Skip to content

Commit

Permalink
Only run module if path is parametric.
Browse files Browse the repository at this point in the history
  • Loading branch information
dma committed Sep 27, 2014
1 parent cde6c64 commit de0421b
Show file tree
Hide file tree
Showing 6 changed files with 28 additions and 9 deletions.
6 changes: 5 additions & 1 deletion scripts/scanner/modules/injection/format-string-inject.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,11 @@ var module = {
};

function initialize(ctx) {
ctx.submitMultipleAlteredRequests(process, ["vega%dn%dn%dn%dn%dn%dn%dn%dn", "vega%nd%nd%nd%nd%nd%nd%nd%nd"]);
var ps = ctx.getPathState();

if (ps.isParametric()) {
ctx.submitMultipleAlteredRequests(process, ["vega%dn%dn%dn%dn%dn%dn%dn%dn", "vega%nd%nd%nd%nd%nd%nd%nd%nd"]);
}
}

function process(req, res, ctx) {
Expand Down
6 changes: 4 additions & 2 deletions scripts/scanner/modules/injection/local-file-include.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -318,8 +318,10 @@ alteredRequests.push({

function initialize(ctx) {
var ps = ctx.getPathState();
ctx.submitAlteredRequest(process, alteredRequests[0].payload, false, 0);
ps.incrementFuzzCounter();
if (ps.isParametric()) {
ctx.submitAlteredRequest(process, alteredRequests[0].payload, false, 0);
ps.incrementFuzzCounter();
}

};

Expand Down
5 changes: 4 additions & 1 deletion scripts/scanner/modules/injection/shell-injection.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,10 @@ var module = {
};

function initialize(ctx) {
ctx.submitMultipleAlteredRequests(process, ["`true`", "`false`", "`uname`", "\"`true`\"", "\"`false`\"", "\"`uname`\"", "'true'", "'false'", "'uname'"], true);
var ps = ctx.getPathState();
if (ps.isParametric()) {
ctx.submitMultipleAlteredRequests(process, ["`true`", "`false`", "`uname`", "\"`true`\"", "\"`false`\"", "\"`uname`\"", "'true'", "'false'", "'uname'"], true);
}
}

function process(req, res, ctx) {
Expand Down
6 changes: 5 additions & 1 deletion scripts/scanner/modules/injection/url-injection.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,11 @@ var module = {
};

function initialize(ctx) {
ctx.submitMultipleAlteredRequests(process, ["http://vega.invalid/;?", "//vega.invalid/;?", "vega://invalid/;?", " src=http://vega.invalid/;?", "\" src=http://vega.invalid/;?"]);

var ps = ctx.getPathState();
if (ps.isParametric()) {
ctx.submitMultipleAlteredRequests(process, ["http://vega.invalid/;?", "//vega.invalid/;?", "vega://invalid/;?", " src=http://vega.invalid/;?", "\" src=http://vega.invalid/;?"]);
}
}

function process(req, res, ctx) {
Expand Down
6 changes: 5 additions & 1 deletion scripts/scanner/modules/injection/xml-injection.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,11 @@ var module = {
};

function initialize(ctx) {
ctx.submitMultipleAlteredRequests(process, ["vega>'>\"><vega></vega>", "vega>'>\"></vega><vega>"]);
var ps = ctx.getPathState();

if (ps.isParametric()) {
ctx.submitMultipleAlteredRequests(process, ["vega>'>\"><vega></vega>", "vega>'>\"></vega><vega>"]);
}
}

function process(req, res, ctx) {
Expand Down
8 changes: 5 additions & 3 deletions scripts/scanner/modules/injection/xss-injection.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,9 +26,11 @@ function createRequest(ps, index) {

function initialize(ctx) {
var ps = ctx.getPathState();

for (var i = 0; i < payloads.length; i++) {
ctx.submitRequest(createRequest(ps, i), process, i);

if (ps.isParametric()) {
for (var i = 0; i < payloads.length; i++) {
ctx.submitRequest(createRequest(ps, i), process, i);
}
}
};

Expand Down

0 comments on commit de0421b

Please sign in to comment.