Merge pull request #568 from giper45/fix-only-custom-payloads

fix: only custom payload should not insert base xss payloads

Author: hahwul

CONTRIBUTORS.svg

@@ -270,36 +270,38 @@ func Scan(target string, options model.Options, sid string) (model.Result, error
 			vStatus[k] = false
 		}
 
-		// set path base XSS
-		for k, v := range options.PathReflection {
-			if strings.Contains(v, "Injected:") {
-				// Injected pattern
-				injectedPoint := strings.Split(v, "/")
-				injectedPoint = injectedPoint[1:]
-				for _, ip := range injectedPoint {
-					var arr []string
-					if strings.Contains(ip, "inJS") {
-						arr = optimization.SetPayloadValue(getInJsPayload(ip), options)
-					}
-					if strings.Contains(ip, "inHTML") {
-						arr = optimization.SetPayloadValue(getHTMLPayload(ip), options)
-					}
-					if strings.Contains(ip, "inATTR") {
-						arr = optimization.SetPayloadValue(getAttrPayload(ip), options)
-					}
-					for _, avv := range arr {
-						var tempURL string
-						if len(parsedURL.Path) == 0 {
-							tempURL = target + "/" + avv
-						} else {
-							split := strings.Split(target, "/")
-							split[k+3] = split[k+3] + avv
-							tempURL = strings.Join(split, "/")
+		// set path base XSS if only custom payload is not set
+		if !options.OnlyCustomPayload {
+			for k, v := range options.PathReflection {
+				if strings.Contains(v, "Injected:") {
+					// Injected pattern
+					injectedPoint := strings.Split(v, "/")
+					injectedPoint = injectedPoint[1:]
+					for _, ip := range injectedPoint {
+						var arr []string
+						if strings.Contains(ip, "inJS") {
+							arr = optimization.SetPayloadValue(getInJsPayload(ip), options)
+						}
+						if strings.Contains(ip, "inHTML") {
+							arr = optimization.SetPayloadValue(getHTMLPayload(ip), options)
+						}
+						if strings.Contains(ip, "inATTR") {
+							arr = optimization.SetPayloadValue(getAttrPayload(ip), options)
+						}
+						for _, avv := range arr {
+							var tempURL string
+							if len(parsedURL.Path) == 0 {
+								tempURL = target + "/" + avv
+							} else {
+								split := strings.Split(target, "/")
+								split[k+3] = split[k+3] + avv
+								tempURL = strings.Join(split, "/")
+							}
+							// Add Path XSS Query
+							tq, tm := optimization.MakeRequestQuery(tempURL, "", "", ip, "toAppend", "NaN", options)
+							tm["payload"] = avv
+							query[tq] = tm
 						}
-						// Add Path XSS Query
-						tq, tm := optimization.MakeRequestQuery(tempURL, "", "", ip, "toAppend", "NaN", options)
-						tm["payload"] = avv
-						query[tq] = tm
 					}
 				}
 			}