Relax http.parse_form to allow forms without an action

Patch from nnposter: http://seclists.org/nmap-dev/2014/q3/384
2025-12-09 14:11:29 +00:00 · 2014-09-18 03:38:23 +00:00
parent d518e2dbcb
commit 327496d50c
7 changed files with 6 additions and 8 deletions
--- a/scripts/http-rfi-spider.nse
+++ b/scripts/http-rfi-spider.nse
@@ -198,7 +198,7 @@ function action(host, port)
      for _,form_plain in ipairs(all_forms) do
        local form = http.parse_form(form_plain)
        local path = r.url.path
-        if form then
+        if form and form.action then
          local vulnerable_fields = check_form(form, host, port, path)
          if #vulnerable_fields > 0 then
            vulnerable_fields["name"] = "Possible RFI in form at path: "..path..", action: "..form["action"].." for fields:"