117 lines
5.1 KiB
Python
117 lines
5.1 KiB
Python
#!/usr/bin/python
|
|
# -*- coding: utf-8 -*-
|
|
|
|
# /!\ Detection Format (.*)function($vuln)(.*) matched by payload[0]+regex_indicators
|
|
regex_indicators = '\((.*?)(\$_GET\[.*?\]|\$_FILES\[.*?\]|\$_POST\[.*?\]|\$_REQUEST\[.*?\]|\$_COOKIES\[.*?\]|\$_SESSION\[.*?\]|\$(?!this|e-)[a-zA-Z0-9_]*)(.*?)\)'
|
|
|
|
# Function_Name:String, Vulnerability_Name:String, Protection_Function:Array
|
|
payloads = [
|
|
|
|
# Remote Command Execution
|
|
["eval","Remote Command Execution",["escapeshellarg","escapeshellcmd"]],
|
|
["popen","Remote Command Execution",["escapeshellarg","escapeshellcmd"]],
|
|
["system","Remote Command Execution",["escapeshellarg","escapeshellcmd"]],
|
|
["passthru","Remote Command Execution",["escapeshellarg","escapeshellcmd"]],
|
|
["exec","Remote Command Execution",["escapeshellarg","escapeshellcmd"]],
|
|
["shell_exec","Remote Command Execution",["escapeshellarg","escapeshellcmd"]],
|
|
["assert","Remote Command Execution",["escapeshellarg","escapeshellcmd"]],
|
|
["proc_open","Remote Command Execution",["escapeshellarg","escapeshellcmd"]],
|
|
["call_user_func","Remote Code Execution",[]],
|
|
["call_user_func_array","Remote Code Execution",[]],
|
|
["preg_replace","Remote Command Execution",["preg_quote"]],
|
|
["ereg_replace","Remote Command Execution",["preg_quote"]],
|
|
["eregi_replace","Remote Command Execution",["preg_quote"]],
|
|
["mb_ereg_replace","Remote Command Execution",["preg_quote"]],
|
|
["mb_eregi_replace","Remote Command Execution",["preg_quote"]],
|
|
|
|
# File Inclusion / Path Traversal
|
|
["virtual","File Inclusion",[]],
|
|
["include","File Inclusion",[]],
|
|
["require","File Inclusion",[]],
|
|
["include_once","File Inclusion",[]],
|
|
["require_once","File Inclusion",[]],
|
|
|
|
["readfile","File Inclusion / Path Traversal",[]],
|
|
["file_get_contents","File Inclusion / Path Traversal",[]],
|
|
["show_source","File Inclusion / Path Traversal",[]],
|
|
["fopen","File Inclusion / Path Traversal",[]],
|
|
["file","File Inclusion / Path Traversal",[]],
|
|
["fpassthru","File Inclusion / Path Traversal",[]],
|
|
["gzopen","File Inclusion / Path Traversal",[]],
|
|
["gzfile","File Inclusion / Path Traversal",[]],
|
|
["gzpassthru","File Inclusion / Path Traversal",[]],
|
|
["readgzfile","File Inclusion / Path Traversal",[]],
|
|
|
|
# MySQL(i) SQL Injection
|
|
["mysql_query","SQL Injection",["mysql_real_escape_string"]],
|
|
["mysqli_multi_query","SQL Injection",["mysql_real_escape_string"]],
|
|
["mysqli_send_query","SQL Injection",["mysql_real_escape_string"]],
|
|
["mysqli_master_query","SQL Injection",["mysql_real_escape_string"]],
|
|
["mysqli_master_query","SQL Injection",["mysql_real_escape_string"]],
|
|
["mysql_unbuffered_query","SQL Injection",["mysql_real_escape_string"]],
|
|
["mysql_db_query","SQL Injection",["mysql_real_escape_string"]],
|
|
["mysqli::real_query","SQL Injection",["mysql_real_escape_string"]],
|
|
["mysqli_real_query","SQL Injection",["mysql_real_escape_string"]],
|
|
["mysqli::query","SQL Injection",["mysql_real_escape_string"]],
|
|
["mysqli_query","SQL Injection",["mysql_real_escape_string"]],
|
|
|
|
# PostgreSQL Injection
|
|
["pg_query","SQL Injection",["pg_escape_string","pg_pconnect","pg_connect"]],
|
|
["pg_send_query","SQL Injection",["pg_escape_string","pg_pconnect","pg_connect"]],
|
|
|
|
# SQLite SQL Injection
|
|
["sqlite_array_query","SQL Injection",["sqlite_escape_string"]],
|
|
["sqlite_exec","SQL Injection",["sqlite_escape_string"]],
|
|
["sqlite_query","SQL Injection",["sqlite_escape_string"]],
|
|
["sqlite_single_query","SQL Injection",["sqlite_escape_string"]],
|
|
["sqlite_unbuffered_query","SQL Injection",["sqlite_escape_string"]],
|
|
|
|
# PDO SQL Injection
|
|
["->arrayQuery","SQL Injection",["->prepare"]],
|
|
["->query","SQL Injection",["->prepare"]],
|
|
["->queryExec","SQL Injection",["->prepare"]],
|
|
["->singleQuery","SQL Injection",["->prepare"]],
|
|
["->querySingle","SQL Injection",["->prepare"]],
|
|
["->exec","SQL Injection",["->prepare"]],
|
|
["->execute","SQL Injection",["->prepare"]],
|
|
["->unbufferedQuery","SQL Injection",["->prepare"]],
|
|
["->real_query","SQL Injection",["->prepare"]],
|
|
["->multi_query","SQL Injection",["->prepare"]],
|
|
["->send_query","SQL Injection",["->prepare"]],
|
|
|
|
# Cubrid SQL Injection
|
|
["cubrid_unbuffered_query","SQL Injection",["cubrid_real_escape_string"]],
|
|
["cubrid_query","SQL Injection",["cubrid_real_escape_string"]],
|
|
|
|
# MSSQL SQL Injection : Warning there is not any real_escape_string
|
|
["mssql_query","SQL Injection",["mssql_escape"]],
|
|
|
|
# File Upload
|
|
["move_uploaded_file","File Upload",[]],
|
|
|
|
# Cross Site Scripting
|
|
["echo","Cross Site Scripting",["htmlentities","htmlspecialchars"]],
|
|
["print","Cross Site Scripting",["htmlentities","htmlspecialchars"]],
|
|
["printf","Cross Site Scripting",["htmlentities","htmlspecialchars"]],
|
|
|
|
# XPATH and LDAP
|
|
["xpath","XPATH Injection",[]],
|
|
["ldap_search","LDAP Injection",["Zend_Ldap","ldap_escape"]],
|
|
|
|
# Insecure E-Mail
|
|
["mail", "Insecure E-mail",[]],
|
|
|
|
# PHP Objet Injection
|
|
["unserialize", "PHP Object Injection",[]],
|
|
|
|
# Header Injection
|
|
["header","Header Injection",[]],
|
|
["HttpMessage::setHeaders","Header Injection",[]],
|
|
["HttpRequest::setHeaders","Header Injection",[]],
|
|
|
|
# URL Redirection
|
|
["http_redirect","URL Redirection",[]],
|
|
["HttpMessage::setResponseCode","URL Redirection",[]],
|
|
|
|
]
|