Tải bản đầy đủ - 0 (trang)
4  Checking for Cross-Site Scripting with cURL

4  Checking for Cross-Site Scripting with cURL

Tải bản đầy đủ - 0trang

Solution

You will need to create three files like those shown in Examples 7-1, 7-2, and 7-3. The

shell script uses the two text files as input.

Example 7-1. Cross-site scripting test script using cURL

#!/bin/bash

CURL=/usr/local/bin/curl

# where do we put temporary output?

TEMPDIR=/tmp

# a file with URLs to attack, one per line

URLFILE=urls.txt

# a file containing XSS attack strings, one per line

ATTACKS=xss-strings.txt

# file descriptor 3 is our URLs

3<"${URLFILE}"

# file descriptor 4 is our XSS attack strings

4<"${ATTACKS}"

typeset -i FAILED

# for each URL in the URLFILE

while read -u 3 URL

do

TEMPFILE="${TEMPDIR}/curl${RANDOM}.html"

FAILED=0

# attack with each attack in the ATTACKS file

while read -u 4 XSS

do

# call curl to fetch the page. Save to temp file because we

# need to check the error code, too. We'll grep if we got

# anything.

curl -f -s -o "${TEMPFILE}" "${URL}${XSS}"

RETCODE=$?

echo "ret: $RETCODE"

# check to see if curl failed or the server failed

if [ $RETCODE != 0 ]

then

echo "FAIL:

(curl ${RETCODE}) ${URL}${XSS}"

else

# curl succeeded. Check output for our attack string.

rm -f "${TEMPFILE}"

result=$(grep -c "${XSS}" "${TEMPFILE}")

# if we got 1 or more matches, that's a failure

if [ "$result" != 0 ]

then

echo "FAIL:

${URL}${XSS}"

FAILED=${FAILED}+1



7.4 Checking for Cross-Site Scripting with cURL | 129



else

echo "PASS:

fi



${URL}${XSS}"



fi

rm -f "${TEMPFILE}"

done

if [ $FAILED -gt 0 ]

then

echo "$FAILED failures for ${URL}"

else

echo "PASS: ${URL}"

fi



done



Example 7-2. Example urls.txt file

http://www.example.com/cgi-bin/test-cgi?test=

http://www.example.com/servlet/login.do?user=

http://www.example.com/getFile.asp?fileID=



Example 7-3. Example xss-strings.txt file



">
">
abc(xyz

abc)xyz

abc
xyz

abc