Home       Trees       Indices       Help   
w3af homepage
Package plugins :: Package audit :: Module ssi :: Class ssi
[hide private]

Class ssi



Find server side inclusion vulnerabilities.

Author: Andres Riancho ( andres.riancho@gmail.com )

Instance Methods [hide private]
 
__init__(self)
 
_fuzzRequests(self, freq)
Tests an URL for server side inclusion vulnerabilities.
 
_getSsiStrings(self)
This method returns a list of server sides to try to include.
 
_analyzeResult(self, mutant, response)
This method analyzes the result of _sendMutant().
 
end(self)
This method is called when the plugin wont be used anymore.
 
getOptions(self)
Returns: A list of option objects for this plugin.
 
setOptions(self, OptionList)
This method sets all the options that are configured using the user interface generated by the framework using the result of getOptions().
 
_findFile(self, response)
This method finds out if the server side has been successfully included in the resulting HTML.
 
_getFilePatterns(self)
Returns: A list of strings to find in the resulting HTML in order to check for server side includes.
 
getPluginDeps(self)
Returns: A list with the names of the plugins that should be runned before the current one.
 
getLongDesc(self)
Returns: A DETAILED description of the plugin functions and features.

Inherited from core.controllers.basePlugin.baseAuditPlugin.baseAuditPlugin: audit, getType

Inherited from core.controllers.basePlugin.baseAuditPlugin.baseAuditPlugin (private): _hasNoBug

Inherited from core.controllers.basePlugin.basePlugin.basePlugin: __eq__, getDesc, getName, printUniq, setUrlOpener

Inherited from core.controllers.basePlugin.basePlugin.basePlugin (private): _sendMutant

Method Details [hide private]

__init__(self)
(Constructor)

 
Overrides: core.controllers.basePlugin.baseAuditPlugin.baseAuditPlugin.__init__

_fuzzRequests(self, freq)

 
Tests an URL for server side inclusion vulnerabilities.
Parameters:
  • freq - A fuzzableRequest
Overrides: core.controllers.basePlugin.baseAuditPlugin.baseAuditPlugin._fuzzRequests

_getSsiStrings(self)

 
This method returns a list of server sides to try to include.
Returns:
A string, see above.

_analyzeResult(self, mutant, response)

 

This method analyzes the result of _sendMutant().

This method MUST be implemented on every plugin.
Overrides: core.controllers.basePlugin.baseAuditPlugin.baseAuditPlugin._analyzeResult
(inherited documentation)

end(self)

 
This method is called when the plugin wont be used anymore.
Overrides: core.controllers.basePlugin.basePlugin.basePlugin.end

getOptions(self)

 

This method returns an optionList containing the options objects that the configurable object has. Using this option list the framework will build a window, a menu, or some other input method to retrieve the info from the user.

This method MUST be implemented on every plugin.
Returns:
A list of option objects for this plugin.
Overrides: core.controllers.basePlugin.basePlugin.basePlugin.getOptions

setOptions(self, OptionList)

 
This method sets all the options that are configured using the user interface generated by the framework using the result of getOptions().
Parameters:
  • OptionList - A dictionary with the options for the plugin.
Returns:
No value is returned.
Overrides: core.controllers.basePlugin.basePlugin.basePlugin.setOptions

_findFile(self, response)

 
This method finds out if the server side has been successfully included in the resulting HTML.
Parameters:
  • response - The HTTP response object
Returns:
A list of errors found on the page

_getFilePatterns(self)

 
Returns:
A list of strings to find in the resulting HTML in order to check for server side includes.

getPluginDeps(self)

 
Returns:
A list with the names of the plugins that should be runned before the current one.
Overrides: core.controllers.basePlugin.basePlugin.basePlugin.getPluginDeps

getLongDesc(self)

 
Returns:
A DETAILED description of the plugin functions and features.
Overrides: core.controllers.basePlugin.basePlugin.basePlugin.getLongDesc

   Home       Trees       Indices       Help   
w3af homepage
Generated by Epydoc 3.0beta1 on Sun Sep 14 17:13:10 2008 http://epydoc.sourceforge.net