本文整理汇总了PHP中Logger::lwrite方法的典型用法代码示例。如果您正苦于以下问题:PHP Logger::lwrite方法的具体用法?PHP Logger::lwrite怎么用?PHP Logger::lwrite使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类Logger的用法示例。
在下文中一共展示了Logger::lwrite方法的14个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: emailPdfToUser
function emailPdfToUser($fileName, $username, $email, $testId)
{
connectToDb($db);
updateStatus($db, "Emailing PDF report to {$email}...", $testId);
$log = new Logger();
$log->lfile('logs/eventlogs');
$log->lwrite("Starting email PDF function for test: {$testId}");
if (file_exists($fileName)) {
$log->lwrite("File: {$fileName} exists");
$fileatt = $fileName;
// Path to the file
$fileatt_type = "application/pdf";
// File Type
$fileatt_name = 'Test_' . $testId . '.pdf';
// Filename that will be used for the file as the attachment
$email_from = "webvulscan@gmail.com";
// Who the email is from, don't think this does anything
$email_subject = "WebVulScan Detailed Report";
// The Subject of the email
$email_message = "Hello {$username},<br><br>";
$email_message .= 'Thank you for scanning with WebVulScan. Please find the scan results attached in the PDF report.<br><br>';
$email_message .= 'Please reply to this email if you have any questions.<br><br>';
$email_message .= 'Kind Regards,<br><br>';
$email_message .= 'WebVulScan Team<br>';
$email_to = $email;
// Who the email is to
$headers = "From: " . $email_from;
$file = fopen($fileatt, 'rb');
$data = fread($file, filesize($fileatt));
fclose($file);
$semi_rand = md5(time());
$mime_boundary = "==Multipart_Boundary_x{$semi_rand}x";
$headers .= "\nMIME-Version: 1.0\n" . "Content-Type: multipart/mixed;\n" . " boundary=\"{$mime_boundary}\"";
$email_message .= "This is a multi-part message in MIME format.\n\n" . "--{$mime_boundary}\n" . "Content-Type:text/html; charset=\"iso-8859-1\"\n" . "Content-Transfer-Encoding: 7bit\n\n" . ($email_message .= "\n\n");
$data = chunk_split(base64_encode($data));
$email_message .= "--{$mime_boundary}\n" . "Content-Type: {$fileatt_type};\n" . " name=\"{$fileatt_name}\"\n" . "Content-Transfer-Encoding: base64\n\n" . ($data .= "\n\n" . "--{$mime_boundary}--\n");
$mailSent = mail($email_to, $email_subject, $email_message, $headers);
if ($mailSent) {
$log->lwrite("{$fileName} successfully sent to {$email}");
} else {
$log->lwrite("There was a problem sending {$fileName} to {$email}");
}
} else {
$log->lwrite("File: {$fileName} does not exist");
}
}示例2: testDirectObjectRefs
function testDirectObjectRefs($arrayOfURLs, $testId)
{
connectToDb($db);
updateStatus($db, "Testing all URLs for Insecure Direct Object References...", $testId);
$log = new Logger();
$log->lfile('logs/eventlogs');
$log->lwrite("Identifying which URLs have parameters");
$log->lwrite("All URLs found during crawl:");
$urlsWithParameters = array();
foreach ($arrayOfURLs as $currentUrl) {
$log->lwrite($currentUrl);
if (strpos($currentUrl, "?")) {
array_push($urlsWithParameters, $currentUrl);
}
}
$log->lwrite("URLs with parameters:");
foreach ($urlsWithParameters as $currentUrl) {
$log->lwrite($currentUrl);
}
$log->lwrite("Testing each URL that has parameters");
foreach ($urlsWithParameters as $currentUrl) {
$parsedUrl = parse_url($currentUrl);
if ($parsedUrl) {
$query = $parsedUrl['query'];
$parameters = array();
parse_str($query, $parameters);
foreach ($parameters as $para) {
if (preg_match('/\\.([^\\.]+)$/', $para)) {
//Check if this vulnerability has already been found and added to DB. If it hasn't, add it to DB.
$tableName = 'test' . $testId;
$query = "SELECT * FROM test_results WHERE test_id = {$testId} AND type = 'idor' AND method = 'get' AND url = '{$currentUrl}' AND attack_str = '{$para}'";
$result = $db->query($query);
if (!$result) {
$log->lwrite("Could not execute query {$query}");
} else {
$log->lwrite("Successfully executed query {$query}");
$numRows = $result->num_rows;
if ($numRows == 0) {
$log->lwrite("Number of rows is {$numRows} for query: {$query}");
insertTestResult($db, $testId, 'idor', 'get', $currentUrl, $para);
}
}
}
}
} else {
$log->lwrite("Could not parse malformed URL: {$currentUrl}");
}
}
}示例3: testAuthenticationSQLi
function testAuthenticationSQLi($urlToCheck, $urlOfSite, $testId)
{
connectToDb($db);
updateStatus($db, "Testing {$urlToCheck} for Broken Authentication using SQL Injection...", $testId);
$log = new Logger();
$log->lfile('logs/eventlogs');
$log->lwrite("Starting Broken Authentication SQLi test function on {$urlToCheck}");
$postUrl = $urlToCheck;
$postUrlPath = parse_url($postUrl, PHP_URL_PATH);
//Check URL is not responding with 5xx codes
$log->lwrite("Checking what response code is received from {$urlToCheck}");
$http = new http_class();
$http->timeout = 0;
$http->data_timeout = 0;
//$http->debug=1;
$http->user_agent = "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)";
$http->follow_redirect = 1;
$http->redirection_limit = 5;
$http->setTestId($testId);
$error = $http->GetRequestArguments($urlToCheck, $arguments);
$error = $http->Open($arguments);
$log->lwrite("URL to be requested is: {$urlToCheck}");
if ($error == "") {
$log->lwrite("Sending HTTP request to {$urlToCheck}");
$error = $http->SendRequest($arguments);
if ($error == "") {
$headers = array();
$error = $http->ReadReplyHeaders($headers);
if ($error == "") {
$responseCode = $http->response_status;
//This is a string
$log->lwrite("Received response code: {$responseCode}");
if (intval($responseCode) >= 500 && intval($responseCode) < 600) {
$log->lwrite("Response code: {$responseCode} received from: {$urlToCheck}");
return;
}
}
}
$http->Close();
}
if (strlen($error)) {
echo "<H2 align=\"center\">Error: ", $error, "</H2>\n";
$log->lwrite("Error: {$error}");
}
$html = file_get_html($postUrl, $testId);
if (empty($html)) {
//This can happen due to file_get_contents returning a 500 code. Then the parser won't parse it
updateStatus($db, "Problem getting contents from {$urlToCheck}...", $testId);
$log->lwrite("Problem getting contents from {$urlToCheck}");
return;
}
//Array containing all form objects found
$arrayOfForms = array();
//Array containing all input fields
$arrayOfInputFields = array();
$log->lwrite("Searching {$postUrl} for forms");
$formNum = 1;
//Must use an integer to identify form as forms could have same names and ids
foreach ($html->find('form') as $form) {
isset($form->attr['id']) ? $formId = htmlspecialchars($form->attr['id']) : ($formId = '');
isset($form->attr['name']) ? $formName = htmlspecialchars($form->attr['name']) : ($formName = '');
isset($form->attr['method']) ? $formMethod = htmlspecialchars($form->attr['method']) : ($formMethod = 'get');
isset($form->attr['action']) ? $formAction = htmlspecialchars($form->attr['action']) : ($formAction = '');
$formMethod = strtolower($formMethod);
//If the action of the form is empty, set the action equal to everything
//after the URL that the user entered
if (empty($formAction)) {
$strLengthUrl = strlen($urlToCheck);
$strLengthSite = strlen($urlOfSite);
$firstIndexOfSlash = strpos($urlToCheck, '/', $strLengthSite - 1);
$formAction = substr($urlToCheck, $firstIndexOfSlash + 1, $strLengthUrl);
}
$log->lwrite("Found form on {$postUrl}: {$formId} {$formName} {$formMethod} {$formAction} {$formNum}");
$newForm = new Form($formId, $formName, $formMethod, $formAction, $formNum);
array_push($arrayOfForms, $newForm);
foreach ($form->find('input') as $input) {
isset($input->attr['id']) ? $inputId = htmlspecialchars($input->attr['id']) : ($inputId = '');
isset($input->attr['name']) ? $inputName = htmlspecialchars($input->attr['name']) : ($inputName = '');
isset($input->attr['value']) ? $inputValue = htmlspecialchars($input->attr['value']) : ($inputValue = '');
isset($input->attr['type']) ? $inputType = htmlspecialchars($input->attr['type']) : ($inputType = '');
$log->lwrite("Found input field on {$postUrl}: {$inputId} {$inputName} {$formId} {$formName} {$inputValue} {$inputType} {$formNum}");
$inputField = new InputField($inputId, $inputName, $formId, $formName, $inputValue, $inputType, $formNum);
array_push($arrayOfInputFields, $inputField);
}
$formNum++;
}
//At this stage, we should have captured all forms and their input fields into the appropriate arrays
//Begin testing each of the forms
//Defintion of all payloads used and warnings to examine for
//Payloads can be added to this
$arrayOfPayloads = array("1'or'1'='1", "1'or'1'='1';#");
//Check if the URL passed into this function displays the same webpage at different intervals
//If it does then attempt to login and if this URL displays a different page, the vulnerability is present
//e.g. a login page would always look different when you are and are not logged in
$log->lwrite("Checking if {$urlToCheck} displays the same page at different intervals");
$responseBodies = array();
$http = new http_class();
$http->timeout = 0;
$http->data_timeout = 0;
//$http->debug=1;
//.........这里部分代码省略.........
示例4: testDirectoryListingEnabled
function testDirectoryListingEnabled($urlToScan, $siteBeingTested, $testId, $crawlUrlFlag)
{
connectToDb($db);
updateStatus($db, "Testing for {$urlToScan} for Directory Listing enabled...", $testId);
$log = new Logger();
$log->lfile('logs/eventlogs');
$log->lwrite("Testing for {$urlToScan} for Directory Listing enabled");
if ($crawlUrlFlag) {
//Perform crawl again but allow images, etc. this time to capture every URL
$crawlerNew =& new MyCrawler();
$crawlerNew->setURL($urlToScan);
$crawlerNew->setTestId($testId);
$crawlerNew->addReceiveContentType("/text\\/html/");
$crawlerNew->setCookieHandling(true);
$crawlerNew->setFollowMode(3);
$log->lwrite("Crawling {$urlToScan} again for all links including images, css, etc, in order to identify directories");
$crawlerNew->go();
$urlsFound = $crawlerNew->urlsFound;
$logStr = sizeof($urlsFound) . ' URLs found for test: ' . $testId;
$log->lwrite("All URLs found during crawl for directory listing check:");
foreach ($urlsFound as $currentUrl) {
$log->lwrite($currentUrl);
}
$relativePathUrls = array();
foreach ($urlsFound as $currentUrl) {
$currentUrl = str_replace($urlToScan, '', $currentUrl);
array_push($relativePathUrls, $currentUrl);
}
$directories = array();
//Check if relative path contain a directory and if they do, add it to a list of directories
foreach ($relativePathUrls as $relativePathUrl) {
if (dirname($relativePathUrl) != '.') {
$dir = dirname($relativePathUrl);
if (!in_array($dir, $directories) && !empty($dir) && !strpos($dir, '?')) {
array_push($directories, $dir);
$log->lwrite("Found directory {$dir}");
}
}
}
} else {
$directories = array(1);
}
//Just need to make an array of size one so the for loop below iterates once
$http = new http_class();
$http->timeout = 0;
$http->data_timeout = 0;
//$http->debug=1;
$http->user_agent = "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)";
$http->follow_redirect = 1;
$http->redirection_limit = 5;
$http->setTestId($testId);
//Regular expressions that will indicate directory listing is enabled
$regexs = array("/Parent Directory/", "/\\bDirectory Listing\\b.*(Tomcat|Apache)/", "/Parent directory/", "/\\bDirectory\\b/", "/[\\s<]+IMG\\s*=/");
//General
foreach ($directories as $directory) {
if ($crawlUrlFlag) {
$testUrl = $urlToScan . $directory . '/';
} else {
$testUrl = $siteBeingTested;
}
$error = $http->GetRequestArguments($testUrl, $arguments);
$error = $http->Open($arguments);
$log->lwrite("URL to be requested is: {$testUrl}");
if ($error == "") {
$log->lwrite("Sending HTTP request to {$testUrl}");
$error = $http->SendRequest($arguments);
if ($error == "") {
$headers = array();
$error = $http->ReadReplyHeaders($headers);
if ($error == "") {
$responseCode = $http->response_status;
//This is a string
$log->lwrite("Received response code: {$responseCode}");
if (intval($responseCode) >= 200 && intval($responseCode) < 300) {
$vulnerabilityFound = false;
$error = $http->ReadWholeReplyBody($body);
if (strlen($error) == 0) {
$indicatorStr = '';
if (preg_match($regexs[0], $body)) {
$vulnerabilityFound = true;
$indicatorStr = $regexs[0];
} else {
if (preg_match($regexs[1], $body)) {
$vulnerabilityFound = true;
$indicatorStr = $regexs[1];
} else {
if (preg_match($regexs[2], $body)) {
$vulnerabilityFound = true;
$indicatorStr = $regexs[2];
} else {
if (preg_match($regexs[3], $body)) {
if (preg_match($regexs[4], $body)) {
$vulnerabilityFound = true;
$indicatorStr = $regexs[3] . ' and ' . $regexs[4];
}
}
}
}
}
if ($vulnerabilityFound) {
//.........这里部分代码省略.........
示例5: createPdfReport
function createPdfReport($testId, &$fileName)
{
connectToDb($db);
updateStatus($db, "Generating PDF report for test: {$testId}...", $testId);
$log = new Logger();
$log->lfile('logs/eventlogs');
$log->lwrite("Starting PDF generator function for test: {$testId}");
// create new PDF document
$pdf = new TCPDF(PDF_PAGE_ORIENTATION, PDF_UNIT, PDF_PAGE_FORMAT, true, 'UTF-8', false);
// set document information
$pdf->SetCreator(PDF_CREATOR);
$pdf->SetAuthor('WebVulScan');
$pdf->SetTitle('Report for Test: ' . $testId);
$pdf->SetSubject('Vulnerabilities Found');
// set default header data
date_default_timezone_set('UTC');
$now = date('l jS F Y h:i:s A');
$headerStr = "Test ID: {$testId}\n{$now}";
$pdf->SetHeaderData(PDF_HEADER_LOGO, PDF_HEADER_LOGO_WIDTH, 'Website Vulnerability Scaner', $headerStr);
// set header and footer fonts
$pdf->setHeaderFont(array(PDF_FONT_NAME_MAIN, '', PDF_FONT_SIZE_MAIN));
$pdf->setFooterFont(array(PDF_FONT_NAME_DATA, '', PDF_FONT_SIZE_DATA));
// set default monospaced font
$pdf->SetDefaultMonospacedFont(PDF_FONT_MONOSPACED);
//set margins
$pdf->SetMargins(PDF_MARGIN_LEFT, PDF_MARGIN_TOP, PDF_MARGIN_RIGHT);
$pdf->SetHeaderMargin(PDF_MARGIN_HEADER);
$pdf->SetFooterMargin(PDF_MARGIN_FOOTER);
//set auto page breaks
$pdf->SetAutoPageBreak(TRUE, PDF_MARGIN_BOTTOM);
//set image scale factor
$pdf->setImageScale(PDF_IMAGE_SCALE_RATIO);
//set some language-dependent strings
global $l;
$pdf->setLanguageArray($l);
// ---------------------------------------------------------
// set default font subsetting mode
$pdf->setFontSubsetting(true);
// Set font
// dejavusans is a UTF-8 Unicode font, if you only need to
// print standard ASCII chars, you can use core fonts like
// helvetica or times to reduce file size.
$pdf->SetFont('dejavusans', '', 10, '', true);
// Add a page
// This method has several options, check the source code documentation for more information.
$pdf->AddPage();
// Set some content to print
$html = '<br><h1>WebVulScan Detailed Report</h1>';
$pdf->writeHTMLCell($w = 0, $h = 0, $x = '', $y = '', $html, $border = 0, $ln = 1, $fill = 0, $reseth = true, $align = '', $autopadding = true);
$pdf->AddPage();
//Add another page
//Generate Summary
$log->lwrite("Displaying summary in PDF");
$summary = '';
$query = "SELECT * FROM tests WHERE id = {$testId}";
$result = $db->query($query);
if (!$result) {
$log->lwrite("Could not execute query {$query}");
} else {
$log->lwrite("Successfully executed query {$query}");
$row = $result->fetch_object();
$urlsFound = $row->numUrlsFound;
$requestsSent = $row->num_requests_sent;
$startTime = $row->start_timestamp;
$finTime = $row->finish_timestamp;
$targetSite = $row->url;
$startTimeFormatted = date('l jS F Y h:i:s A', $startTime);
$finTimeFormatted = date('l jS F Y h:i:s A', $finTime);
$duration = $finTime - $startTime;
$mins = intval($duration / 60);
$seconds = $duration % 60;
$secondsStr = strval($seconds);
$secondsFormatted = str_pad($secondsStr, 2, "0", STR_PAD_LEFT);
$query = "SELECT * FROM test_results WHERE test_id = {$testId};";
$result = $db->query($query);
$numVulns = 0;
if ($result) {
$numVulns = $result->num_rows;
} else {
$log->lwrite("Could not execute query {$query}");
}
//Populate vulnerability types into a list for use when calculating pie chart dimensions
$vulnTypes = array();
for ($i = 0; $i < $numVulns; $i++) {
$row = $result->fetch_object();
$type = $row->type;
array_push($vulnTypes, $type);
}
$summary .= '<table>';
$summary .= "<tr><td>Target Site:</td><td>{$targetSite}</td></tr>";
$summary .= "<tr><td>Start Date/Time:</td><td>{$startTimeFormatted}</td></tr>";
$summary .= "<tr><td>Finish Date/Time:</td><td>{$finTimeFormatted}</td></tr>";
$summary .= "<tr><td>Duration:</td><td>{$mins} minutes and {$secondsFormatted} seconds</td></tr>";
$summary .= "<tr><td>Report Generated on:</td><td>{$now}</td></tr>";
$summary .= "<tr><td>No. URLs Found:</td><td>{$urlsFound}</td></tr>";
$summary .= "<tr><td>No. Vulnerabilites Found:</td><td>{$numVulns}</td></tr>";
$summary .= "<tr><td>No. HTTP Requests Sent:</td><td>{$requestsSent}</td></tr>";
$summary .= '</table>';
}
$html = '<h2>Summary</h2>' . $summary;
//.........这里部分代码省略.........
示例6: testForReflectedXSS
function testForReflectedXSS($urlToCheck, $urlOfSite, $testId)
{
connectToDb($db);
updateStatus($db, "Testing {$urlToCheck} for Reflected Cross-Site Scripting...", $testId);
$log = new Logger();
$log->lfile('logs/eventlogs');
$log->lwrite("Starting Reflected XXS test function on {$urlToCheck}");
$postUrl = $urlToCheck;
$postUrlPath = parse_url($postUrl, PHP_URL_PATH);
//Check URL is not responding with 5xx codes
$log->lwrite("Checking what response code is received from {$urlToCheck}");
$http = new http_class();
$http->timeout = 0;
$http->data_timeout = 0;
//$http->debug=1;
$http->user_agent = "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)";
$http->follow_redirect = 1;
$http->redirection_limit = 5;
$http->setTestId($testId);
$error = $http->GetRequestArguments($urlToCheck, $arguments);
$error = $http->Open($arguments);
$log->lwrite("URL to be requested is: {$urlToCheck}");
if ($error == "") {
$log->lwrite("Sending HTTP request to {$urlToCheck}");
$error = $http->SendRequest($arguments);
if ($error == "") {
$headers = array();
$error = $http->ReadReplyHeaders($headers);
if ($error == "") {
$responseCode = $http->response_status;
//This is a string
$log->lwrite("Received response code: {$responseCode}");
if (intval($responseCode) >= 500 && intval($responseCode) < 600) {
$log->lwrite("Response code: {$responseCode} received from: {$urlToCheck}");
return;
}
}
}
$http->Close();
}
if (strlen($error)) {
echo "<H2 align=\"center\">Error: ", $error, "</H2>\n";
$log->lwrite("Error: {$error}");
}
$html = file_get_html($postUrl, $testId);
if (empty($html)) {
//This can happen due to file_get_contents returning a 500 code. Then the parser won't parse it
$log->lwrite("Problem getting contents from {$urlToCheck}");
return;
}
//Submit these
//If adding string to this array, add a corresponding string (to look for in response), with he same index, in the array below
//The response to look for can be the same as the payload or different.
$payloads = array('<webvulscan>', 'javascript:alert(webvulscan)');
//Look for these in response after submitting corresponding payload
$harmfulResponses = array('<webvulscan>', 'src="javascript:alert(webvulscan)"');
//First check does the URL passed into this function contain parameters and submit payloads as those parameters if it does
$parsedUrl = parse_url($urlToCheck);
$log->lwrite("Check if {$urlToCheck} contains parameters");
if ($parsedUrl) {
if (isset($parsedUrl['query'])) {
$log->lwrite("{$urlToCheck} does contain parameters");
$scheme = $parsedUrl['scheme'];
$host = $parsedUrl['host'];
$path = $parsedUrl['path'];
$query = $parsedUrl['query'];
parse_str($query, $parameters);
$originalQuery = $query;
$payloadIndex = 0;
foreach ($payloads as $currentPayload) {
$http = new http_class();
$http->timeout = 0;
$http->data_timeout = 0;
//$http->debug=1;
$http->user_agent = "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)";
$http->follow_redirect = 1;
$http->redirection_limit = 5;
$http->setTestId($testId);
foreach ($parameters as $para) {
$query = $originalQuery;
$newQuery = str_replace($para, $currentPayload, $query);
$query = $newQuery;
$testUrl = $scheme . '://' . $host . $path . '?' . $query;
$log->lwrite("URL to be requested is: {$testUrl}");
$error = $http->GetRequestArguments($testUrl, $arguments);
$error = $http->Open($arguments);
echo "<br>Sending HTTP request to " . htmlspecialchars($testUrl) . "<br>";
if ($error == "") {
$log->lwrite("Sending HTTP request to {$testUrl}");
$error = $http->SendRequest($arguments);
if ($error == "") {
$headers = array();
$error = $http->ReadReplyHeaders($headers);
if ($error == "") {
$error = $http->ReadWholeReplyBody($body);
if (strlen($error) == 0) {
$indicatorStr = $harmfulResponses[$payloadIndex];
if (stripos($body, $indicatorStr)) {
echo '<br>Reflected XSS Present!<br>Query: ' . HtmlSpecialChars($urlToCheck) . '<br>';
echo 'Method: GET <br>';
//.........这里部分代码省略.........
示例7: testHttpBannerDisclosure
function testHttpBannerDisclosure($urlToCheck, $testId)
{
connectToDb($db);
updateStatus($db, "Testing {$urlToCheck} for HTTP Banner Disclosure...", $testId);
$log = new Logger();
$log->lfile('logs/eventlogs');
$log->lwrite("Starting HTTP Banner Disclosure test function on {$urlToCheck}");
$http = new http_class();
$http->timeout = 0;
$http->data_timeout = 0;
//$http->debug=1;
$http->user_agent = "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)";
$http->follow_redirect = 1;
$http->redirection_limit = 5;
$http->setTestId($testId);
$error = $http->GetRequestArguments($urlToCheck, $arguments);
$error = $http->Open($arguments);
$log->lwrite("URL to be requested is: {$urlToCheck}");
//TODO: add more to these arrays
$serverHeaders = array('Apache', 'Win32', 'mod_ssl', 'OpenSSL', 'PHP', 'mod_perl', 'Perl', 'Ubuntu', 'Python', 'mod_python', 'Microsoft', 'IIS', 'Unix', 'Linux');
$xPowByHeaders = array('PHP', 'ASP', 'NET', 'JSP', 'JBoss', 'Perl', 'Python');
if ($error == "") {
$log->lwrite("Sending HTTP request to {$urlToCheck}");
$error = $http->SendRequest($arguments);
if ($error == "") {
$headers = array();
$error = $http->ReadReplyHeaders($headers);
if ($error == "") {
if (isset($headers['server'])) {
$serverHeader = $headers['server'];
foreach ($serverHeaders as $currentHeader) {
if (stripos($serverHeader, $currentHeader) !== false) {
echo "<br>Found {$currentHeader} in {$serverHeader}";
echo '<br>HTTP Banner Disclosure Present!<br>Url: ' . $urlToCheck . '<br>';
echo 'Method: GET <br>';
echo 'Url Requested: ' . $urlToCheck . '<br>';
echo 'Info Disclosed: Server: ' . $serverHeader . '<br>';
$tableName = 'test' . $testId;
//Check if this vulnerability has already been found and added to DB. If it hasn't, add it to DB.
$query = "SELECT * FROM test_results WHERE test_id = {$testId} AND type = 'bannerdis' AND method = 'get' AND url = '{$urlToCheck}' AND attack_str = '{$serverHeader}'";
$result = $db->query($query);
if (!$result) {
$log->lwrite("Could not execute query {$query}");
} else {
$log->lwrite("Successfully executed query {$query}");
$numRows = $result->num_rows;
if ($numRows == 0) {
$log->lwrite("Number of rows is {$numRows} for query: {$query}");
insertTestResult($db, $testId, 'bannerdis', 'get', $urlToCheck, $serverHeader);
}
}
break;
}
}
} else {
$log->lwrite("Server header for {$urlToCheck} is empty");
echo "Server header for {$urlToCheck} is empty<br>";
}
if (isset($headers['x-powered-by'])) {
$xPowByHeader = $headers['x-powered-by'];
foreach ($xPowByHeaders as $currentHeader) {
if (stripos($xPowByHeader, $currentHeader) !== false) {
//The echo's here are for testing/debugging the function on its own
echo "<br>Found {$currentHeader} in {$xPowByHeader} ";
echo '<br>HTTP Banner Disclosure Present!<br>Url: ' . $urlToCheck . '<br>';
echo 'Method: GET <br>';
echo 'Url Requested: ' . $urlToCheck . '<br>';
echo 'Info Disclosed: X-Powered-by: ' . $xPowByHeader . '<br>';
$tableName = 'test' . $testId;
//Check if this vulnerability has already been found and added to DB. If it hasn't, add it to DB.
$query = "SELECT * FROM test_results WHERE test_id = {$testId} AND type = 'bannerdis' AND method = 'get' AND url = '{$urlToCheck}' AND attack_str = '{$xPowByHeader}'";
$result = $db->query($query);
if (!$result) {
$log->lwrite("Could not execute query {$query}");
} else {
$log->lwrite("Successfully executed query {$query}");
$numRows = $result->num_rows;
if ($numRows == 0) {
$log->lwrite("Number of rows is {$numRows} for query: {$query}");
insertTestResult($db, $testId, 'bannerdis', 'get', $urlToCheck, $xPowByHeader);
}
}
break;
}
}
} else {
$log->lwrite("X-Powered-by header for {$urlToCheck} is empty");
echo "X-Powered-by header for {$urlToCheck} is empty<br>";
}
}
}
$http->Close();
}
if (strlen($error)) {
echo "<H2 align=\"center\">Error: ", $error, "</H2>\n";
$log->lwrite("Error: {$error}");
}
}示例8: testSslCertificate
function testSslCertificate($urlsToTest, $testId)
{
connectToDb($db);
updateStatus($db, "Testing {$urlsToTest} for untrustworthy SSL certificates...", $testId);
$log = new Logger();
$log->lfile('logs/eventlogs');
$log->lwrite("Starting SSL certificate verification function on {$urlsToTest}");
//Identify which URLs, if any, begin with https
$log->lwrite("Identifying which URLs, if any, begin with HTTPS");
updateStatus($db, "Identifying which URLs, if any, begin with HTTPS...", $testId);
$usingHttps = false;
$httpsUrl = '';
foreach ($urlsToTest as $currentUrl) {
if (substr($currentUrl, 0, 5) == 'https') {
$usingHttps = true;
$httpsUrl = $currentUrl;
echo "https url = {$currentUrl} <br>";
$log->lwrite("Found HTTPS URL: {$currentUrl}");
break;
}
}
if ($usingHttps) {
//Check if Mozilla's cacert.pem file is online and update our version of it if needed
$log->lwrite("Checking if cacert.pem is up to date");
$http = new http_class();
$http->timeout = 0;
$http->data_timeout = 0;
//$http->debug=1;
$http->user_agent = "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)";
$http->follow_redirect = 1;
$http->redirection_limit = 5;
$cacertsUrl = "http://curl.haxx.se/ca/cacert.pem";
$error = $http->GetRequestArguments($cacertsUrl, $arguments);
$error = $http->Open($arguments);
$log->lwrite("URL to be requested is: {$cacertsUrl}");
if ($error == "") {
$log->lwrite("Sending HTTP request to {$cacertsUrl}");
$error = $http->SendRequest($arguments);
if ($error == "") {
$headers = array();
$error = $http->ReadReplyHeaders($headers);
if ($error == "") {
$responseCode = $http->response_status;
//This is a string
$log->lwrite("Received response code: {$responseCode}");
if (intval($responseCode) == 200) {
//Update cacerts.pem file
$cacerts = file_get_contents($cacertsUrl);
$oldCacerts = file_get_contents('tests/cacert.pem');
if ($cacerts != $oldCacerts) {
file_put_contents('tests/cacert.pem', $cacerts);
$log->lwrite("cacert.pem file updated");
} else {
$log->lwrite("cacert.pem is already up to date so was not updated");
}
} else {
$log->lwrite("Problem accessing Mozilla's URL containing cacert.pem file");
}
}
}
}
// Initialize session and set URL.
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $httpsUrl);
// Set so curl_exec returns the result instead of outputting it.
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$user_agent = "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)";
curl_setopt($ch, CURLOPT_USERAGENT, $user_agent);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
//Check server's certificate against certificates specified in .pem file below
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
//If last parameter is 1, checks the SSL certificate for a comman name (the domain of the site sometimes specified in the certificate), e.g. the site that acquired the certificate
//If last parameter is 2, checks for the common name and, if it exists, checks that it matches the hostname provided
//Default is 2
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
//Using Mozillas certificate file with trusted certificates
curl_setopt($ch, CURLOPT_CAINFO, getcwd() . "/cacert.pem");
// Get the response and close the channel.
$response = curl_exec($ch);
if ($db) {
incrementHttpRequests($db, $testId);
}
if (empty($response)) {
//The echo's here are for testing/debugging the function on its own
echo '<br>SSL Certificate is not trusted!<br>Url: ' . $httpsUrl . '<br>';
echo 'Method: GET <br>';
//echo 'Url Requested: ' . $testUrl . '<br>';
echo 'Error: ' . curl_error($ch) . '<br>';
$tableName = 'test' . $testId;
//Check if this vulnerability has already been found and added to DB. If it hasn't, add it to DB.
$query = "SELECT * FROM test_results WHERE test_id = {$testId} AND type = 'sslcert' AND method = 'get' AND url = '{$httpsUrl}' AND attack_str = '{$httpsUrl}'";
$result = $db->query($query);
if (!$result) {
$log->lwrite("Could not execute query {$query}");
} else {
$log->lwrite("Successfully executed query {$query}");
$numRows = $result->num_rows;
if ($numRows == 0) {
$log->lwrite("Number of rows is {$numRows} for query: {$query}");
insertTestResult($db, $testId, 'sslcert', 'get', $httpsUrl, $httpsUrl);
//.........这里部分代码省略.........
示例9: trim
<form id="form1" name="form1" method="post" >
<p>Enter URL to crawl:</p>
<p>
<label for="urlToCrawl"></label>
<input type="text" size="40" name="urlToCrawl" id="urlToCrawl" />
</p>
<p>
<input type="submit" class="button" name="submit" id="submit" value="Start Crawl" />
</p>
</form>';
if (isset($_POST['urlToCrawl'])) {
$urlToCrawl = trim($_POST['urlToCrawl']);
if (!empty($urlToCrawl)) {
$log = new Logger();
$log->lfile('crawler/logs/eventlogs');
$log->lwrite('Connecting to database');
$connectionFlag = connectToDb($db);
if (!$connectionFlag) {
$log->lwrite('Error connecting to database');
echo 'Error connecting to database';
return;
}
$log->lwrite('Generating next test ID');
$nextId = generateNextTestId($db);
if (!$nextId) {
$log->lwrite('Next ID generated is null');
echo 'Next ID generated is null';
return;
} else {
$log->lwrite("Next ID generated is {$nextId}");
$testId = $nextId;示例10: Logger
require_once $currentDir . 'tests/testForReflectedXSS.php';
require_once $currentDir . 'tests/testForStoredXSS.php';
require_once $currentDir . 'tests/testForSQLi.php';
require_once $currentDir . 'tests/testDirectObjectRefs.php';
require_once $currentDir . 'tests/testAuthenticationSQLi.php';
require_once $currentDir . 'tests/testUnvalidatedRedirects.php';
require_once $currentDir . 'tests/testDirectoryListingEnabled.php';
require_once $currentDir . 'tests/testHttpBannerDisclosure.php';
require_once $currentDir . 'tests/testAutoComplete.php';
require_once $currentDir . 'tests/testSslCertificate.php';
//Include PDF generator
require_once $currentDir . 'classes/tcpdf/config/lang/eng.php';
require_once $currentDir . 'classes/tcpdf/tcpdf.php';
$log = new Logger();
$log->lfile($currentDir . 'logs/eventlogs');
$log->lwrite('Connecting to database');
$connectionFlag = connectToDb($db);
isset($_POST['specifiedUrl']) ? $urlToScan = $_POST['specifiedUrl'] : ($urlToScan = '');
isset($_POST['testId']) ? $testId = $_POST['testId'] : ($testId = 0);
isset($_POST['username']) ? $username = $_POST['username'] : ($username = 'User');
isset($_POST['email']) ? $email = $_POST['email'] : ($email = 'webvulscan@gmail.com');
//admin address
isset($_POST['testCases']) ? $testCases = $_POST['testCases'] : ($testCases = '');
//admin address
if (empty($urlToScan)) {
echo 'urlToScan is empty';
$log->lfile('urlToScan is empty');
return;
}
if (stripos($urlToScan, 'http') !== 0) {
$urlToScan = 'http://' . $urlToScan;示例11: testAutoComplete
function testAutoComplete($urlToCheck, $testId)
{
connectToDb($db);
updateStatus($db, "Testing {$urlToCheck} for autocomplete enabled ...", $testId);
$log = new Logger();
$log->lfile('logs/eventlogs');
$log->lwrite("Starting autocomplete test function on {$urlToCheck}");
//Array containing all input fields
$arrayOfInputFields = array();
$log->lwrite("Searching {$urlToCheck} for input fields");
//Check URL is not responding with 5xx codes
$log->lwrite("Checking what response code is received from {$urlToCheck}");
$http = new http_class();
$http->timeout = 0;
$http->data_timeout = 0;
//$http->debug=1;
$http->user_agent = "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)";
$http->follow_redirect = 1;
$http->redirection_limit = 5;
$http->setTestId($testId);
$error = $http->GetRequestArguments($urlToCheck, $arguments);
$error = $http->Open($arguments);
$log->lwrite("URL to be requested is: {$urlToCheck}");
if ($error == "") {
$log->lwrite("Sending HTTP request to {$urlToCheck}");
$error = $http->SendRequest($arguments);
if ($error == "") {
$headers = array();
$error = $http->ReadReplyHeaders($headers);
if ($error == "") {
$responseCode = $http->response_status;
//This is a string
$log->lwrite("Received response code: {$responseCode}");
if (intval($responseCode) >= 500 && intval($responseCode) < 600) {
$log->lwrite("Response code: {$responseCode} received from: {$urlToCheck}");
return;
}
}
}
$http->Close();
}
if (strlen($error)) {
echo "<H2 align=\"center\">Error: ", $error, "</H2>\n";
$log->lwrite("Error: {$error}");
}
$html = file_get_html($urlToCheck, $testId);
if (empty($html)) {
//This can happen due to file_get_contents returning a 500 code. Then the parser won't parse it
updateStatus($db, "Problem getting contents from {$urlToCheck}...", $testId);
$log->lwrite("Problem getting contents from {$urlToCheck}");
return;
}
foreach ($html->find('input') as $input) {
$vulnerabilityFound = false;
if (isset($input->attr['type'])) {
$inputType = $input->attr['type'];
if ($inputType == 'password') {
if (isset($input->attr['autocomplete'])) {
$inputAutoComplete = $input->attr['autocomplete'];
if (strcasecmp($inputAutoComplete, 'off') != 0) {
$vulnerabilityFound = true;
}
} else {
$vulnerabilityFound = true;
}
if ($vulnerabilityFound) {
$inputName = $input->attr['name'];
echo 'Autocomplete enabled!<br>';
echo 'Method: get <br>';
echo 'Url: $urlToCheck<br>';
echo "Error: Input field with name: {$inputName} is of type: password and does not have autocomplete disabled";
$tableName = 'test' . $testId;
//Check if this vulnerability has already been found and added to DB. If it hasn't, add it to DB.
$query = "SELECT * FROM test_results WHERE test_id = {$testId} AND type = 'autoc' AND method = 'get' AND url = '{$urlToCheck}' AND attack_str = '{$inputName}'";
$result = $db->query($query);
if (!$result) {
$log->lwrite("Could not execute query {$query}");
} else {
$log->lwrite("Successfully executed query {$query}");
$numRows = $result->num_rows;
if ($numRows == 0) {
$log->lwrite("Number of rows is {$numRows} for query: {$query}");
insertTestResult($db, $testId, 'autoc', 'get', $urlToCheck, $inputName);
}
}
}
}
}
}
}示例12: testUnvalidatedRedirects
function testUnvalidatedRedirects($arrayOfUrls, $testId)
{
connectToDb($db);
updateStatus($db, "Testing all URLs for Unvalidated Redirects...", $testId);
$log = new Logger();
$log->lfile('logs/eventlogs');
$log->lwrite("Starting Unvalidated Redirects test function on all URLs");
$http = new http_class();
$http->timeout = 0;
$http->data_timeout = 0;
//$http->debug=1;
$http->user_agent = "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)";
$http->follow_redirect = 0;
$http->setTestId($testId);
//Identify which URLs, if any, cause redirects
$log->lwrite("Identifying which URLs, if any, cause redirects");
updateStatus($db, "Identifying which URLs, if any, cause redirects...", $testId);
$potentiallyVulnUrls = array();
foreach ($arrayOfUrls as $currentUrl) {
$error = $http->GetRequestArguments($currentUrl, $arguments);
$error = $http->Open($arguments);
$log->lwrite("URL to be requested is: {$currentUrl}");
if ($error == "") {
$log->lwrite("Sending HTTP request to {$currentUrl}");
$error = $http->SendRequest($arguments);
if ($error == "") {
$headers = array();
$error = $http->ReadReplyHeaders($headers);
if ($error == "") {
$responseCode = $http->response_status;
//This is a string
$log->lwrite("Received response code: {$responseCode}");
if (intval($responseCode) >= 300 && intval($responseCode) < 400) {
array_push($potentiallyVulnUrls, $currentUrl);
}
}
}
$http->Close();
}
if (strlen($error)) {
echo "<H2 align=\"center\">Error: ", $error, "</H2>\n";
$log->lwrite("Error: {$error}");
}
}
$log->lwrite("Potentially Vulnerable URLs:");
foreach ($potentiallyVulnUrls as $currentUrl) {
$log->lwrite("{$currentUrl}");
}
updateStatus($db, "Beginning testing each potentially vulnerable URL for unvalidated redirects ...", $testId);
$redirectDomain = 'www.whatismyip.com';
foreach ($potentiallyVulnUrls as $currentUrl) {
updateStatus($db, "Testing {$currentUrl} for Unvalidated Redirects...", $testId);
$log->lwrite("Testing {$currentUrl} for unvalidated redirects");
echo "<br>Testing: {$currentUrl} <br>";
$parsedUrl = parse_url($currentUrl);
$query = $parsedUrl['query'];
$parameters = array();
parse_str($query, $parameters);
$newQuery = '';
$query = urldecode($query);
$originalQuery = $query;
if ($parsedUrl) {
foreach ($parameters as $para) {
$query = $originalQuery;
if (stripos($para, 'http') || stripos($para, 'www')) {
if (stripos($para, 'http') === 0) {
$newRedirectDomain = 'http://' . $redirectDomain;
$newQuery = str_replace($para, $newRedirectDomain, $query);
$query = $newQuery;
$newRedirectDomain = '';
} else {
if (stripos($para, 'www') === 0 && !strpos($para, 'http') === 0) {
$newQuery = str_replace($para, $redirectDomain, $query);
$query = $newQuery;
}
}
} else {
$newRedirectDomain = 'http://' . $redirectDomain;
$newQuery = str_replace($para, $newRedirectDomain, $query);
$query = $newQuery;
$newRedirectDomain = '';
}
$scheme = $parsedUrl['scheme'];
$host = $parsedUrl['host'];
$path = $parsedUrl['path'];
$testUrl = $scheme . '://' . $host . $path . '?' . $newQuery;
$log->lwrite("URL to be requested is: {$testUrl}");
$error = $http->GetRequestArguments($testUrl, $arguments);
$error = $http->Open($arguments);
if ($error == "") {
$log->lwrite("Sending HTTP request to {$testUrl}");
$error = $http->SendRequest($arguments);
if ($error == "") {
$headers = array();
$error = $http->ReadReplyHeaders($headers);
if ($error == "") {
$error = $http->ReadWholeReplyBody($body);
if (strlen($error) == 0) {
//Check if the location in the HTTP response is the URL added as a parameter
//If it is this would cause the browser to redirect to the parameter, therefore the vulnerability is present
//.........这里部分代码省略.........
示例13: Logger
require_once $currentDir . "PHPCrawl_071/classes/phpcrawler.class.php";
require_once $currentDir . "PHPCrawl_071/classes/mycrawler.php";
//Include parsing class and http library
require_once $currentDir . '../scanner/classes/simplehtmldom/simple_html_dom.php';
require_once $currentDir . '../scanner/classes/httpclient-2011-08-21/http.php';
//Include Entity Classes
require_once $currentDir . '../scanner/classes/Form.php';
require_once $currentDir . '../scanner/classes/InputField.php';
require_once $currentDir . '../scanner/classes/Logger.php';
require_once $currentDir . '../scanner/classes/PostOrGetObject.php';
//Include Function Scripts
require_once $currentDir . '../scanner/functions/commonFunctions.php';
require_once $currentDir . '../scanner/functions/databaseFunctions.php';
$log = new Logger();
$log->lfile($currentDir . 'logs/eventlogs');
$log->lwrite('Connecting to database');
connectToDb($db);
$log->lwrite('Instantiating crawler');
$crawler =& new MyCrawler();
isset($_POST['specifiedUrl']) ? $urlToScan = $_POST['specifiedUrl'] : ($urlToScan = '');
isset($_POST['testId']) ? $testId = $_POST['testId'] : ($testId = 0);
if (empty($urlToScan)) {
echo 'urlToScan is empty';
$log->lfile('urlToScan is empty');
return;
}
$log->lwrite("URL to scan: {$urlToScan}");
$query = "UPDATE tests SET status = 'Preparing Crawl for {$urlToScan}' WHERE id = {$testId};";
$db->query($query);
$crawler->setURL($urlToScan);
$crawler->setTestId($testId);示例14: testForSQLi
function testForSQLi($urlToCheck, $urlOfSite, $testId)
{
connectToDb($db);
updateStatus($db, "Testing {$urlToCheck} for SQL Injection...", $testId);
$log = new Logger();
$log->lfile('logs/eventlogs');
$log->lwrite("Starting SQL Injection test function on {$urlToCheck}");
$postUrl = $urlToCheck;
$postUrlPath = parse_url($postUrl, PHP_URL_PATH);
//Check URL is not responding with 5xx codes
$log->lwrite("Checking what response code is received from {$urlToCheck}");
$http = new http_class();
$http->timeout = 0;
$http->data_timeout = 0;
//$http->debug=1;
$http->user_agent = "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)";
$http->follow_redirect = 1;
$http->redirection_limit = 5;
$http->setTestId($testId);
$error = $http->GetRequestArguments($urlToCheck, $arguments);
$error = $http->Open($arguments);
$log->lwrite("URL to be requested is: {$urlToCheck}");
if ($error == "") {
$log->lwrite("Sending HTTP request to {$urlToCheck}");
$error = $http->SendRequest($arguments);
if ($error == "") {
$headers = array();
$error = $http->ReadReplyHeaders($headers);
if ($error == "") {
$responseCode = $http->response_status;
//This is a string
$log->lwrite("Received response code: {$responseCode}");
if (intval($responseCode) >= 500 && intval($responseCode) < 600) {
$log->lwrite("Response code: {$responseCode} received from: {$urlToCheck}");
return;
}
}
}
$http->Close();
}
if (strlen($error)) {
echo "<H2 align=\"center\">Error: ", $error, "</H2>\n";
$log->lwrite("Error: {$error}");
}
$html = file_get_html($postUrl, $testId);
if (empty($html)) {
//This can happen due to file_get_contents returning a 500 code. Then the parser won't parse it
updateStatus($db, "Problem getting contents from {$urlToCheck}...", $testId);
$log->lwrite("Problem getting contents from {$urlToCheck}");
return;
}
$log->lwrite("Successfully got contents from {$urlToCheck}");
//Defintion of all payloads used and warnings to examine for
$arrayOfPayloads = array("'", '"', ';', ')', '(', '.', '--');
//specified in webfuzz library (lib.webfuzz.js) from WebSecurify
//From lib.webfuzz, some added by myself
//The function checks for these errors after a payload is submitted
$arrayOfSQLWarnings = array("supplied argument is not a valid MySQL", "mysql_fetch_array\\(\\)", "on MySQL result index", "You have an error in your SQL syntax;", "You have an error in your SQL syntax near", "MySQL server version for the right syntax to use", "\\[MySQL\\]\\[ODBC", "Column count doesn't match", "the used select statements have different number of columns", "Table '[^']+' doesn't exist", "DB Error: unknown error", ":[\\s]*mysql", "mysql_fetch", "System\\.Data\\.OleDb\\.OleDbException", "\\[SQL Server\\]", "\\[Microsoft\\]\\[ODBC SQL Server Driver\\]", "\\[SQLServer JDBC Driver\\]", "\\[SqlException", "System.Data.SqlClient.SqlException", "Unclosed quotation mark after the character string", "'80040e14'", "mssql_query\\(\\)", "odbc_exec\\(\\)", "Microsoft OLE DB Provider for ODBC Drivers", "Microsoft OLE DB Provider for SQL Server", "Incorrect syntax near", "Syntax error in string in query expression", "ADODB\\.Field \\(0x800A0BCD\\)<br>", "Procedure '[^']+' requires parameter '[^']+'", "ADODB\\.Recordset'", "Microsoft SQL Native Client error", "Unclosed quotation mark after the character string", "SQLCODE", "DB2 SQL error:", "SQLSTATE", "Sybase message:", "Syntax error in query expression", "Data type mismatch in criteria expression.", "Microsoft JET Database Engine", "\\[Microsoft\\]\\[ODBC Microsoft Access Driver\\]", "(PLS|ORA)-[0-9][0-9][0-9][0-9]", "PostgreSQL query failed:", "supplied argument is not a valid PostgreSQL result", "pg_query\\(\\) \\[:", "pg_exec\\(\\) \\[:", "com\\.informix\\.jdbc", "Dynamic Page Generation Error:", "Dynamic SQL Error", "\\[DM_QUERY_E_SYNTAX\\]", "has occurred in the vicinity of:", "A Parser Error \\(syntax error\\)", "java\\.sql\\.SQLException", "\\[Macromedia\\]\\[SQLServer JDBC Driver\\]");
//First check does the URL passed into this function contain parameters and submit payloads as those parameters if it does
$parsedUrl = parse_url($urlToCheck);
$log->lwrite("Check if {$urlToCheck} contains parameters");
if ($parsedUrl) {
if (isset($parsedUrl['query'])) {
$log->lwrite("{$urlToCheck} does contain parameters");
$scheme = $parsedUrl['scheme'];
$host = $parsedUrl['host'];
$path = $parsedUrl['path'];
$query = $parsedUrl['query'];
parse_str($query, $parameters);
$originalQuery = $query;
foreach ($arrayOfPayloads as $currentPayload) {
$http = new http_class();
$http->timeout = 0;
$http->data_timeout = 0;
//$http->debug=1;
$http->user_agent = "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)";
$http->follow_redirect = 1;
$http->redirection_limit = 5;
$http->setTestId($testId);
foreach ($parameters as $para) {
$query = $originalQuery;
$newQuery = str_replace($para, $currentPayload, $query);
$query = $newQuery;
$testUrl = $scheme . '://' . $host . $path . '?' . $query;
$log->lwrite("URL to be requested is: {$testUrl}");
$error = $http->GetRequestArguments($testUrl, $arguments);
$error = $http->Open($arguments);
if ($error == "") {
$log->lwrite("Sending HTTP request to {$testUrl}");
$error = $http->SendRequest($arguments);
if ($error == "") {
$headers = array();
$error = $http->ReadReplyHeaders($headers);
if ($error == "") {
$error = $http->ReadWholeReplyBody($body);
if (strlen($error) == 0) {
$vulnerabilityFound = false;
for ($warningIndex = 0; $warningIndex < sizeof($arrayOfSQLWarnings); $warningIndex++) {
$regularExpression = "/{$arrayOfSQLWarnings[$warningIndex]}/";
if (preg_match($regularExpression, $body)) {
//.........这里部分代码省略.........