search

commixproject / commix

Automated All-in-One OS Command Injection Exploitation Tool.
https://commixproject.com
Other
4.62k stars 818 forks source link

Bug Report: Unhandled exception "UnboundLocalError: cannot access local variable 'long_string' where it is not associated with a value" (#e5216334) #967

Closed commixreporter closed 1 month ago

commixreporter commented 1 month ago 
Commix version: 4.0-dev#98
Python version: 3.12.7
Operating system: nt
Command line: commix.py -u ************************** --level=3 --random-agent --drop-set-cookie --tamper=backslashes,backticks,base64encode,caret,dollaratsigns,doublequotes,hexencode,multiplespaces,nested,printf2echo,rev,singlequotes,slash2env,sleep2timeout,sleep2usleep,space2htab,space2ifs,space2plus,space2vtab,uninitializedvariable,xforwardedfor --shellshock --all -v 3

Traceback (most recent call last):
  File \"commix.py", line 36, in <module>
    main()
  File \"commix.py", line 31, in main
    import src.core.main
  File \"main.py", line 899, in <module>
    main(filename, url, http_request_method)
  File \"main.py", line 560, in main
    controller.do_check(url, http_request_method, filename)
  File \"controller.py", line 743, in do_check
    perform_checks(url, http_request_method, filename)
  File \"controller.py", line 715, in perform_checks
    headers_checks(url, http_request_method, filename, timesec)
  File \"controller.py", line 650, in headers_checks
    http_headers_injection(url, http_request_method, filename, timesec)
  File \"controller.py", line 475, in http_headers_injection
    user_agent_injection(url, http_request_method, filename, timesec)
  File \"controller.py", line 450, in user_agent_injection
    if check_parameter != header_name or not injection_proccess(url, check_parameter, http_request_method, filename, timesec):
                                             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File \"controller.py", line 364, in injection_proccess
    url = command_injection_heuristic_basic(url, http_request_method, check_parameter, the_type, header_name, inject_http_headers)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File \"controller.py", line 143, in command_injection_heuristic_basic
    checks.perform_payload_modification(payload="")
  File \"checks.py", line 1889, in perform_payload_modification
    payload = caret.tamper(payload)
              ^^^^^^^^^^^^^^^^^^^^^
  File \"caret.py", line 54, in tamper
    return add_caret_symbol(payload)
           ^^^^^^^^^^^^^^^^^^^^^^^^^
  File \"caret.py", line 42, in add_caret_symbol
    re.sub(r'([b-zD-Z])', r'^\1', long_string) : long_string.replace("^", "")
                                  ^^^^^^^^^^^
UnboundLocalError: cannot access local variable 'long_string' where it is not associated with a value
github-actions[bot] commented 1 week ago

This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.

This action has been performed automatically by a bot.