Bugfix : Multiple vulnerabilities in a parameter

Plugin/background.js

@@ -33,14 +33,13 @@ function send_target(server, url, deep, impact){
     http.onreadystatechange = function() {
       if (http.readyState == XMLHttpRequest.DONE) {
         http_data = JSON.parse(http.responseText);
-        console.log(http.responseText);
 
-        // Notifications and update local storage
+        // Update vulns count
-        if (http_data.xss != '0'){
+        chrome.storage.sync.get(['rce','xss','lfi','sql'], function(items) {
-
+            chrome.storage.sync.set({'rce': items['rce']+parseInt(http_data.rce)});
-          // Update XSS count
+            chrome.storage.sync.set({'xss': items['xss']+parseInt(http_data.xss)});
-		      chrome.storage.sync.get(['xss'], function(items) {
+            chrome.storage.sync.set({'lfi': items['lfi']+parseInt(http_data.lfi)});
-            chrome.storage.sync.set({'xss': items['xss']+parseInt(http_data.xss)})
+            chrome.storage.sync.set({'sql': items['sql']+parseInt(http_data.sql)});
         });
 
         // Update vulnerabilities URL list
@@ -48,6 +47,8 @@ function send_target(server, url, deep, impact){
            chrome.storage.sync.set({'list': items['list']+http_data.list})
         });
 
+        // Notifications 
+        if (http_data.xss != '0'){
           new Notification('New vulnerability detected !', {
             icon: 'icon.png',
             body: 'XSS on '+extract_domain(unescape(url))
@@ -55,17 +56,6 @@ function send_target(server, url, deep, impact){
         }
 
         if (http_data.sql != '0'){
-
-          // Update SQL count
-          chrome.storage.sync.get(['sql'], function(items) {
-            chrome.storage.sync.set({'sql': items['sql']+parseInt(http_data.sql)})
-          });
-
-          // Update vulnerabilities URL list
-          chrome.storage.sync.get(['list'], function(items) {
-            chrome.storage.sync.set({'list': items['list']+http_data.list})
-          });
-
           new Notification('New vulnerability detected !', {
             icon: 'icon.png',
             body: 'SQLi on '+extract_domain(unescape(url))
@@ -73,16 +63,6 @@ function send_target(server, url, deep, impact){
         }
 
         if (http_data.lfi != '0'){
-          // Update LFI count
-          chrome.storage.sync.get(['lfi'], function(items) {
-            chrome.storage.sync.set({'lfi': items['lfi']+parseInt(http_data.lfi)})
-          });
-
-          // Update vulnerabilities URL list
-          chrome.storage.sync.get(['list'], function(items) {
-            chrome.storage.sync.set({'list': items['list']+http_data.list})
-          });
-
           new Notification('New vulnerability detected !', {
             icon: 'icon.png',
             body: 'LFI on '+extract_domain(unescape(url))
@@ -90,16 +70,6 @@ function send_target(server, url, deep, impact){
         }
 
         if (http_data.rce != '0'){
-          // Update RCE count
-          chrome.storage.sync.get(['rce'], function(items) {
-            chrome.storage.sync.set({'rce': items['rce']+parseInt(http_data.rce)})
-          });
-
-          // Update vulnerabilities URL list
-          chrome.storage.sync.get(['list'], function(items) {
-            chrome.storage.sync.set({'list': items['list']+http_data.list})
-          });
-
           new Notification('New vulnerability detected !', {
             icon: 'icon.png',
             body: 'RCE on '+extract_domain(unescape(url))

README.md

@@ -49,7 +49,6 @@ var config_server = "http://127.0.0.1:8000";
 - Deep and impact : args['url'],args['deep'],args['impact']
 - Launch scan when a button is clicked/ form submitted / page opened via URL - chrome.tabs.onActivated.addListener
 - Cookies and User Agent in server request
-- BUG multiples vulns not added
 
 ## Thanks
 - Polyglot vector for SQL injections [The Ultimate SQL Injection Payload](https://labs.detectify.com/2013/05/29/the-ultimate-sql-injection-payload/)