-
-
Notifications
You must be signed in to change notification settings - Fork 99
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Scope for padding Oracle Vulnerability #298
Conversation
tanner/api/api.py
Outdated
@@ -29,7 +29,8 @@ def __init__(self, redis_client): | |||
'lfi': 0, | |||
'xss': 0, | |||
'rfi': 0, | |||
'cmd_exec': 0} | |||
'cmd_exec': 0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
missing ,
|
||
def scan(self, value): | ||
detection = None | ||
if patterns.PAD_ORACLE_ATTACK.match(value): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
PAD_ORACLE_ATTACK
pattern is missing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I will update the pattern.
detection = dict(name='pad_oracle', order=2) | ||
return detection | ||
|
||
def get_pad_oracle_results(self, attack_params): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What is the purpose of returning the same input params as header?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
attack_params
is a dictionary with many iterations whereas header
is returning only the first iteration
@amanjiofficial before we can proceed with your pr, please complete the functionality :) |
@afeena pls check that is this the right way to implement this functionality? |
Pull Request Test Coverage Report for Build 841
💛 - Coveralls |
@amanjiofficial you can use some tools to check your regular expression |
@afeena I guess the commit is okay to be merged. Please suggest if I should make any changes. |
@@ -18,7 +18,7 @@ | |||
'REDIS': {'host': 'tanner_redis', 'port': 6379, 'poolsize': 80, 'timeout': 1}, | |||
'EMULATORS': {'root_dir': '/tmp/tanner/emulators'}, | |||
'EMULATOR_ENABLED': {'sqli': True, 'rfi': True, 'lfi': False, 'xss': True, 'cmd_exec': False, | |||
'php_code_injection': True, "crlf": True}, | |||
'php_code_injection': True, "crlf": True "pad_oracle": True}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
'php_code_injection': True, "crlf": True "pad_oracle": True}, | |
'php_code_injection': True, "crlf": True, "pad_oracle": True}, |
@@ -15,3 +15,4 @@ | |||
WORD_PRESS_CONTENT = re.compile(r'/wp-content/.*') | |||
HTML_TAGS = re.compile(r'.*<(.*)>.*') | |||
QUERY = re.compile(r'.*\?.*=') | |||
PAD_ORACLE_ATTACK = re.compile(r'.*<(.|\r\n)*?>') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't understand how are you trying to implement it.
@amanjiofficial please, if you want to get more guidance, explain you idea and code in more details :) |
Closing this due to inactivity and unresolved issues. Feel free to open a new PR with changes made according to the conversation here. |
Corresponding changes in 'tanner.utils.patterns.py' is to be made and 'tanner.emulators.pad_oracle.py' is to be changed accordingly.