mirror of
https://github.com/ParisNeo/lollms-webui.git
synced 2025-01-17 10:19:46 +00:00
41 lines
1.4 KiB
Python
41 lines
1.4 KiB
Python
import os
|
|
import requests
|
|
|
|
def test_vulnerabilities():
|
|
"""
|
|
This function tests for two vulnerabilities in the '/open_file' endpoint.
|
|
1. Path Traversal vulnerability: It attempts to access sensitive files by providing a payload with multiple "../" to traverse directories.
|
|
2. Command Injection vulnerability: It attempts to execute additional commands by appending a payload with "&&" and an echo statement.
|
|
|
|
:return: None
|
|
"""
|
|
# Test path traversal vulnerability
|
|
payload = "../../../../../../../../../../etc/passwd"
|
|
url = "http://localhost:9600/open_file"
|
|
data = {"path": payload}
|
|
|
|
response = requests.post(url, json=data)
|
|
if response.status_code == 200:
|
|
if "root:x" in response.text:
|
|
print("Path Traversal vulnerability found!")
|
|
else:
|
|
print("Path Traversal vulnerability not found.")
|
|
else:
|
|
print("Error: ", response.status_code)
|
|
|
|
# Test command injection vulnerability
|
|
payload = "&& echo 'Command Injection Test'"
|
|
data = {"path": payload}
|
|
|
|
response = requests.post(url, json=data)
|
|
if response.status_code == 200:
|
|
if "Command Injection Test" in response.text:
|
|
print("Command Injection vulnerability found!")
|
|
else:
|
|
print("Command Injection vulnerability not found.")
|
|
else:
|
|
print("Error: ", response.status_code)
|
|
|
|
# Call the test function
|
|
test_vulnerabilities()
|