Relax http.parse_form to allow forms without an action

Patch from nnposter: http://seclists.org/nmap-dev/2014/q3/384
2025-12-06 20:51:30 +00:00 · 2014-09-18 03:38:23 +00:00
parent d518e2dbcb
commit 327496d50c
7 changed files with 6 additions and 8 deletions
--- a/nselib/http.lua
+++ b/nselib/http.lua
@@ -1914,8 +1914,6 @@ function parse_form(form)
  local form_action = string.match(form, '[Aa][Cc][Tt][Ii][Oo][Nn]=[\'"](.-)[\'"]')
  if form_action then
    parsed["action"] = form_action
-  else
-    return nil
  end

  -- determine if the form is using get or post
--- a/scripts/http-csrf.nse
+++ b/scripts/http-csrf.nse
@@ -134,7 +134,7 @@ action = function(host, port)
        form = http.parse_form(form)

        local resistant = false
-        if form then
+        if form and form.action then
          for _, field in ipairs(form['fields']) do

            -- First we check the field's name.
--- a/scripts/http-fileupload-exploiter.nse
+++ b/scripts/http-fileupload-exploiter.nse
@@ -256,7 +256,7 @@ action = function(host, port)

        form = http.parse_form(form)

-        if form then
+        if form and form.action then

          local action_absolute = string.find(form["action"], "https*://")

--- a/scripts/http-form-fuzzer.nse
+++ b/scripts/http-form-fuzzer.nse
@@ -195,7 +195,7 @@ function action(host, port)
      local maxlen = target["maxlength"] or maxlen_global
      for _,form_plain in ipairs(all_forms) do
        local form = http.parse_form(form_plain)
-        if form then
+        if form and form.action then
          local affected_fields = fuzz_form(form, minlen, maxlen, host, port, path)
          if #affected_fields > 0 then
            affected_fields["name"] = "Path: "..path.." Action: "..form["action"]
--- a/scripts/http-rfi-spider.nse
+++ b/scripts/http-rfi-spider.nse
@@ -198,7 +198,7 @@ function action(host, port)
      for _,form_plain in ipairs(all_forms) do
        local form = http.parse_form(form_plain)
        local path = r.url.path
-        if form then
+        if form and form.action then
          local vulnerable_fields = check_form(form, host, port, path)
          if #vulnerable_fields > 0 then
            vulnerable_fields["name"] = "Possible RFI in form at path: "..path..", action: "..form["action"].." for fields:"
--- a/scripts/http-sql-injection.nse
+++ b/scripts/http-sql-injection.nse
@@ -247,7 +247,7 @@ action = function(host, port)
      for _,form_plain in ipairs(all_forms) do
        local form = http.parse_form(form_plain)
        local path = r.url.path
-        if form then
+        if form and form.action then
          local vulnerable_fields = check_form(form, host, port, path)
          if #vulnerable_fields > 0 then
            vulnerable_fields["name"] = "Form at path: "..path..", form's action: "..form["action"]..". Fields that might be vulnerable:"
--- a/scripts/http-stored-xss.nse
+++ b/scripts/http-stored-xss.nse
@@ -202,7 +202,7 @@ action = function(host, port)

        form = http.parse_form(form)

-        if form then
+        if form and form.action then

          local action_absolute = string.find(form["action"], "https*://")