Merge branch 'develop' into 'master'

fixed the issue when the form is using js or redirecting the page, the xss might end up in loop See merge request sparroweiss/Kineret-206-pweb!36
covertivy · Apr 4, 2021 · 4f38d5c · 4f38d5c
2 parents 3ca08e7 + b4efc62
commit 4f38d5c
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 11 deletions.
diff --git a/Methods.py b/Methods.py
@@ -94,26 +94,27 @@ def submit_form(data: Classes.Data, browser: Classes.Browser, inputs: list):
     """
     # In case of multi-threading, we need to make sure that no one is interrupting anyone.
     data.mutex.acquire()
-    # Sending the request.
-    start = time.time()  # Getting time of normal input.
+    # Getting time of normal input.
+    start = time.time()
     # The elements we want to submit.
     elements = list()
     if browser.requests:
         del browser.requests
+    before_submit = browser.page_source  # There are action forms that use js instead of requests.
     for input_tag in inputs:
         if "type" in input_tag.keys() and input_tag['type'] == "hidden":
             continue
         # Using the inserted value.
         if "name" in input_tag.keys():
             # Only if the input has a name attribute.
-            element = browser.find_element_by_name(input_tag["name"])
             try:
+                element = browser.find_element_by_name(input_tag["name"])
                 if input_tag in get_text_inputs(inputs):
                     # You can only send a key to text inputs.
                     element.send_keys(input_tag["value"])
                 elements.append({"element": element,
-                                 "name": input_tag["name"],
-                                 "type": input_tag["type"]})
+                                "name": input_tag["name"],
+                                "type": input_tag["type"]})
             except:
                 # Could not send keys to the form for some reason.
                 continue
@@ -130,17 +131,16 @@ def submit_form(data: Classes.Data, browser: Classes.Browser, inputs: list):
                 continue
             else:
                 break
-        if not len(browser.requests):
+        if not len(browser.requests) and before_submit == browser.page_source:
             # Did not do anything.
             elements[0]["element"].submit()  # Sending the form.
     except Exception as e:
-        if not len(browser.requests):
+        if not len(browser.requests) and before_submit == browser.page_source:
             # Did not do anything.
             raise e
     finally:
         data.mutex.release()
-    run_time = time.time() - start
-    return run_time
+    return time.time() - start
 
 
 def enter_cookies(data: Classes.Data, browser: Classes.Browser, url: str):

diff --git a/plugins/xss.py b/plugins/xss.py
@@ -345,8 +345,8 @@ def brute_force_alert(data: Classes.Data, page: Classes.Page, payloads: list):
                 if is_vulnerable:
                     # Page was found to be vulnerable and therefor no need to check.
                     break
-                # Refresh current page to prepare for next iteration.
-                browser.refresh()
+                # Get the current page to prepare for next iteration.
+                browser.get(page.url)
     # Close the webdriver and return results.
     browser.quit()
     return vulnerable_forms