| public AddParameter ( string name, string value ) : void | ||
| name | string | |
| value | string | |
| 리턴 | void | |
private void SetParameterDefaultValue(WebServiceToInvoke wsInvoker, WSParameter wSParameter, bool isDebug)
{
switch (wSParameter.TypeName)
{
case "int":
mainForm.Log(" " + wSParameter.Name + " - " + wSParameter.TypeName + ":" + DefaultValues.IntDefaultVal, FontStyle.Regular, isDebug, false);
wsInvoker.AddParameter(wSParameter.Name, DefaultValues.IntDefaultVal);
break;
case "string":
mainForm.Log(" " + wSParameter.Name + " - " + wSParameter.TypeName + ":" + DefaultValues.StringDefaultVal, FontStyle.Regular, isDebug, false);
wsInvoker.AddParameter(wSParameter.Name, DefaultValues.StringDefaultVal);
break;
case "double":
mainForm.Log(" " + wSParameter.Name + " - " + wSParameter.TypeName + ":" + DefaultValues.DoubleDefaultVal, FontStyle.Regular, isDebug, false);
wsInvoker.AddParameter(wSParameter.Name, DefaultValues.DoubleDefaultVal);
break;
case "decimal":
mainForm.Log(" " + wSParameter.Name + " - " + wSParameter.TypeName + ":" + DefaultValues.DecimalDefaultVal, FontStyle.Regular, isDebug, false);
wsInvoker.AddParameter(wSParameter.Name, DefaultValues.DecimalDefaultVal);
break;
case "boolean":
mainForm.Log(" " + wSParameter.Name + " - " + wSParameter.TypeName + ":" + DefaultValues.BooleanDefaultVal, FontStyle.Regular, isDebug, false);
wsInvoker.AddParameter(wSParameter.Name, DefaultValues.BooleanDefaultVal);
break;
case "bool":
mainForm.Log(" " + wSParameter.Name + " - " + wSParameter.TypeName + ":" + DefaultValues.BooleanDefaultVal, FontStyle.Regular, isDebug, false);
wsInvoker.AddParameter(wSParameter.Name, DefaultValues.BooleanDefaultVal);
break;
default:
mainForm.Log(" " + wSParameter.Name + " - " + wSParameter.TypeName + ":" + DefaultValues.StringDefaultVal, FontStyle.Regular, isDebug, false);
wsInvoker.AddParameter(wSParameter.Name, DefaultValues.StringDefaultVal);
break;
}
}
private void CheckVulnsExceptAuth(WebServiceToInvoke wsInvoker, WSOperation operation, VulnerabilitiesVulnerability vuln,
string targetNameSpace, WSDescriber wsDesc, WSDescriberForReport WSItemVulnerabilities, ReportObject reportObject,
bool isDebug, ref List <Param> respHeader, string customSoapHeaderTags, string customSoapBodyTags, string customRequestHeader)
{
int paramIndexToTest = 0;
for (int i = 0; i < operation.Parameters.Count; i++)
{
if (i == paramIndexToTest)
{
foreach (string payload in vuln.request)
{
bool vulnFoundForParam = false;
wsInvoker.AddParameter(operation.Parameters[i].Name, payload.Trim());
for (int j = 0; j < operation.Parameters.Count; j++)
{
if (j != paramIndexToTest)
{
SetParameterDefaultValue(wsInvoker, operation.Parameters[j], isDebug);
}
}
try
{
try
{
reportObject.TotalRequestCount++;
wsInvoker.InvokeMethod(operation.MethodName, targetNameSpace, wsDesc, ref respHeader, customSoapHeaderTags, customSoapBodyTags, customRequestHeader);
}
catch (SoapException soapEx)
{
SetSoapFaultException(operation, soapEx, WSItemVulnerabilities, isDebug);
}
catch (Exception ex)
{
throw ex;
}
}
finally { wsInvoker.PosInvoke(); }
mainForm.Log(" StatusCode: " + wsInvoker.StatusCode, FontStyle.Regular, isDebug, false);
mainForm.Log(" Result: " + wsInvoker.ResultString, FontStyle.Regular, isDebug, false);
if (!string.IsNullOrEmpty(vuln.statusCode))
{
if (vuln.statusCode.Equals(wsInvoker.StatusCode.ToString()))
{
if (vuln.response == null || vuln.response.Count() == 0)
{
SetVuln(wsInvoker, WSItemVulnerabilities, vuln, operation, payload, operation.Parameters[i].Name, " " + vuln.title + " Vulnerability Found: " + wsInvoker.ResultString + " - Status Code: " + vuln.statusCode);
vulnFoundForParam = true;
}
else
{
foreach (string text in vuln.response)
{
if (wsInvoker.ResultString.Trim().Contains(text.Trim()))
{
SetVuln(wsInvoker, WSItemVulnerabilities, vuln, operation, payload, operation.Parameters[i].Name, " " + vuln.title + " Vulnerability Found: " + wsInvoker.ResultString + " - Response Text Contains: " + text + " - Status Code: " + vuln.statusCode);
vulnFoundForParam = true;
break;
}
}
}
}
}
else
{
foreach (string text in vuln.response)
{
//if (System.Text.RegularExpressions.Regex.IsMatch(wsInvoker.ResultString.Trim(), text.Trim(), System.Text.RegularExpressions.RegexOptions.IgnoreCase))
if (wsInvoker.ResultString.Trim().Contains(text.Trim()))
{
// Vulnerability Found
SetVuln(wsInvoker, WSItemVulnerabilities, vuln, operation, payload, operation.Parameters[i].Name, " " + vuln.title + " Vulnerability Found: " + wsInvoker.ResultString + " - Response Text Contains: " + text);
vulnFoundForParam = true;
break;
}
}
}
if (vulnFoundForParam)
{
break;
}
}
}
paramIndexToTest++;
}
}
private void SetParameterDefaultValue(WebServiceToInvoke wsInvoker, WSParameter wSParameter, bool isDebug)
{
switch (wSParameter.TypeName)
{
case "int":
mainForm.Log(" " + wSParameter.Name + " - " + wSParameter.TypeName + ":" + DefaultValues.IntDefaultVal, FontStyle.Regular, isDebug);
wsInvoker.AddParameter(wSParameter.Name, DefaultValues.IntDefaultVal);
break;
case "string":
mainForm.Log(" " + wSParameter.Name + " - " + wSParameter.TypeName + ":" + DefaultValues.StringDefaultVal, FontStyle.Regular, isDebug);
wsInvoker.AddParameter(wSParameter.Name, DefaultValues.StringDefaultVal);
break;
case "double":
mainForm.Log(" " + wSParameter.Name + " - " + wSParameter.TypeName + ":" + DefaultValues.DoubleDefaultVal, FontStyle.Regular, isDebug);
wsInvoker.AddParameter(wSParameter.Name, DefaultValues.DoubleDefaultVal);
break;
case "decimal":
mainForm.Log(" " + wSParameter.Name + " - " + wSParameter.TypeName + ":" + DefaultValues.DecimalDefaultVal, FontStyle.Regular, isDebug);
wsInvoker.AddParameter(wSParameter.Name, DefaultValues.DecimalDefaultVal);
break;
case "boolean":
mainForm.Log(" " + wSParameter.Name + " - " + wSParameter.TypeName + ":" + DefaultValues.BooleanDefaultVal, FontStyle.Regular, isDebug);
wsInvoker.AddParameter(wSParameter.Name, DefaultValues.BooleanDefaultVal);
break;
case "bool":
mainForm.Log(" " + wSParameter.Name + " - " + wSParameter.TypeName + ":" + DefaultValues.BooleanDefaultVal, FontStyle.Regular, isDebug);
wsInvoker.AddParameter(wSParameter.Name, DefaultValues.BooleanDefaultVal);
break;
default:
mainForm.Log(" " + wSParameter.Name + " - " + wSParameter.TypeName + ":" + DefaultValues.StringDefaultVal, FontStyle.Regular, isDebug);
wsInvoker.AddParameter(wSParameter.Name, DefaultValues.StringDefaultVal);
break;
}
}
private void CheckVulnsExceptAuth(WebServiceToInvoke wsInvoker, WSOperation operation, VulnerabilitiesVulnerability vuln,
string targetNameSpace, WSDescriber wsDesc, WSDescriberForReport WSItemVulnerabilities, ReportObject reportObject,
bool isDebug, ref List<Param> respHeader, string customSoapHeaderTags, string customSoapBodyTags)
{
int paramIndexToTest = 0;
for (int i = 0; i < operation.Parameters.Count; i++)
{
if (i == paramIndexToTest)
{
foreach (string payload in vuln.request)
{
bool vulnFoundForParam = false;
wsInvoker.AddParameter(operation.Parameters[i].Name, payload.Trim());
for (int j = 0; j < operation.Parameters.Count; j++)
{
if (j != paramIndexToTest)
{
SetParameterDefaultValue(wsInvoker, operation.Parameters[j], isDebug);
}
}
try
{
try
{
reportObject.TotalRequestCount++;
wsInvoker.InvokeMethod(operation.MethodName, targetNameSpace, wsDesc, ref respHeader, customSoapHeaderTags, customSoapBodyTags);
}
catch (SoapException soapEx)
{
SetSoapFaultException(operation, soapEx, WSItemVulnerabilities, isDebug);
}
catch (Exception ex)
{
throw ex;
}
}
finally { wsInvoker.PosInvoke(); }
mainForm.Log(" StatusCode: " + wsInvoker.StatusCode, FontStyle.Regular, isDebug);
mainForm.Log(" Result: " + wsInvoker.ResultString, FontStyle.Regular, isDebug);
if (!string.IsNullOrEmpty(vuln.statusCode))
{
if (vuln.statusCode.Equals(wsInvoker.StatusCode.ToString()))
{
if (vuln.response == null || vuln.response.Count() == 0)
{
SetVuln(wsInvoker, WSItemVulnerabilities, vuln, operation, payload, operation.Parameters[i].Name, " " + vuln.title + " Vulnerability Found: " + wsInvoker.ResultString + " - Status Code: " + vuln.statusCode);
vulnFoundForParam = true;
}
else
{
foreach (string text in vuln.response)
{
if (wsInvoker.ResultString.Trim().Contains(text.Trim()))
{
SetVuln(wsInvoker, WSItemVulnerabilities, vuln, operation, payload, operation.Parameters[i].Name, " " + vuln.title + " Vulnerability Found: " + wsInvoker.ResultString + " - Response Text Contains: " + text + " - Status Code: " + vuln.statusCode);
vulnFoundForParam = true;
break;
}
}
}
}
}
else
{
foreach (string text in vuln.response)
{
//if (System.Text.RegularExpressions.Regex.IsMatch(wsInvoker.ResultString.Trim(), text.Trim(), System.Text.RegularExpressions.RegexOptions.IgnoreCase))
if (wsInvoker.ResultString.Trim().Contains(text.Trim()))
{
// Vulnerability Found
SetVuln(wsInvoker, WSItemVulnerabilities, vuln, operation, payload, operation.Parameters[i].Name, " " + vuln.title + " Vulnerability Found: " + wsInvoker.ResultString + " - Response Text Contains: " + text);
vulnFoundForParam = true;
break;
}
}
}
if (vulnFoundForParam)
{
break;
}
}
}
paramIndexToTest++;
}
}