/**
* This function replace the undefined parameters from target with sql strings from DB
* @param SqlTarget|TargetInterface $target
* @param SqlError $sql_error
* @return array|mixed
*/
public function changeParamsToHackParams(TargetInterface $target, SqlError $sql_error)
{
// getting the parameters we need from $target
$values = $target->getParameters();
// checking if the parameters are defined or null
foreach ($values as &$value) {
if (is_null($value)) {
// providing sql string if null
$value = $sql_error->getValue();
}
}
// return the new parameters to check
return $values;
}
private function sendAttack(TargetInterface $target, XSSAttack $result)
{
$client = $this->getGuzzle();
$req = $client->createRequest($target->getMethod(), $target->getUrl(), null, null, ["query" => [$target->getParameters()['key'] => $result->getMessage()]]);
$response = $req->send();
return $response;
}
/**
* @inheritdoc
*/
public function test(TargetInterface $target)
{
$this->_guzzle->setBaseUrl($target->getUrl());
$this->fuzzCommonUrls($target);
}
