var target =newTHTTPJob(); //实例化一个HTTP任务var dir =getCurrentDirectory();//获取当前路径target.url=newTURL(scanURL.url+dir.fullPath+"/services");//构造请求urltarget.execute();//执行http请求var wsRes =target.response.body;//获取http请求内容if(!target.wasError&&!target.notFound ){//判断是否访问错误或者是404if(wsRes.indexOf('wsdl') !=-1){logWarning(scanURL.url+dir.fullPath+'----->this web services is exists!!!');//在日志栏显示该调式信息var ri =newTReportItem();//新建一个报告结果,返回给扫描器界面ri.loadFromFile('Web_Services.xml');//载入模板ri.severity="high"//影响等级ri.affects=dir.fullPath+"/services";ri.Request=target.Request.headersString;//测试请求HTTP头输出到界面ri.response=target.response.body;//测试请求HTTP响应内容输出到界面ri.fullResponse=target.fullResponse;//测试请求的完整HTTP响应内容输出到界面//ri.description = "web services";ri.addReference("how do sql inject web services","http://gv7.me/2017/08/12/how-do-sql-inject-web-services/");AddReportItem(ri); }else {logError(scanURL.url+dir.fullPath+"----->This's not web services!!!"); }}else{logWarning(scanURL.url+dir.fullPath+"notFound web services!!!!");}
