search

WhitewidowScanner / whitewidow

SQL Vulnerability Scanner
972 stars 235 forks source link

[1.9.12.25] Encoding Issue not fixed?? #50

Closed wreckitkenny closed 7 years ago

wreckitkenny commented 7 years ago

Issue/Enhancement/Question (be specific)

Getting error: U+1EDB from UTF-8 to ISO-8859-1

Exact error message/Enhancement information

U+1EDB from UTF-8 to ISO-8859-1

Steps to reproduce if applicable or steps on what should be done

Run with {:default=>true}

Search query if applicable (please use exact search query)

dork: "powered by EQdkp"

User agent (if applicable)

N/A

Whitewidow version number (must have the actual version run ruby whitewidow.rb --version)

1.9.12.25

Ruby version number (run ruby --version)

2.3.3

wreckitkenny commented 7 years ago 
whitewidow# ruby whitewidow.rb -d
 __      __.__    .__  __         __      __.__    .___
/  \    /  \  |__ |__|/  |_  ____/  \    /  \__| __| _/______  _  __
\   \/\/   /  |  \|  \   __\/ __ \   \/\/   /  |/ __ |/  _ \ \/ \/ /
 \        /|   Y  \  ||  | \  ___/\        /|  / /_/ (  <_> )     /
  \__/\  / |___|  /__||__|  \___  >\__/\  / |______ | \____/ \/\_/
       \/       \/              \/      \/           \/    v1.9.12.25(dev)

Clone: https://github.com/WhitewidowScanner/whitewidow.git
Downloads: https://github.com/WhitewidowScanner/whitewidow/releases
[ ! ] Use of this program for malicious intent is illegal. For more information run the --legal flag

[23:13:03 INFO] I'm searching for possible SQL vulnerable sites, using search query store.asp?id=
[23:13:03 INFO] Using default user agent
[23:13:04 ERROR] Failed with error code U+1EDB from UTF-8 to ISO-8859-1
[23:13:04 FATAL] Program failed with error code: U+1EDB from UTF-8 to ISO-8859-1, error saved to error_log.txt
[23:13:04 FATAL] Issue template is being generated for this error, create a new issue named: Gntj2yq U+1EDB from UTF-8 to ISO-8859-1
[23:13:04 INFO] An issue template has been generated for you and is located in /home/kenny/Desktop/Scanning/SQL/whitewidow/tmp/issues/1heRXmg.txt
Ekultek commented 7 years ago

God damn it kenny.

Ekultek commented 7 years ago

I think I'm going to have to update the queries

Ekultek commented 7 years ago

Fixed via feb511f, this is a temp fix, please post all failing queries here

Ekultek commented 7 years ago

@wreckitkenny Do me a favor, run these two commands and post their output ruby whitewidow.rb -d -D store.asp?id= ruby whitewidow.rb -d -D 'dork: "powered by EQdkp"'

wreckitkenny commented 7 years ago 
sudo ruby whitewidow.rb -d -D 'dork: "powered by EQdkp"'
 __      __.__    .__  __         __      __.__    .___
/  \    /  \  |__ |__|/  |_  ____/  \    /  \__| __| _/______  _  __
\   \/\/   /  |  \|  \   __\/ __ \   \/\/   /  |/ __ |/  _ \ \/ \/ /
 \        /|   Y  \  ||  | \  ___/\        /|  / /_/ (  <_> )     /
  \__/\  / |___|  /__||__|  \___  >\__/\  / |______ | \____/ \/\_/
       \/       \/              \/      \/           \/    v1.9.12.25(dev)

Clone: https://github.com/WhitewidowScanner/whitewidow.git
Downloads: https://github.com/WhitewidowScanner/whitewidow/releases
[ ! ] Use of this program for malicious intent is illegal. For more information run the --legal flag

[00:18:01 INFO] I'm searching for possible SQL vulnerable sites, using search query dork: "powered by EQdkp"
[00:18:01 INFO] Using default user agent
[00:18:01 ERROR] Failed with error code U+1EDB from UTF-8 to ISO-8859-1
[00:18:01 FATAL] Program failed with error code: U+1EDB from UTF-8 to ISO-8859-1, error saved to error_log.txt
[00:18:01 FATAL] Issue template is being generated for this error, create a new issue named: FQhpV2p U+1EDB from UTF-8 to ISO-8859-1
[00:18:01 INFO] An issue template has been generated for you and is located in /home/kenny/Desktop/Scanning/SQL/whitewidow/tmp/issues/NMNSqYd.txt

sudo ruby whitewidow.rb -d -D 'dork: "powered by EQdkp"'
 __      __.__    .__  __         __      __.__    .___
/  \    /  \  |__ |__|/  |_  ____/  \    /  \__| __| _/______  _  __
\   \/\/   /  |  \|  \   __\/ __ \   \/\/   /  |/ __ |/  _ \ \/ \/ /
 \        /|   Y  \  ||  | \  ___/\        /|  / /_/ (  <_> )     /
  \__/\  / |___|  /__||__|  \___  >\__/\  / |______ | \____/ \/\_/
       \/       \/              \/      \/           \/    v1.9.12.25(dev)

Clone: https://github.com/WhitewidowScanner/whitewidow.git
Downloads: https://github.com/WhitewidowScanner/whitewidow/releases
[ ! ] Use of this program for malicious intent is illegal. For more information run the --legal flag

[00:18:12 INFO] I'm searching for possible SQL vulnerable sites, using search query dork: "powered by EQdkp"
[00:18:12 INFO] Using default user agent
[00:18:12 ERROR] Failed with error code U+1EDB from UTF-8 to ISO-8859-1
[00:18:12 FATAL] Program failed with error code: U+1EDB from UTF-8 to ISO-8859-1, error saved to error_log.txt
[00:18:12 FATAL] Issue template is being generated for this error, create a new issue named: CKoLO1r U+1EDB from UTF-8 to ISO-8859-1
[00:18:12 INFO] An issue template has been generated for you and is located in /home/kenny/Desktop/Scanning/SQL/whitewidow/tmp/issues/LNpVUS3.txt
Ekultek commented 7 years ago

@wreckitkenny If you find more, post them here

wreckitkenny commented 7 years ago

Ok man

Ekultek commented 7 years ago

Haven't seen anymore for a week, closing the issue