Example #1
0
 public function testChangeParamsToHackParams()
 {
     $target = new SqlTarget();
     $target->setParameters(array("user" => "admin", "password" => null));
     //create new uzzle client for testing purpose
     $guzzle = new MisdGuzzleBundle();
     //create new instance of our Sqlpentester
     $sqlPentester = new SqlPentester($guzzle, $this->em);
     // test this function replace the undefined parameters from target with sql strings from DB
     $repo = $this->em->getRepository('AppBundle:SqlError');
     $sql_error = $repo->getSqlError();
     //do things now :D
     $perceval = $sqlPentester->changeParamsToHackParams($target, $sql_error);
     $this->assertNotNull($perceval["password"], "Echec de l'injection ");
 }
 /**
  * Receive a request OK
  * Creates a Target OK
  * Calls Ryan Gosling with Target OK
  * Sends a Response OK
  *
  * @Route("/xss")
  */
 public function getXssError(Request $request)
 {
     //création de la target
     $target = new Target\SqlTarget();
     $target->setUrl($request->get('url'));
     $target->setParameters($request->query->all());
     /**
      * SQL pentesting service
      * @var $sqlPentester Pentester\SqlPentester
      */
     //création du goslinger
     $goslingPentester = $this->get('app.pentester.sql');
     //appel du goslinger et sauvegarde des logs
     $report = $goslingPentester->testAndGetReport($target);
     //renvoyer une réponse
     return new View($report, Response::HTTP_OK);
 }