/** * This function replace the undefined parameters from target with sql strings from DB * @param SqlTarget|TargetInterface $target * @param SqlError $sql_error * @return array|mixed */ public function changeParamsToHackParams(TargetInterface $target, SqlError $sql_error) { // getting the parameters we need from $target $values = $target->getParameters(); // checking if the parameters are defined or null foreach ($values as &$value) { if (is_null($value)) { // providing sql string if null $value = $sql_error->getValue(); } } // return the new parameters to check return $values; }
private function sendAttack(TargetInterface $target, XSSAttack $result) { $client = $this->getGuzzle(); $req = $client->createRequest($target->getMethod(), $target->getUrl(), null, null, ["query" => [$target->getParameters()['key'] => $result->getMessage()]]); $response = $req->send(); return $response; }
/** * @inheritdoc */ public function test(TargetInterface $target) { $this->_guzzle->setBaseUrl($target->getUrl()); $this->fuzzCommonUrls($target); }