I've noticed that there is a bug in the mid_paths mode, something that I observed when writing my tool that uses bypass-url-parser as a library. (I end up overriding most of the functions and classes).
So the issue is that when the target URL to scan contains query parameters, the mid_paths set of tests does not format the URL properly, stripping the ? (question mark) from the URL.
Steps to reproduce:
Launch a scan on a target URL that comes with query parameters. Example:
https://www.mycoolsite.com/path1/test2/secretendpoint?a=test
You will notice that ? is being stripped, basically, the URL is not correctly formatted, and the URL being scanned becomes something like this:
https://www.mycoolsite.com/path1/test2/secretendpointa=test
I've noticed that there is a bug in the mid_paths mode, something that I observed when writing my tool that uses bypass-url-parser as a library. (I end up overriding most of the functions and classes).
So the issue is that when the target URL to scan contains query parameters, the mid_paths set of tests does not format the URL properly, stripping the
?(question mark) from the URL.Steps to reproduce:
Launch a scan on a target URL that comes with query parameters. Example:
https://www.mycoolsite.com/path1/test2/secretendpoint?a=testYou will notice that
?is being stripped, basically, the URL is not correctly formatted, and the URL being scanned becomes something like this:https://www.mycoolsite.com/path1/test2/secretendpointa=test