Skip to content

mid_paths bypass mode does not properly handle target URLs that have query params #55

New issue
New issue
Open
Open
mid_paths bypass mode does not properly handle target URLs that have query params#55
@slicingmelon

Description

@slicingmelon
slicingmelon
opened on Oct 30, 2024

I've noticed that there is a bug in the mid_paths mode, something that I observed when writing my tool that uses bypass-url-parser as a library. (I end up overriding most of the functions and classes).

So the issue is that when the target URL to scan contains query parameters, the mid_paths set of tests does not format the URL properly, stripping the ? (question mark) from the URL.

Steps to reproduce:

Launch a scan on a target URL that comes with query parameters. Example:
https://www.mycoolsite.com/path1/test2/secretendpoint?a=test

You will notice that ? is being stripped, basically, the URL is not correctly formatted, and the URL being scanned becomes something like this:
https://www.mycoolsite.com/path1/test2/secretendpointa=test

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions