internal override async Task runTest(UploadRequest.UploadRequest request)
{
const string data = "<?php\n"
+ " echo phpinfo();\n"
+ "?>";
request.setFileData(Encoding.ASCII.GetBytes(data));
request.setFileContentType("image/jpeg");
//Dot test
request.setFileName("Test_5.php.");
await request.send();
printResult(request, "Test 05 (dot test)");
//Space test
request.setFileName("Test_5.php ");
await request.send();
printResult(request, "Test 05 (space test)");
//Mixed test
request.setFileName("Test_5.php… … . . .. .. ");
await request.send();
printResult(request, "Test 05 (mixed dot/space test)");
}
internal override async Task runTest(UploadRequest.UploadRequest request)
{
const string data = "<?php\n"
+ " echo phpinfo();\n"
+ "?>";
request.setFileData(Encoding.ASCII.GetBytes(data));
request.setFileContentType("image/jpeg");
//Test for validation of just the final extension (Apache will use the real extension for the MIME type)
request.setFileName("Test_6.php.123");
await request.send();
printResult(request, "Test 06 (first extension)");
//Test for validation of just the first extension (Apache will use the last extension for the MIME type if they're all real)
request.setFileName("Test_6.jpg.php");
await request.send();
printResult(request, "Test 06 (last extension)");
//Test for "AddHandler" directive for php files (This will make Apache recognize the file as PHP no matter where the extension is)
request.setFileName("Test_6.php.jpg");
await request.send();
printResult(request, "Test 06 (AddHandler test)");
}
internal override async Task runTest(UploadRequest.UploadRequest request)
{
string data = "<script>alert(document.cookie)</script>";
request.setFileData(Encoding.ASCII.GetBytes(data));
request.setFileContentType("image/jpeg"); //Default all files to image/jpeg
//HTML case sensitivity test
request.setFileName("Test_4" + ".hTMl");
await request.send();
printResult(request, "Test 04 (.hTMl)");
//ASP case sensitivity test
request.setFileName("Test_4" + ".aSp");
await request.send();
printResult(request, "Test 04 (.aSp)");
//Change contents for php test
data = "<?php\n"
+ " echo phpinfo();\n"
+ "?>";
//PHP case sensitivity test
request.setFileName("Test_4" + ".pHp");
await request.send();
printResult(request, "Test 04 (.pHp)");
}
internal override async Task runTest(UploadRequest.UploadRequest request)
{
const string data = "<?php\n"
+ " echo phpinfo();\n"
+ "?>";
request.setFileData(Encoding.ASCII.GetBytes(data));
request.setFileContentType("image/jpeg");
request.setFileName("Test_2.php");
await request.send();
printResult(request, "Test 02");
}
internal override async Task runTest(UploadRequest.UploadRequest request)
{
const string data = "<?php\n"
+ " echo phpinfo();\n"
+ "?>";
request.setFileData(Encoding.ASCII.GetBytes(data));
request.setFileContentType("application/x-httpd-php"); //Generally the default content-type used for php
request.setFileName("Test_1.php");
await request.send(); //Send the request and halt the thread until it completes
printResult(request, "Test 01");
}
internal override async Task runTest(UploadRequest.UploadRequest request)
{
//A semi-colon is
const string data = "<?php\n"
+ " echo phpinfo();\n"
+ "?>";
request.setFileData(Encoding.ASCII.GetBytes(data));
request.setFileContentType("image/jpeg");
request.setFileName("Test_11.php;.jpg");
await request.send();
printResult(request, "Test 11 (IIS <= 6)");
}
protected void printResult(UploadRequest.UploadRequest request, string newTestName)
{
testName.Add(newTestName);
reasonPhrase.Add(request.reasonPhrase);
statusCode.Add(request.statusCode.ToString());
Console.WriteLine(newTestName + " Status: " + request.statusCode + " " + request.reasonPhrase);
if (request.reasonPhrase == "OK")
{
string[] errorMessages = { "error", "invalid", "not uploaded", "fail" }; //All values must be lower case to be detected
if (errorMessages.Any(word => request.response.ToLower().Contains(word))) //Check for error related words
{
misc.Add("Warning: The request was successful but an error message was detected!");
}
}
}
internal override async Task runTest(UploadRequest.UploadRequest request)
{
//Set the data to HTML (all formats support HTML)
const string data = "<script>alert(document.cookie)</script>";
string[] badExtensions = { ".html", ".shtml", ".jsp", ".asp", ".phtml", ".php3", ".php4", ".php5" };
request.setFileContentType("image/jpeg"); //Default all files to image/jpeg
request.setFileData(Encoding.ASCII.GetBytes(data));
foreach (string t in badExtensions)
{
request.setFileName("Test_3" + t);
await request.send();
printResult(request, "Test 03 (" + t + ")");
}
}
internal override async Task runTest(UploadRequest.UploadRequest request)
{
//Insert a null byte between the two extensions
const string data = "<?php\n"
+ " echo phpinfo();\n"
+ "?>";
IEnumerable <byte> rv = Encoding.ASCII.GetBytes("Test_9.php").Concat(new byte[] { 0x00 }).Concat(Encoding.ASCII.GetBytes(".jpg"));
request.setFileData(data);
request.setFileContentType("image/jpeg");
request.setFileName(rv.ToArray());
await request.send();
printResult(request, "Test 09 (Null byte)");
}
internal abstract Task runTest(UploadRequest.UploadRequest request);
