Home

Xss injector

July 1, 2008 - 6:59am — Anonymous
  1. function page_xss_injector() {
  2.     for($i=0;$i<2;$i++) {
  3.       // Extract the forms url and id
  4.       $form_details = db_fetch_array(db_query("SELECT f.id,l.path FROM {crawler_forms} f INNER JOIN {crawler_links} l ON f.page_id = l.id WHERE status = 2 LIMIT 1"));
  5.       // Visit that url
  6.       $obj = new drupal_security_scanner_test();
  7.       $session_cookie = variable_get('security_scanner_cookie','');
  8.       $obj->curl_options = array(
  9.         CURLOPT_COOKIE => $session_cookie,
  10.       );
  11.       //$obj->drupalGet($form_details['path']);
  12.       $obj->drupalGet('http://localhost/soc2008/?q=node/add/page');
  13.       $obj->parse();
  14.       // Selecting the form that has the id that i already saved into the db(this is because sometimes there are 2 forms inside the same page)
  15.       $textfields = $obj->elements->xpath("//input[@id='edit-page-node-form']/parent::*"); ///  --- [@type='textarea'|@type='textfield']
  16.       foreach ($textfields as $text) {
  17.         // Selecting only textareas and input type = 'text' before seeding
  18.         $all_inputs = $text->elements->xpath("//input[@type='text']|//textarea");
  19.         foreach ($all_inputs as $input) {
  20.           $name = (string)$input->attributes()->name;
  21.           $form_state['values'][$name] = "<script>alert('xss');</script>";
  22.         }
  23.       }
  24.       $return = drupal_execute($form_details['id'], $form_state);
  25.     }
  26. }