Tests URLs for Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL injection (SQLi), and Cross Site Scripting (XSS), Server Side Template Injection (SSTI), and Open Redirects.
Add a special WebVuln.test_param method as a placeholder method for testing an individual query param, header name, cookie param, or form param. This will allow other classes such as CommandInjection, SQLI, and SSTI to have a place to put their enumeration logic for testing every combination of configuration until a working vulnerability is found for that param.
This will solve the issue where multiple slightly different vulnerability classes are discovered for the same param.
postmodern
commented
6 months ago
Add a special
WebVuln.test_parammethod as a placeholder method for testing an individual query param, header name, cookie param, or form param. This will allow other classes such asCommandInjection,SQLI, andSSTIto have a place to put their enumeration logic for testing every combination of configuration until a working vulnerability is found for that param.This will solve the issue where multiple slightly different vulnerability classes are discovered for the same param.