Esempio n. 1
0
 /**
  * Function doing an sql injection on GET with Guzzle
  * @param SqlTarget $target
  */
 public function getGosling(TargetInterface $target)
 {
     //defining $url and $params from $target
     //setting success to false by default
     $url = $target->getUrl();
     $repo = $this->_em->getRepository('AppBundle:SqlError');
     $sql_error = $repo->getSqlError();
     $params = $this->changeParamsToHackParams($target, $sql_error);
     $req = $this->_guzzle->createRequest('GET', $url, $params);
     $result = $this->goslingResponse($req, $url);
     $used_sql_error = $sql_error->getValue();
     $success = $result["Success"];
     $this->report($success, "for url " . $url . "and slq injection : " . $used_sql_error);
 }
Esempio n. 2
0
 private function sendAttack(TargetInterface $target, XSSAttack $result)
 {
     $client = $this->getGuzzle();
     $req = $client->createRequest($target->getMethod(), $target->getUrl(), null, null, ["query" => [$target->getParameters()['key'] => $result->getMessage()]]);
     $response = $req->send();
     return $response;
 }
Esempio n. 3
0
 /**
  * @inheritdoc
  */
 public function test(TargetInterface $target)
 {
     $this->_guzzle->setBaseUrl($target->getUrl());
     $this->fuzzCommonUrls($target);
 }