Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

(Fixes issue 406): when checking for URI path Xss, remove the last / from the url in case there is one. It will be added later.

Browse Source 
git-svn-id: https://beef.googlecode.com/svn/trunk@1245 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
This commit is contained in:
antisnatchor
2011-08-31 08:43:57 +00:00
parent cfe0b3e87b
commit 59bfab48a3
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
core/main/client/net/xssrays.js
View File

@@ -276,6 +276,13 @@ beef.net.xssrays = {
run: function(url, method, vector, params, urlencode) {
this.stack.push(function() {
//check if the URL end with / . In this case remove the last /, as it will be added later.
// this check is needed only when checking for URI path injections
if(url[url.length - 1] == "/" && params == null){
url = url.substring(0, url.length - 2);
beef.net.xssrays.printDebug("Remove last / from url. New url [" + url + "]");
}
beef.net.xssrays.uniqueID++;
beef.net.xssrays.printDebug('Processing vector [' + vector.name + "], URL [" + url + "]");
var poc = '';