Class: Arachni::Checks::Rfi
- Inherits:
-
Arachni::Check::Base
- Object
- Arachni::Component::Base
- Arachni::Check::Base
- Arachni::Checks::Rfi
- Defined in:
- components/checks/active/rfi.rb
Overview
Simple Remote File Inclusion (and tutorial) check.
Constant Summary
Constants included from Arachni::Check::Auditor
Arachni::Check::Auditor::DOM_ELEMENTS_WITH_INPUTS, Arachni::Check::Auditor::ELEMENTS_WITH_INPUTS, Arachni::Check::Auditor::FILE_SIGNATURES, Arachni::Check::Auditor::FILE_SIGNATURES_PER_PLATFORM, Arachni::Check::Auditor::Format, Arachni::Check::Auditor::SOURCE_CODE_SIGNATURES_PER_PLATFORM
Constants included from Arachni
BANNER, Arachni::Cookie, Form, Header, JSON, Link, LinkTemplate, NestedCookie, Severity, UIForm, UIInput, VERSION, WEBSITE, WIKI, XML
Instance Attribute Summary
Attributes included from Arachni::Check::Auditor
Class Method Summary collapse
-
.info ⇒ Object
REQUIRED.
-
.options ⇒ Object
It's Framework convention to name the method which contains the audit options Rfi.options.
-
.payloads ⇒ Object
It's Framework convention to name the method which contains the strings to be injected Rfi.payloads.
Instance Method Summary collapse
-
#clean_up ⇒ Object
OPTIONAL.
-
#prepare ⇒ Object
OPTIONAL.
-
#run ⇒ Object
REQUIRED.
Methods inherited from Arachni::Check::Base
#browser_cluster, elements, exempt_platforms, has_exempt_platforms?, has_platforms?, #initialize, platforms, #plugins, prefer, #preferred, preferred, #session, supports_platforms?
Methods included from Arachni::Check::Auditor
#audit, #audit_differential, #audit_signature, #audit_timeout, #audited, #audited?, #buffered_audit, #each_candidate_dom_element, #each_candidate_element, has_timeout_candidates?, #http, #initialize, #log, #log_issue, #log_remote_file, #log_remote_file_if_exists, #match_and_log, #max_issues, #preferred, reset, #skip?, timeout_audit_run, #trace_taint, #with_browser, #with_browser_cluster
Methods inherited from Arachni::Component::Base
author, description, fullname, #shortname, shortname, shortname=, version
Methods included from Arachni::Component::Output
#depersonalize_output, #depersonalize_output?, #intercept_print_message
Methods included from UI::Output
#caller_location, #debug?, #debug_level, #debug_level_1?, #debug_level_2?, #debug_level_3?, #debug_level_4?, #debug_off, #debug_on, #disable_only_positives, #error_buffer, #error_log_fd, #error_logfile, #has_error_log?, #included, #log_error, #mute, #muted?, #only_positives, #only_positives?, #print_bad, #print_debug, #print_debug_backtrace, #print_debug_exception, #print_debug_level_1, #print_debug_level_2, #print_debug_level_3, #print_debug_level_4, #print_error, #print_error_backtrace, #print_exception, #print_info, #print_line, #print_ok, #print_status, #print_verbose, #reroute_to_file, #reroute_to_file?, reset_output_options, #set_error_logfile, #unmute, #verbose?, #verbose_off, #verbose_on
Methods included from Arachni::Component::Utilities
Methods included from Utilities
#available_port, available_port_mutex, #bytes_to_kilobytes, #bytes_to_megabytes, #caller_name, #caller_path, #cookie_decode, #cookie_encode, #cookies_from_file, #cookies_from_parser, #cookies_from_response, #exception_jail, #exclude_path?, #follow_protocol?, #form_decode, #form_encode, #forms_from_parser, #forms_from_response, #full_and_absolute_url?, #generate_token, #get_path, #hms_to_seconds, #html_decode, #html_encode, #include_path?, #links_from_parser, #links_from_response, #normalize_url, #page_from_response, #page_from_url, #parse_set_cookie, #path_in_domain?, #path_too_deep?, #port_available?, #rand_port, #random_seed, #redundant_path?, #regexp_array_match, #remove_constants, #request_parse_body, #seconds_to_hms, #skip_page?, #skip_path?, #skip_resource?, #skip_response?, #to_absolute, #uri_decode, #uri_encode, #uri_parse, #uri_parse_query, #uri_parser, #uri_rewrite
Methods included from Arachni
URI, collect_young_objects, #get_long_win32_filename, jruby?, null_device, profile?, windows?
Constructor Details
This class inherits a constructor from Arachni::Check::Base
Class Method Details
.info ⇒ Object
REQUIRED
Do not omit any of the info.
92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 |
# File 'components/checks/active/rfi.rb', line 92 def self.info { name: 'Remote File Inclusion', description: %q{ Injects a remote URL in all available inputs and checks for relevant content in the HTTP response body. }, # Arachni needs to know what elements the check plans to audit # before invoking it. If a page doesn't have any of those elements # there's no point in running the check. # # If you want the check to run no-matter what, leave the array # empty or don't define it at all. elements: ELEMENTS_WITH_INPUTS - [Element::LinkTemplate], author: 'Tasos "Zapotek" Laskos <[email protected]> ', version: '0.3.2', issue: { name: %q{Remote File Inclusion}, description: %q{ Web applications occasionally use parameter values to store the location of a file which will later be required by the server. An example of this is often seen in error pages, where the actual file path for the error page is stored in a parameter value -- for example `example.com/error.php?page=404.php`. A remote file inclusion occurs when the parameter value (ie. path to file being called by the server) can be substituted with the address of remote resource -- for example: `yoursite.com/error.asp?page=http://anothersite.com/somethingBad.php` In some cases, the server will process the fetched resource; therefore, if the resource contains server-side code matching that of the framework being used (ASP, PHP, JSP, etc.), it is probable that the resource will be executed as if it were part of the web application. Arachni discovered that it was possible to substitute a parameter value with an external resource and have the server fetch it and include its contents in the response. }, references: { 'WASC' => 'http://projects.webappsec.org/Remote-File-Inclusion', 'Wikipedia' => 'http://en.wikipedia.org/wiki/Remote_File_Inclusion' }, tags: %w(remote file inclusion injection regexp), cwe: 94, # Severity can be: # # Severity::HIGH # Severity::MEDIUM # Severity::LOW # Severity::INFORMATIONAL severity: Severity::HIGH, remedy_guidance: %q{ It is recommended that untrusted data is never used to form a file location to be included. To validate data, the application should ensure that the supplied value for a file is permitted. This can be achieved by performing whitelisting on the parameter value, by matching it against a list of permitted files. If the supplied value does not match any value in the whitelist, then the server should redirect to a standard error page. In some scenarios, where dynamic content is being requested, it may not be possible to perform validation against a list of trusted resources, therefore the list must also become dynamic (updated as the files change), or perform filtering to remove extraneous user input (such as semicolons, periods etc.) and only permit `a-z0-9`. It is also advised that sensitive files are not stored within the web root and that the user permissions enforced by the directory are correct. } } } end |
.options ⇒ Object
It's Framework convention to name the method which contains the audit options options.
58 59 60 61 62 63 64 65 |
# File 'components/checks/active/rfi.rb', line 58 def self. @options ||= { signatures: '705cd559b16e6946826207c2199bd890', submit: { follow_location: false } } end |
.payloads ⇒ Object
It's Framework convention to name the method which contains the strings to be injected payloads.
46 47 48 49 50 51 52 |
# File 'components/checks/active/rfi.rb', line 46 def self.payloads @payloads ||= [ 'hTtP://tests.arachni-scanner.com/rfi.md5.txt', 'http://tests.arachni-scanner.com/rfi.md5.txt', 'tests.arachni-scanner.com/rfi.md5.txt' ] end |
Instance Method Details
#clean_up ⇒ Object
OPTIONAL
This is called after #run has finished executing and it allows you to clean up after yourself.
83 84 85 |
# File 'components/checks/active/rfi.rb', line 83 def clean_up print_debug 'In #clean_up' end |
#prepare ⇒ Object
OPTIONAL
Gets called before any other method, right after initialization. It provides you with a way to setup your check's dynamic data.
24 25 26 27 28 29 30 31 32 33 |
# File 'components/checks/active/rfi.rb', line 24 def prepare # # You can use #print_debug for debugging. # Don't over-do it though, debugging messages are supposed to be helpful # so don't flood the output. # # Debugging output will only appear if "--debug" is enabled. # print_debug 'In #prepare' end |
#run ⇒ Object
REQUIRED
This is used to deliver the check's payload, whatever it may be.
72 73 74 75 |
# File 'components/checks/active/rfi.rb', line 72 def run print_debug 'In #run' audit self.class.payloads, self.class. end |