New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Parsing error in "-mode sniper"; "&" character is getting replaced by letter "Z" #579
Comments
Good catch, I think we may be hitting a rune parsing issue in |
Got it, the issue was with any single-character payload location between the section signs and the silly string slice logic. Have moved to a dedicated output slice, added in some tests, and opened the PR for the fix. With the fix:
|
Hey Dol! Thank you for reacting so fast and for working on issue. Glad that it was such a easy fix. And looking forward to test this super handy sniper mode! Best, |
Hi team,
When running the latest (v1.5.0)
ffuf
, I encountered the following issue.I am not used to the go language, but I think that an issue lies in the parser.
Explicitly while the code is trying to execute this feature as mentioned PR #469:
What is happening is that when substituting any but the last parameter
&
character is getting replaced byZ
.To showcase, I prepared a simple payload file as a word list:
And following are the logs from my local web server.
As you can see
file?id=§a§&sort=§b§&test=§c§
got replaced byfile?id=payload2Zsort=b&test=c
, making the request invalid.I also tried an example mentioned by @denandz in Add Sniper Mode #469; however, the result remains the same.
It worked better, but the replace mechanism replaced the
]
character withZ
.I hope it will be fixed because I use
ffuf
regularly and findsniper
integration an ingenious idea.Thanks and good work!!
The text was updated successfully, but these errors were encountered: