Skip custom header injection check in --forms/--crawl

2025-12-06 04:31:30 +00:00 · 2019-11-06 14:53:33 +01:00
parent 1b1c37e12c
commit 39a46d66e2
2 changed files with 4 additions and 1 deletions
--- a/lib/core/target.py
+++ b/lib/core/target.py
@@ -257,6 +257,9 @@ def _setRequestParams():
            kb.processUserMarks = True

    for place, value in ((PLACE.URI, conf.url), (PLACE.CUSTOM_POST, conf.data), (PLACE.CUSTOM_HEADER, str(conf.httpHeaders))):
+        if place == PLACE.CUSTOM_HEADER and any((conf.forms, conf.crawlDepth)):
+            continue
+
        _ = re.sub(PROBLEMATIC_CUSTOM_INJECTION_PATTERNS, "", value or "") if place == PLACE.CUSTOM_HEADER else value or ""
        if kb.customInjectionMark in _:
            if kb.processUserMarks is None: