Skip to content

Commit

Permalink
Adding Process Builder for better execution
Browse files Browse the repository at this point in the history
  • Loading branch information
@preetkaran20
preetkaran20 committed Jul 26, 2020
1 parent 4b6876e commit ba21c84
Showing 1 changed file with 14 additions and 7 deletions.
21 changes: 14 additions & 7 deletions ...a/org/sasanlabs/service/vulnerability/commandInjection/CommandInjectionVulnerability.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.util.concurrent.TimeUnit;

import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
Expand Down Expand Up @@ -46,12 +47,18 @@ public class CommandInjectionVulnerability implements ICustomVulnerableEndPoint{
public ResponseBean<GenericVulnerabilityResponseBean<String>> getVulnerablePayloadLevelUnsecure(
ParameterBean parameterBean)
throws ServiceApplicationException, IOException {
Process process = Runtime.getRuntime().exec("ping " + parameterBean.getQueryParamKeyValueMap().get(IP_ADDRESS) + " -c 2");
(new BufferedReader(new InputStreamReader(process.getInputStream()))).lines().forEach(val -> LOGGER.info(val));
(new BufferedReader(new InputStreamReader(process.getErrorStream()))).lines().forEach(val -> LOGGER.info(val));

return new ResponseBean<GenericVulnerabilityResponseBean<String>>(new GenericVulnerabilityResponseBean<String>());
boolean isWindows = System.getProperty("os.name")
.toLowerCase().startsWith("windows");
Process process;
if(!isWindows) {
process = new ProcessBuilder(new String[] { "bash", "-c", "ping -c 2 " + parameterBean.getQueryParamKeyValueMap().get(IP_ADDRESS)}).redirectErrorStream(true).start();
} else {
process = new ProcessBuilder(new String[] { "cmd", "/c", "ping -n 2 " + parameterBean.getQueryParamKeyValueMap().get(IP_ADDRESS)}).redirectErrorStream(true).start();
}
StringBuilder response = new StringBuilder();
try(BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(process.getInputStream()))) {
bufferedReader.lines().forEach(val -> response.append(val).append("\n"));
}
return new ResponseBean<GenericVulnerabilityResponseBean<String>>(new GenericVulnerabilityResponseBean<String>(response.toString(), true));
}


}

0 comments on commit ba21c84

Please sign in to comment.