Further fixes for forms with no action= URL
This commit is contained in:
parent
c9b575c01e
commit
9236e119f7
|
@ -1,4 +1,5 @@
|
|||
Version 1.28b:
|
||||
Version 1.29b:
|
||||
--------------
|
||||
|
||||
- Forms with no action= URL are now handled correctly.
|
||||
|
||||
|
@ -6,7 +7,6 @@ Version 1.28b:
|
|||
|
||||
- Destination host displayed on stats screen.
|
||||
|
||||
--------------
|
||||
Version 1.27b:
|
||||
--------------
|
||||
|
||||
|
|
5
README
5
README
|
@ -385,7 +385,10 @@ Lastly, -f controls the maximum number of consecutive HTTP errors you are
|
|||
willing to see before aborting the scan; and -s sets the maximum length of a
|
||||
response to fetch and parse (longer responses will be truncated).
|
||||
|
||||
Runtime stats can be suppressed with -u to run skipfish in quiet mode.
|
||||
Further rate-limiting is available through third-party user mode tools such as
|
||||
trickle, or kernel-level traffic shaping.
|
||||
|
||||
Oh, and runtime stats can be suppressed with -u to run skipfish in quiet mode.
|
||||
|
||||
--------------------------------
|
||||
5. But seriously, how to run it?
|
||||
|
|
13
analysis.c
13
analysis.c
|
@ -314,8 +314,8 @@ static u8* html_decode_param(u8* url, u8 also_js) {
|
|||
/* Macro to test for tag names */
|
||||
|
||||
#define ISTAG(_val, _tag) \
|
||||
(!strncasecmp((char*)(_val), _tag, strlen((char*)_tag)) && \
|
||||
isspace(_val[strlen((char*)_tag)]))
|
||||
(!strncasecmp((char*)(_val), _tag, strlen((char*)(_tag))) && \
|
||||
(isspace((_val)[strlen((char*)_tag)]) || !(_val)[strlen((char*)_tag)]))
|
||||
|
||||
/* Macro to find and move past parameter name (saves result in
|
||||
_store, NULL if not found). Buffer needs to be NUL-terminated
|
||||
|
@ -671,7 +671,8 @@ void scrape_response(struct http_request* req, struct http_response* res) {
|
|||
|
||||
u32 link_type = 0;
|
||||
u8 set_base = 0, parse_form = 0;
|
||||
u8 *dirty_url = NULL, *clean_url = NULL, *meta_url = NULL;
|
||||
u8 *dirty_url = NULL, *clean_url = NULL, *meta_url = NULL,
|
||||
*delete_dirty = NULL;
|
||||
|
||||
cur_str++;
|
||||
*tag_end = 0;
|
||||
|
@ -743,7 +744,10 @@ void scrape_response(struct http_request* req, struct http_response* res) {
|
|||
|
||||
/* Forms with no URL submit to current location. */
|
||||
|
||||
if (!dirty_url) dirty_url = req->orig_url;
|
||||
if (!dirty_url || !*dirty_url) {
|
||||
dirty_url = serialize_path(req, 1, 0);
|
||||
delete_dirty = dirty_url;
|
||||
}
|
||||
|
||||
} else {
|
||||
|
||||
|
@ -767,6 +771,7 @@ void scrape_response(struct http_request* req, struct http_response* res) {
|
|||
EXTRACT_ALLOC_VAL(dirty_url, dirty_url);
|
||||
clean_url = html_decode_param(dirty_url, 0);
|
||||
ck_free(dirty_url);
|
||||
ck_free(delete_dirty);
|
||||
ck_free(meta_url);
|
||||
|
||||
if (!*clean_url) goto next_tag;
|
||||
|
|
Loading…
Reference in New Issue