search

commixproject / commix

Automated All-in-One OS Command Injection Exploitation Tool.
https://commixproject.com
Other
4.62k stars 818 forks source link

Bug Report: Unhandled exception "IndexError: list index out of range" (#3cecc724) #888

Closed commixreporter closed 10 months ago

commixreporter commented 10 months ago 
Commix version: 3.8-stable
Python version: 3.11.2
Operating system: posix
Command line: commix.py -u *************************************************** -commandinj.php -d ************************************************************* -instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:commandinjwsdl"><soapenv:Header/><soapenv:Body><urn:commandinj soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><name xsi:type="xsd:string">*</name></urn:commandinj></soapenv:Body></soapenv:Envelope>

Traceback (most recent call last):
  File "commix.py", line 35, in <module>
    main()
  File "commix.py", line 30, in main
    import src.core.main
  File "main.py", line 819, in <module>
    main(filename, url)
  File "main.py", line 533, in main
    controller.do_check(url, http_request_method, filename)
  File "controller.py", line 753, in do_check
    perform_checks(url, http_request_method, filename)
  File "controller.py", line 681, in perform_checks
    post_request(url, http_request_method, filename, timesec)
  File "controller.py", line 599, in post_request
    check_parameter = parameters.vuln_POST_param(parameter, url)
                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "parameters.py", line 379, in vuln_POST_param
    settings.TESTABLE_VALUE = re.findall(r"" + "([^>]+)" + settings.INJECT_TAG, parameter)[0]
                              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^
IndexError: list index out of range
stasinopoulos commented 10 months ago

Update to latest version. Fixed https://github.com/commixproject/commix/issues/861

github-actions[bot] commented 4 months ago

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related issues.