(self)
| 175 | |
| 176 | |
| 177 | def test_quotes(self): |
| 178 | |
| 179 | channel = Channel({ |
| 180 | 'url' : 'http://127.0.0.1:15001/reflect/mako?inj=asd', |
| 181 | 'force_level': [ 0, 0 ], |
| 182 | 'injection_tag': '*', |
| 183 | 'technique': 'RT' |
| 184 | }) |
| 185 | obj = detect_template_injection(channel, [ Mako ]) |
| 186 | |
| 187 | result = obj.execute("""echo 1"2"'3'\\"\\'""") |
| 188 | self.assertEqual(result, """123"'""") |
| 189 | |
| 190 | channel = Channel({ |
| 191 | 'url' : 'http://127.0.0.1:15001/blind/mako?inj=asd', |
| 192 | 'force_level': [ 0, 0 ], |
| 193 | 'injection_tag': '*', |
| 194 | 'technique': 'RT' |
| 195 | }) |
| 196 | obj = detect_template_injection(channel, [ Mako ]) |
| 197 | |
| 198 | self.assertTrue(obj.execute_blind("""echo 1"2"'3'\\"\\'""")) |
| 199 | |
| 200 | def test_auth_reflection(self): |
| 201 |
nothing calls this directly
no test coverage detected