added unescaped regex test

s0md3v · Nov 25, 2019 · b68631c · b68631c
1 parent 205b214
commit b68631c
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/core/tests.py b/core/tests.py
@@ -43,7 +43,14 @@ def active_tests(url, root, scheme, delay):
 	if acao_header:
 		if '`.example.com' in acao_header:
 			return 'Broken parser'
-	time.sleep(delay)
+	if root.count('.') > 1:
+		time.sleep(delay)
+		spoofed_root = root.replace('.', 'x', 1)
+		acao_header = requester(url, scheme, spoofed_root)
+		if acao_header:
+			if host(acao_header) == spoofed_root:
+				return 'Unescaped regex'
+		time.sleep(delay)
 	acao_header = requester(url, 'http', root)
 	if acao_header:
 		if acao_header.startswith('http://'):