From 59bfab48a37f679dcdcb545844e3c9a94c52c283 Mon Sep 17 00:00:00 2001
From: antisnatchor <antisnatchor@b87d56ec-f9c0-11de-8c8a-61c5e9addfc9>
Date: Wed, 31 Aug 2011 08:43:57 +0000
Subject: [PATCH] (Fixes issue 406): when checking for URI path Xss, remove the
 last / from the url in case there is one. It will be added later.

git-svn-id: https://beef.googlecode.com/svn/trunk@1245 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
---
 core/main/client/net/xssrays.js | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/core/main/client/net/xssrays.js b/core/main/client/net/xssrays.js
index 97bcda049..116e08fcc 100644
--- a/core/main/client/net/xssrays.js
+++ b/core/main/client/net/xssrays.js
@@ -276,6 +276,13 @@ beef.net.xssrays = {
     run: function(url, method, vector, params, urlencode) {
         this.stack.push(function() {
 
+            //check if the URL end with / . In this case remove the last /, as it will be added later.
+            // this check is needed only when checking for URI path injections
+            if(url[url.length - 1] == "/" && params == null){
+               url = url.substring(0, url.length - 2);
+               beef.net.xssrays.printDebug("Remove last / from url. New url [" + url + "]");
+            }
+
             beef.net.xssrays.uniqueID++;
             beef.net.xssrays.printDebug('Processing vector [' + vector.name + "], URL [" + url + "]");
             var poc = '';