void ReportCodeInjection(FindingConfidence confidence) { this.Scnr.SetTraceTitle("Code Injection Found", 10); Finding pr = new Finding(this.Scnr.InjectedRequest.BaseUrl); pr.Title = "Code Injection Found"; pr.Summary = string.Format("{0}<i<br>><i<br>>{1}", this.GetFindingOpeningDesc("Code Injection"), this.GetSummary()); foreach (FindingReason reason in this.Reasons) { pr.AddReason(reason); } for (int i = 0; i < this.RequestTriggers.Count; i++) { pr.Triggers.Add(this.RequestTriggers[i], this.RequestTriggerDescs[i], this.TriggerRequests[i], this.ResponseTriggers[i], this.ResponseTriggerDescs[i], this.TriggerResponses[i]); } pr.Type = FindingType.Vulnerability; pr.Severity = FindingSeverity.High; pr.Confidence = confidence; this.Scnr.AddFinding(pr); }
static int GetConfidence(FindingConfidence Confidence) { if (Confidence == FindingConfidence.High) return 9; if (Confidence == FindingConfidence.Medium) return 6; if (Confidence == FindingConfidence.Low) return 3; return 3; }
void ReportSQLInjection(FindingConfidence Confidence) { this.Scnr.SetTraceTitle("SQLi Found", 100); Finding PR = new Finding(this.Scnr.InjectedRequest.BaseUrl); PR.Title = "SQL Injection Detected"; PR.Summary = string.Format("{0}<i<br>><i<br>>{1}", this.GetFindingOpeningDesc("SQL Injection"), this.GetSummary()); foreach (FindingReason reason in this.reasons) { PR.AddReason(reason); } for (int i = 0; i < this.RequestTriggers.Count; i++) { PR.Triggers.Add(this.RequestTriggers[i], this.RequestTriggerDescs[i], this.TriggerRequests[i], this.ResponseTriggers[i], this.ResponseTriggerDescs[i], this.TriggerResponses[i]); } PR.Type = FindingType.Vulnerability; PR.Severity = FindingSeverity.High; PR.Confidence = Confidence; this.Scnr.AddFinding(PR); }
void ReportELInjection(FindingConfidence confidence) { this.Scnr.SetTraceTitle("Expression Language Injection Found", 10); Finding pr = new Finding(this.Scnr.InjectedRequest.BaseUrl); pr.Title = "Expression Language Injection Found"; pr.Summary = string.Format("{0}<i<br>><i<br>>{1}", this.GetFindingOpeningDesc("Expression Language Injection"), this.GetSummary()); foreach (FindingReason reason in this.Reasons) { pr.AddReason(reason); } for (int i = 0; i < this.RequestTriggers.Count; i++) { pr.Triggers.Add(this.RequestTriggers[i], this.RequestTriggerDescs[i], this.TriggerRequests[i], this.ResponseTriggers[i], this.ResponseTriggerDescs[i], this.TriggerResponses[i]); } pr.Type = FindingType.Vulnerability; pr.Severity = FindingSeverity.High; pr.Confidence = confidence; this.Scnr.AddFinding(pr); }