digital-forensics-labs/SecGen
1
0
Fork 0
mirror of https://github.com/cliffe/SecGen.git synced 2026-02-21 11:18:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ff2' of https://github.com/cliffe/SecGen into ff2

Browse Source
This commit is contained in:
Z. Cliffe Schreuders
2019-07-11 17:16:15 +01:00
parent 3b279a6f08 c80a7a1558
commit 7e88fd51ec
4 changed files with 8 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lib/objects/post_provision_test.rb
View File

@@ -111,7 +111,10 @@ class PostProvisionTest
def get_json_inputs
json_inputs_path = "#{File.expand_path('../', self.module_path)}/secgen_functions/files/json_inputs/*"
json_inputs_files = Dir.glob(json_inputs_path)
json_inputs_files.delete_if {|path| !path.include?(self.module_name)}
json_inputs_files.delete_if do |path|
end_path = path.split('/')[-1]
!end_path.include?(self.module_name)
end
if json_inputs_files.size > 0
return JSON.parse(Base64.strict_decode64(File.read(json_inputs_files.first)))
end

3
modules/vulnerabilities/unix/webapp/onlinestore/files/mysql_setup.sh
View File

@@ -2,11 +2,10 @@
USERNAME=${1}
PASSWORD=${2}
token=${3}
echo "CREATE USER '${USERNAME}'@'localhost' IDENTIFIED BY '${PASSWORD}';"| mysql --force
echo "GRANT ALL PRIVILEGES ON * . * TO '${USERNAME}'@'localhost';"| mysql --force
echo "CREATE DATABASE csecvm;"| mysql --user=${USERNAME} --password=${PASSWORD} --force
mysql --force --user=${USERNAME} --password=${PASSWORD} csecvm < ./csecvm.sql
echo "USE csecvm; INSERT INTO token VALUES ('${token}');" | mysql --force --user=${USERNAME} --password=${PASSWORD}
echo "USE csecvm;" | mysql --force --user=${USERNAME} --password=${PASSWORD}

2
modules/vulnerabilities/unix/webapp/onlinestore/manifests/install.pp
View File

@@ -115,7 +115,7 @@ class onlinestore::install {
exec { 'setup_mysql':
cwd => "/tmp",
command => "sudo ./mysql_setup.sh $db_username $db_password $db_flag",
command => "sudo ./mysql_setup.sh $db_username $db_password",
path => [ '/bin/', '/sbin/' , '/usr/bin/', '/usr/sbin/' ],
notify => Exec['create_command_injection_flag'],
}

4
modules/vulnerabilities/unix/webapp/onlinestore/templates/csecvm.sql.erb
View File

@@ -151,7 +151,7 @@ DROP TABLE IF EXISTS `token`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `token` (
`token` varchar(256) DEFAULT NULL
`token` text DEFAULT NULL
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
/*!40101 SET character_set_client = @saved_cs_client */;
@@ -161,7 +161,7 @@ CREATE TABLE `token` (
LOCK TABLES `token` WRITE;
/*!40000 ALTER TABLE `token` DISABLE KEYS */;
INSERT INTO `token` VALUES ('f46659047894a919ab5f43c3338811e6');
INSERT INTO token VALUES ('<%= @db_flag -%>');
/*!40000 ALTER TABLE `token` ENABLE KEYS */;
UNLOCK TABLES;