static IScanIssue reportReflectionIssue(Attack[] attacks, IHttpRequestResponse baseRequestResponse) { return reportReflectionIssue(attacks, baseRequestResponse, ""); }
public void run() { IRequestInfo info = Utilities.helpers.analyzeRequest(req); List<IParameter> params = info.getParameters(); for (IParameter param : params) { String key = null; String[] keys = {"%26zq=%253c", "!zq=%253c"}; for (String test: keys) { if (param.getValue().contains(test)) { key = test; break; } } if (key != null) { String originalValue = param.getValue().substring(0, param.getValue().indexOf(key)); ParamInsertionPoint insertionPoint = new ParamInsertionPoint(req.getRequest(), param.getName(), originalValue, param.getType()); ArrayList<Attack> paramGuesses = guessParams(req, insertionPoint); if (!paramGuesses.isEmpty()) { Utilities.callbacks.addScanIssue(Utilities.reportReflectionIssue(paramGuesses.toArray((new Attack[paramGuesses.size()])), req)); } break; } } }
Utilities.callbacks.addScanIssue(Utilities.reportReflectionIssue(paramGuesses.toArray((new Attack[paramGuesses.size()])), req));
return Utilities.reportReflectionIssue(results.toArray((new Attack[results.size()])), baseRequestResponse);
ArrayList<Attack> confirmed = altInject.fuzz(paramBase, validParam); if (!confirmed.isEmpty()) { Utilities.callbacks.addScanIssue(Utilities.reportReflectionIssue(confirmed.toArray(new Attack[2]), base, "Potentially swappable param"));
title = "Secret uncached input: " + Utilities.getNameFromType(type); Utilities.callbacks.addScanIssue(Utilities.reportReflectionIssue(confirmed.toArray(new Attack[2]), baseRequestResponse, title));