["print","Cross Site Scripting",["htmlentities","htmlspecialchars"]], ["printf","Cross Site Scripting",["htmlentities","htmlspecialchars"]], + # XPATH and LDAP ["xpath","XPATH Injection",[]], ["ldap_search","LDAP Injection",["Zend_Ldap","ldap_escape"]], + # Insecure E-Mail ["mail", "Insecure E-mail",[]], - ["unserialize", "PHP Object Injection",[]] + # PHP Objet Injection + ["unserialize", "PHP Object Injection",[]], + + # Header Injection + ["header","Header Injection",[]], + ["HttpMessage::setHeaders","Header Injection",[]], + ["HttpRequest::setHeaders","Header Injection",[]], + + # URL Redirection + ["http_redirect","URL Redirection",[]], + ["HttpMessage::setResponseCode","URL Redirection",[]], + ]