Test the given URL for XSS via injection into URL queries and log the XSS if found
(original_body: str, request_URL: str, cookies: Cookies)
| 171 | |
| 172 | |
| 173 | def test_query_injection(original_body: str, request_URL: str, cookies: Cookies): |
| 174 | """Test the given URL for XSS via injection into URL queries and |
| 175 | log the XSS if found""" |
| 176 | parsed_URL = urlparse(request_URL) |
| 177 | query_string = parsed_URL.query |
| 178 | # queries is a list of parameters where each parameter is set to the payload |
| 179 | queries = [ |
| 180 | query.split("=")[0] + "=" + FULL_PAYLOAD.decode("utf-8") |
| 181 | for query in query_string.split("&") |
| 182 | ] |
| 183 | new_query_string = "&".join(queries) |
| 184 | new_URL = parsed_URL._replace(query=new_query_string).geturl() |
| 185 | body = requests.get(new_URL, cookies=cookies).text.lower() |
| 186 | xss_info = get_XSS_data(body, new_URL, "Query") |
| 187 | sqli_info = get_SQLi_data(body, original_body, new_URL, "Query") |
| 188 | return xss_info, sqli_info |
| 189 | |
| 190 | |
| 191 | def log_XSS_data(xss_info: XSSData | None) -> None: |
no test coverage detected
searching dependent graphs…