crt0mega
/
skipfish
1
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

Further fixes for forms with no action= URL

This commit is contained in:
Steve Pinkham 2010-04-02 13:46:59 -04:00
parent c9b575c01e
commit 9236e119f7
4 changed files with 16 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -1,4 +1,5 @@
Version 1.28b:
Version 1.29b:
--------------
- Forms with no action= URL are now handled correctly.
@ -6,7 +7,6 @@ Version 1.28b:
- Destination host displayed on stats screen.
--------------
Version 1.27b:
--------------

5
README
View File

@ -385,7 +385,10 @@ Lastly, -f controls the maximum number of consecutive HTTP errors you are
willing to see before aborting the scan; and -s sets the maximum length of a
response to fetch and parse (longer responses will be truncated).
Runtime stats can be suppressed with -u to run skipfish in quiet mode.
Further rate-limiting is available through third-party user mode tools such as
trickle, or kernel-level traffic shaping.
Oh, and runtime stats can be suppressed with -u to run skipfish in quiet mode.
--------------------------------
5. But seriously, how to run it?

13
analysis.c
View File

@ -314,8 +314,8 @@ static u8* html_decode_param(u8* url, u8 also_js) {
/* Macro to test for tag names */
#define ISTAG(_val, _tag) \
(!strncasecmp((char*)(_val), _tag, strlen((char*)_tag)) && \
isspace(_val[strlen((char*)_tag)]))
(!strncasecmp((char*)(_val), _tag, strlen((char*)(_tag))) && \
(isspace((_val)[strlen((char*)_tag)]) || !(_val)[strlen((char*)_tag)]))
/* Macro to find and move past parameter name (saves result in
_store, NULL if not found). Buffer needs to be NUL-terminated
@ -671,7 +671,8 @@ void scrape_response(struct http_request* req, struct http_response* res) {
u32 link_type = 0;
u8 set_base = 0, parse_form = 0;
u8 *dirty_url = NULL, *clean_url = NULL, *meta_url = NULL;
u8 *dirty_url = NULL, *clean_url = NULL, *meta_url = NULL,
*delete_dirty = NULL;
cur_str++;
*tag_end = 0;
@ -743,7 +744,10 @@ void scrape_response(struct http_request* req, struct http_response* res) {
/* Forms with no URL submit to current location. */
if (!dirty_url) dirty_url = req->orig_url;
if (!dirty_url || !*dirty_url) {
dirty_url = serialize_path(req, 1, 0);
delete_dirty = dirty_url;
}
} else {
@ -767,6 +771,7 @@ void scrape_response(struct http_request* req, struct http_response* res) {
EXTRACT_ALLOC_VAL(dirty_url, dirty_url);
clean_url = html_decode_param(dirty_url, 0);
ck_free(dirty_url);
ck_free(delete_dirty);
ck_free(meta_url);
if (!*clean_url) goto next_tag;

2
config.h
View File

@ -23,7 +23,7 @@
#ifndef _HAVE_CONFIG_H
#define _HAVE_CONFIG_H
#define VERSION "1.28b"
#define VERSION "1.29b"
#define USE_COLOR 1 /* Use terminal colors */