Skip to content

Commit

Permalink
Merge pull request #568 from giper45/fix-only-custom-payloads
Browse files Browse the repository at this point in the history 
fix: only custom payload should not insert base xss payloads
  • Loading branch information
@hahwul
hahwul authored Sep 1, 2024
2 parents e1269f9 + 6bf486f commit 5c2e301
Show file tree
Hide file tree
Showing 2 changed files with 53 additions and 51 deletions.
44 changes: 22 additions & 22 deletions CONTRIBUTORS.svg
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
60 changes: 31 additions & 29 deletions pkg/scanning/scan.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -270,36 +270,38 @@ func Scan(target string, options model.Options, sid string) (model.Result, error
vStatus[k] = false
}

// set path base XSS
for k, v := range options.PathReflection {
if strings.Contains(v, "Injected:") {
// Injected pattern
injectedPoint := strings.Split(v, "/")
injectedPoint = injectedPoint[1:]
for _, ip := range injectedPoint {
var arr []string
if strings.Contains(ip, "inJS") {
arr = optimization.SetPayloadValue(getInJsPayload(ip), options)
}
if strings.Contains(ip, "inHTML") {
arr = optimization.SetPayloadValue(getHTMLPayload(ip), options)
}
if strings.Contains(ip, "inATTR") {
arr = optimization.SetPayloadValue(getAttrPayload(ip), options)
}
for _, avv := range arr {
var tempURL string
if len(parsedURL.Path) == 0 {
tempURL = target + "/" + avv
} else {
split := strings.Split(target, "/")
split[k+3] = split[k+3] + avv
tempURL = strings.Join(split, "/")
// set path base XSS if only custom payload is not set
if !options.OnlyCustomPayload {
for k, v := range options.PathReflection {
if strings.Contains(v, "Injected:") {
// Injected pattern
injectedPoint := strings.Split(v, "/")
injectedPoint = injectedPoint[1:]
for _, ip := range injectedPoint {
var arr []string
if strings.Contains(ip, "inJS") {
arr = optimization.SetPayloadValue(getInJsPayload(ip), options)
}
if strings.Contains(ip, "inHTML") {
arr = optimization.SetPayloadValue(getHTMLPayload(ip), options)
}
if strings.Contains(ip, "inATTR") {
arr = optimization.SetPayloadValue(getAttrPayload(ip), options)
}
for _, avv := range arr {
var tempURL string
if len(parsedURL.Path) == 0 {
tempURL = target + "/" + avv
} else {
split := strings.Split(target, "/")
split[k+3] = split[k+3] + avv
tempURL = strings.Join(split, "/")
}
// Add Path XSS Query
tq, tm := optimization.MakeRequestQuery(tempURL, "", "", ip, "toAppend", "NaN", options)
tm["payload"] = avv
query[tq] = tm
}
// Add Path XSS Query
tq, tm := optimization.MakeRequestQuery(tempURL, "", "", ip, "toAppend", "NaN", options)
tm["payload"] = avv
query[tq] = tm
}
}
}
Expand Down

0 comments on commit 5c2e301

Please sign in to comment.