projectdiscovery / katana

A next-generation crawling and spidering framework.
MIT License
12.23k stars 632 forks source link

'-form-extraction' option: form data ignored (suggested fix) #1051

Closed Grizzly2000 closed 3 weeks ago

Grizzly2000 commented 1 month ago

katana version:

   __        __                
  / /_____ _/ /____ ____  ___ _
 /  '_/ _  / __/ _  / _ \/ _  /
/_/\_\\_,_/\__/\_,_/_//_/\_,_/                           

        projectdiscovery.io

[INF] Current version: v1.1.0

Current Behavior:

Using '-form-extraction' option, the extraction of form data is ignored when the action field of the "form" tag is set to "#".

Expected Behavior:

To fix the issue, simply replace the value "#" with an empty string ("") in extracted action field.

Suggested Fix: To fix the problem, add the following code at line 27 of the file pkg/utils/formfields.go:

if action == "#" {
    action = ""
}

Go to File : https://github.com/projectdiscovery/katana/blob/main/pkg/utils/formfields.go#L27

Steps To Reproduce:

./katana -u https://pentest-ground.com:4280/vulnerabilities/sqli/ -fx -j  -or -ob -crawl-scope https://pentest-ground.com:4280/vulnerabilities/sqli/| jq '.response.forms | select( . != null )'

With the patch

   __        __                
  / /_____ _/ /____ ____  ___ _
 /  '_/ _  / __/ _  / _ \/ _  /
/_/\_\\_,_/\__/\_,_/_//_/\_,_/                           

        projectdiscovery.io

[INF] Current katana version v1.1.0 (latest)
[INF] Started standard crawling for => https://pentest-ground.com:4280/vulnerabilities/sqli/
[
  {
    "method": "GET",
    "action": "https://pentest-ground.com:4280/vulnerabilities/sqli/",
    "parameters": [
      "id",
      "Submit"
    ]
  }
]

Without the patch

   __        __                
  / /_____ _/ /____ ____  ___ _
 /  '_/ _  / __/ _  / _ \/ _  /
/_/\_\\_,_/\__/\_,_/_//_/\_,_/                           

        projectdiscovery.io

[INF] Current katana version v1.1.0 (latest)
[INF] Started standard crawling for => https://pentest-ground.com:4280/vulnerabilities/sqli/

Thanks ! :)