Skip to content

Commit 5a050c7

Browse files
MindPatchMindPatch
committed
valid_XSS
1 parent d283aaa commit 5a050c7

File tree

3 files changed

+35
-32
lines changed

3 files changed

+35
-32
lines changed

scanners/src/scan.rs

Lines changed: 1 addition & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -56,14 +56,7 @@ impl Scanner {
5656
match module {
5757
"xss" => {
5858
let blocking_headers = valid_to_xss(request);
59-
if blocking_headers.1 == true {
60-
let _ = &bar.println(format!(
61-
"{}: {}",
62-
style("Need Manual Test").yellow().bold(),
63-
request.url
64-
));
65-
}
66-
if !blocking_headers.0 && blocking_headers.1 == false {
59+
if blocking_headers == true {
6760
for payload in self.payloads.iter() {
6861
match payload {
6962
Payloads::XSS(current_payload) => {

scanners/src/scan/xss/mod.rs

Lines changed: 33 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ use indicatif::ProgressBar;
66
use scant3r_utils::{
77
injector::{Injector, Urlinjector},
88
random_str,
9-
requests::{Curl, Msg},
9+
requests::{Curl, Msg, Resp},
1010
};
1111

1212
mod parser;
@@ -30,6 +30,16 @@ pub fn print_poc(report: &Report) -> String {
3030
)
3131
}
3232

33+
pub fn csp_message(url: &str) -> String {
34+
format!(
35+
"{} {} {}: {}",
36+
style("[CSP]").yellow(),
37+
style(">>").blink(),
38+
style("Needs manual testing").yellow().bold(),
39+
url
40+
)
41+
}
42+
3343
fn get_cspcheck() -> Vec<&'static str> {
3444
vec![
3545
".doubleclick.net",
@@ -82,7 +92,17 @@ fn get_cspcheck() -> Vec<&'static str> {
8292
]
8393
}
8494

85-
pub fn valid_to_xss(req: &Msg) -> (bool, bool) {
95+
pub fn csp_check(resp: &str) -> bool {
96+
let csp_list = get_cspcheck();
97+
for csp_item in csp_list {
98+
if resp.contains(csp_item) {
99+
return true;
100+
}
101+
}
102+
false
103+
}
104+
105+
pub fn valid_to_xss(req: &Msg) -> bool {
86106
let block_headers = vec![
87107
"application/json",
88108
"application/javascript",
@@ -96,39 +116,23 @@ pub fn valid_to_xss(req: &Msg) -> (bool, bool) {
96116
"application/rss+xml",
97117
];
98118

99-
let mut is_html = false;
100-
let mut need_manual_check = false;
119+
let mut is_html = true;
101120
match req.send() {
102121
Ok(resp) => {
103-
for csp in get_cspcheck().iter() {
104-
if resp.headers.get("Content-Security-Policy").is_some() {
105-
if resp
106-
.headers
107-
.get("Content-Security-Policy")
108-
.unwrap()
109-
.to_str()
110-
.unwrap()
111-
.contains(csp)
112-
{
113-
need_manual_check = true;
114-
}
115-
}
116-
}
117122
block_headers.iter().for_each(|header| {
118123
if resp.headers.contains_key("Content-Type") {
119124
if resp.headers.get("Content-Type").unwrap() == header {
120-
is_html = true;
125+
is_html = false;
121126
}
122-
} else {
123-
is_html = true;
124-
}
127+
}
125128
})
126129
}
127130
Err(_e) => {
128-
return (false, false);
131+
println!("ERR\n\n\n\n");
132+
return false;
129133
}
130134
}
131-
(is_html, need_manual_check)
135+
is_html
132136
}
133137

134138
pub struct Xss<'t> {
@@ -194,6 +198,11 @@ impl XssUrlParamsValue for Xss<'_> {
194198
continue;
195199
}
196200
};
201+
if res.headers.get("Content-Security-Policy").is_some() {
202+
if csp_check(res.headers.get("Content-Security-Policy").unwrap().to_str().unwrap()) {
203+
_prog.println(csp_message(&res.url.as_str()));
204+
}
205+
}
197206
for reflect in html_parse(&res.body.as_str(), &payload).iter() {
198207
let payload_generator =
199208
PayloadGen::new(&res.body.as_str(), reflect, &payload, &self.payloads);

urls.txt

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,4 @@
1+
http://192.248.191.187/csp?p=12
12
http://testphp.vulnweb.com/redir.php?r=http://savijoco.blogspot.com/goo
23
http://localhost:8080/xss/reflect/onmouseover?in=fas
34
http://localhost:8080/xss/reflect/onmouseoveffr?in=fas

0 commit comments

Comments
 (0)