search

hahwul / dalfox

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
https://dalfox.hahwul.com
MIT License
3.55k stars 397 forks source link

form action urls not followed? #424

Open dkegel-fastly opened 1 year ago

dkegel-fastly commented 1 year ago

Describe the bug

Given the page http://localhost containing

<form action="/xss.php">
  <input type="text" id="xss" name="xss"><br>
  <input type="submit" value="Submit">
  </ul>
</form>

the command

dalfox url http://localhost

fetches from

http://localhost/?xss=DalFox

when it should fetch from

http://localhost/app.php?xss=DalFox

It seems ParameterAnalysis() is ignoring the url part of the form action? See https://github.com/hahwul/dalfox/blob/c344c5842423f76e05e98db99965c504bc413e8b/pkg/scanning/parameterAnlaysis.go#L177

doc.Find("form").Each(func(i int, s *goquery.Selection) {
        action, _ := s.Attr("action")
        if strings.HasPrefix(action, "/") || strings.HasPrefix(action, "?") { // assuming this is a relative URL
                url, _ := url.Parse(action)
                query := url.Query()
                for aParam := range query { 
                        p, dp = setP(p, dp, aParam, options)
                        count = count + 1
                }                                  
        }       
})

Environment

dkegel-fastly commented 1 year ago

Is the intent to delegate all crawling to some external tool like katana?