Exploiting-Vulnerable-Website / LegacySite / tests.py
tests.py
Raw 
from django.test import TestCase, Client
from LegacySite.models import Card
import io
import json
import os
# Create your tests here.

class MyTest(TestCase):
    # Django's test run with an empty database. We can populate it with
    # data by using a fixture. You can create the fixture by running:
    #    mkdir LegacySite/fixtures
    #    python manage.py dumpdata LegacySite > LegacySite/fixtures/testdata.json
    # You can read more about fixtures here:
    #    https://docs.djangoproject.com/en/4.0/topics/testing/tools/#fixture-loading
    fixtures = ["testdata.json"]

    # Assuming that your database had at least one Card in it, this
    # test should pass.
    def test_get_card(self):
        allcards = Card.objects.all()
        self.assertNotEqual(len(allcards), 0)
    def setUp(self):
        self.client = Client()
    def test_XSS(self):
        response = self.client.get('/buy/?director=<script>alert()</script>')
        s= response.content.decode('utf-8')
        check = s.find("<script>alert()</script>")
        if check >= 0:
            raise Exception("XSS Vulnerability detected!")
    def test_CSRF_byGETmethod(self):
        self.client.login(username='test2',password='test123')
        try:
            response =self.client.get('/gift?username=test&amount=100')
            s= response.content.decode('utf-8')
            check = s.find("Card given to test")
            if check >= 0:
                raise Exception("XSS Vulnerability detected!")
        except ValueError:
            pass
        
        
    def test_SQLi(self):
        self.client.login(username='test2',password='test123')
        card = {"merchant_id": "NYU Apparel Card", 
                "customer_id": "test",
                "total_value": "100", 
                "records": 
                    [
                        {"record_type": "amount_change", 
                         "amount_added": 2000, 
                         "signature": "12345'union all select password from LegacySite_user where username = \"admin\" -- "}]}
        js = json.dumps(card)
        with io.StringIO(js) as fp:
            response =self.client.post('/use/',{'card_supplied': True, 'card_data':fp})

        s= response.content.decode('utf-8')
        check = s.find("000000000000000000000000000078d2")
        if check >= 0:
            raise Exception("SQLi Vulnerability detected!")
        
    def test_CommandInjection(self):
        self.client.login(username='test2',password='test123')
        try:
            with open("LegacySite/CommandInjection.gftcrd","rb")  as fp:
                response =self.client.post('/use/',{'card_supplied': True, 'card_data':fp,'card_fname':'newcard_2_parser.gftcrd;touch injected.txt;'})
        except json.decoder.JSONDecodeError:
            pass
        if os.path.exists('injected.txt'):
            raise Exception("Command Injection detected!")
Powered by GitFront