Exception: Invalid URL "urn:Microsoft.Search/Status"

[kravietz]

An exception was found while running discovery.webSpider on "/path/foo/h/path/foo/t/path/foo/t/path/foo/p/path/foo/:/path/foo///path/foo///path/foo/d/path/foo/o/path/foo/m/path/foo/a/path/foo/i/path/foo/n/path/foo///path/foo/_/path/foo/v/path/foo/t/path/foo/i/path/foo/_/path/foo/b/path/foo/i/path/foo/n/path/foo///path/foo/s/path/foo/e/path/foo/a/path/foo/r/path/foo/c/path/foo/h/path/foo/./path/foo/a/path/foo/s/path/foo/m/path/foo/x/path/foo/ /path/foo/|/path/foo/ /path/foo/M/path/foo/e/path/foo/t/path/foo/h/path/foo/o/path/foo/d/path/foo/:/path/foo/ /path/foo/G/path/foo/E/path/foo/T/path/foo/". 
The exception was: "Invalid URL "urn:Microsoft.Search/Status"" at urlParser.py:420. The scan will continue but some vulnerabilities might not be identified.

[andresriancho]

Regarding the invalid URL bug, while it's correct for the url parser to report an invalid URL for that input, there should be a try/except somewhere else.

Could you let us know which URL and configuration can we use to trigger this error?

[andresriancho]

Ping!

[kravietz]

It was internal SharePoint site, so difficult to cite specific URL. But this URN is endemic to SharePoint sites - have a look here for example: http://www.polsl.pl/szukaj/_vti_bin/search.asmx?op=Status

[andresriancho]

Ok, so I downloaded the HTML with the invalid URL, created a unittest around it and it worked fine on the threading2 branch (which is what matters today for me). It might still be the case that master is broken, but since threading2 will replace master in some days it's not a big issue.