Tests URLs for Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL injection (SQLi), and Cross Site Scripting (XSS), Server Side Template Injection (SSTI), and Open Redirects.
If a URL with no path extension (ex: .php) is given to Ronin::Vulns::RFI.scan then @script_lang and @test_script_url will both be nil, and an empty String will be sent as the payload value, which does nothing. Instead, we should attempt testing every test payload URL in TEST_SCRIPT_URLS. If one of the test script URLs succeeds, then also set @script_lang.
postmodern
commented
11 months ago
If a URL with no path extension (ex:
.php) is given toRonin::Vulns::RFI.scanthen@script_langand@test_script_urlwill both benil, and an empty String will be sent as the payload value, which does nothing. Instead, we should attempt testing every test payload URL inTEST_SCRIPT_URLS. If one of the test script URLs succeeds, then also set@script_lang.