More indicators : Header injection , URL redirect, SQL etc

2017-08-05 15:23:40 +02:00 · 2017-08-05 15:23:40 +02:00 · ca3fba1758
parent 626c3581b8
commit ca3fba1758
2 changed files with 69 additions and 3 deletions
--- a/README.md
+++ b/README.md
@ -21,3 +21,10 @@ Currently detecting :
 - Local File Inclusion
 - Insecure emails
 - Cross Site Scripting
 - Remote Commands Execution
 - LDAP injection
 - XPATH injection
 - Header injection
 - URL redirection
 Don't forget to read the [license](/LICENSE) ;)
--- a/indicators.py
+++ b/indicators.py
@ -6,6 +6,8 @@ regex_indicators = '\((.*?)(\$_GET\[.*?\]|\$_FILES\[.*?\]|\$_POST\[.*?\]|\$_REQU
 # Function_Name:String, Vulnerability_Name:String, Protection_Function:Array
 payloads = [
  # Remote Command Execution
  ["eval","Remote Command Execution",["escapeshellarg","escapeshellcmd"]],
  ["popen","Remote Command Execution",["escapeshellarg","escapeshellcmd"]],
  ["system","Remote Command Execution",["escapeshellarg","escapeshellcmd"]],
@ -13,13 +15,17 @@ payloads = [
  ["exec","Remote Command Execution",["escapeshellarg","escapeshellcmd"]],
  ["shell_exec","Remote Command Execution",["escapeshellarg","escapeshellcmd"]],
  ["assert","Remote Command Execution",["escapeshellarg","escapeshellcmd"]],
-
+  ["proc_open","Remote Command Execution",["escapeshellarg","escapeshellcmd"]],
  ["call_user_func","Remote Code Execution",[]],
  ["call_user_func_array","Remote Code Execution",[]],
  ["preg_replace","Remote Command Execution",["preg_quote"]],
  ["ereg_replace","Remote Command Execution",["preg_quote"]],
  ["eregi_replace","Remote Command Execution",["preg_quote"]],
  ["mb_ereg_replace","Remote Command Execution",["preg_quote"]],
  ["mb_eregi_replace","Remote Command Execution",["preg_quote"]],
  # File Inclusion / Path Traversal
  ["virtual","File Inclusion",[]],
  ["include","File Inclusion",[]],
  ["require","File Inclusion",[]],
  ["include_once","File Inclusion",[]],
@ -28,30 +34,83 @@ payloads = [
  ["readfile","File Inclusion / Path Traversal",[]],
  ["file_get_contents","File Inclusion / Path Traversal",[]],
  ["show_source","File Inclusion / Path Traversal",[]],
-  ["highlight_file","File Inclusion / Path Traversal",[]],
+  ["fopen","File Inclusion / Path Traversal",[]],
  ["file","File Inclusion / Path Traversal",[]],
  ["fpassthru","File Inclusion / Path Traversal",[]],
  ["gzopen","File Inclusion / Path Traversal",[]],
  ["gzfile","File Inclusion / Path Traversal",[]],
  ["gzpassthru","File Inclusion / Path Traversal",[]],
  ["readgzfile","File Inclusion / Path Traversal",[]],
  # MySQL(i) SQL Injection
  ["mysql_query","SQL Injection",["mysql_real_escape_string"]],
  ["mysqli_multi_query","SQL Injection",["mysql_real_escape_string"]],
  ["mysqli_send_query","SQL Injection",["mysql_real_escape_string"]],
  ["mysqli_master_query","SQL Injection",["mysql_real_escape_string"]],
  ["mysqli_master_query","SQL Injection",["mysql_real_escape_string"]],
  ["mysql_unbuffered_query","SQL Injection",["mysql_real_escape_string"]],
  ["mysql_db_query","SQL Injection",["mysql_real_escape_string"]],
  ["mysqli::real_query","SQL Injection",["mysql_real_escape_string"]],
  ["mysqli_real_query","SQL Injection",["mysql_real_escape_string"]],
  ["mysqli::query","SQL Injection",["mysql_real_escape_string"]],
  ["mysqli_query","SQL Injection",["mysql_real_escape_string"]],
  # PostgreSQL Injection
  ["pg_query","SQL Injection",["pg_escape_string","pg_pconnect","pg_connect"]],
  ["pg_send_query","SQL Injection",["pg_escape_string","pg_pconnect","pg_connect"]],
  # SQLite SQL Injection
  ["sqlite_array_query","SQL Injection",["sqlite_escape_string"]],
  ["sqlite_exec","SQL Injection",["sqlite_escape_string"]],
  ["sqlite_query","SQL Injection",["sqlite_escape_string"]],
  ["sqlite_single_query","SQL Injection",["sqlite_escape_string"]],
  ["sqlite_unbuffered_query","SQL Injection",["sqlite_escape_string"]],
  # PDO SQL Injection
  ["->arrayQuery","SQL Injection",["->prepare"]],
  ["->query","SQL Injection",["->prepare"]],
  ["->queryExec","SQL Injection",["->prepare"]],
  ["->singleQuery","SQL Injection",["->prepare"]],
  ["->querySingle","SQL Injection",["->prepare"]],
  ["->exec","SQL Injection",["->prepare"]],
  ["->execute","SQL Injection",["->prepare"]],
  ["->unbufferedQuery","SQL Injection",["->prepare"]],
  ["->real_query","SQL Injection",["->prepare"]],
  ["->multi_query","SQL Injection",["->prepare"]],
  ["->send_query","SQL Injection",["->prepare"]],
  # Cubrid SQL Injection
  ["cubrid_unbuffered_query","SQL Injection",["cubrid_real_escape_string"]],
  ["cubrid_query","SQL Injection",["cubrid_real_escape_string"]],
  # MSSQL SQL Injection : Warning there is not any real_escape_string
  ["mssql_query","SQL Injection",["mssql_escape"]],
  # File Upload
  ["move_uploaded_file","File Upload",[]],
  # Cross Site Scripting
  ["echo","Cross Site Scripting",["htmlentities","htmlspecialchars"]],
  ["print","Cross Site Scripting",["htmlentities","htmlspecialchars"]],
  ["printf","Cross Site Scripting",["htmlentities","htmlspecialchars"]],
  # XPATH and LDAP
  ["xpath","XPATH Injection",[]],
  ["ldap_search","LDAP Injection",["Zend_Ldap","ldap_escape"]],
  # Insecure E-Mail
  ["mail", "Insecure E-mail",[]],
-  ["unserialize", "PHP Object Injection",[]]
+  # PHP Objet Injection
  ["unserialize", "PHP Object Injection",[]],
  # Header Injection
  ["header","Header Injection",[]],
  ["HttpMessage::setHeaders","Header Injection",[]],
  ["HttpRequest::setHeaders","Header Injection",[]],
  # URL Redirection
  ["http_redirect","URL Redirection",[]],
  ["HttpMessage::setResponseCode","URL Redirection",[]],
 ]