File Coverage

blib/lib/Metabrik/Audit/Drupal.pm

Criterion	Covered	Total	%
statement	9	48	18.7
branch	0	20	0.0
condition	0	15	0.0
subroutine	3	6	50.0
pod	1	3	33.3
total	13	92	14.1

line	stmt	bran	cond	sub	pod	time	code
1							#
2							# $Id$
3							#
4							# audit::drupal Brik
5							#
6							package Metabrik::Audit::Drupal;
7	1			1		683	use strict;
	1					2
	1					31
8	1			1		5	use warnings;
	1					3
	1					29
9
10	1			1		6	use base qw(Metabrik::Client::Www);
	1					2
	1					533
11
12							sub brik_properties {
13							return {
14	0			0	1		revision => '$Revision$',
15							tags => [ qw(unstable) ],
16							author => 'GomoR ',
17							license => 'http://opensource.org/licenses/BSD-3-Clause',
18							attributes => {
19							url_path => [ qw(url_path) ],
20							target => [ qw(uri) ],
21							views_module_chars => [ qw($character_list) ],
22							},
23							attributes_default => {
24							url_path => '/',
25							target => 'http://localhost/',
26							views_module_chars => [ 'a'..'z' ],
27							},
28							commands => {
29							views_module_info_disclosure => [ qw(target\|OPTIONAL url_path\|OPTIONAL char_list\|OPTIONAL) ],
30							core_changelog_txt => [ qw(target\|OPTIONAL url_path\|OPTIONAL) ],
31							},
32							};
33							}
34
35							#
36							# http://www.rapid7.com/db/modules/auxiliary/scanner/http/drupal_views_user_enum
37							# http://www.madirish.net/node/465
38							#
39							sub views_module_info_disclosure {
40	0			0	0		my $self = shift;
41	0						my ($target, $url_path, $chars) = @_;
42
43	0		0				$target \|\|= $self->target;
44	0		0				$url_path \|\|= $self->url_path;
45	0		0				$chars \|\|= $self->views_module_chars;
46	0	0					$self->brik_help_run_undef_arg('views_module_info_disclosure', $target) or return;
47	0	0					$self->brik_help_run_undef_arg('views_module_info_disclosure', $url_path) or return;
48	0	0					$self->brik_help_run_undef_arg('views_module_info_disclosure', $chars) or return;
49	0	0					my $ref = $self->brik_help_run_undef_arg('views_module_info_disclosure', $chars, 'ARRAY')
50							or return;
51
52	0						my $exploit = '?q=admin/views/ajax/autocomplete/user/';
53
54	0						$target =~ s/\/*$//;
55	0						$url_path =~ s/^\/*//;
56
57	0						my @users = ();
58	0						for (@$chars) {
59	0						my $url = $target.'/'.$url_path.$exploit.$_;
60
61	0						$self->log->info("views_module_info_disclosure: testing url: [$url]");
62
63	0	0					my $r = $self->get($url) or next;
64	0	0					if ($r->{code} == 200) {
65	0						my $decoded = $r->{content};
66	0						push @users, $decoded;
67	0						$self->log->verbose($decoded);
68							}
69							}
70
71	0						return \@users;
72							}
73
74							# Gather default information disclosure file
75							sub core_changelog_txt {
76	0			0	0		my $self = shift;
77	0						my ($target, $url_path) = @_;
78
79	0		0				$target \|\|= $self->target;
80	0		0				$url_path \|\|= $self->url_path;
81	0	0					$self->brik_help_run_undef_arg('core_changelog_txt', $target) or return;
82	0	0					$self->brik_help_run_undef_arg('core_changelog_txt', $url_path) or return;
83
84	0						my $exploit = 'CHANGELOG.txt';
85
86	0						$target =~ s/\/*$//;
87	0						$url_path =~ s/^\/*//;
88
89	0						my $url = $target.'/'.$url_path.$exploit;
90
91	0						$self->log->verbose("core_changelog_txt: testing url: [$url]");
92
93	0						my $result = '';
94
95	0	0					my $r = $self->get($url) or return;
96	0	0					if ($r->{code} == 200) {
97	0						$result = $r->{content};
98							}
99
100	0						return $result;
101							}
102
103							1;
104
105							__END__