Traceback (most recent call last):
File \"commix.py", line 36, in <module>
main()
File \"commix.py", line 31, in main
import src.core.main
File \"main.py", line 899, in <module>
main(filename, url, http_request_method)
File \"main.py", line 560, in main
controller.do_check(url, http_request_method, filename)
File \"controller.py", line 743, in do_check
perform_checks(url, http_request_method, filename)
File \"controller.py", line 706, in perform_checks
data_checks(url, http_request_method, filename, timesec)
File \"controller.py", line 627, in data_checks
if get_request(url, http_request_method, filename, timesec) is None:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File \"controller.py", line 590, in get_request
do_injection(found_url, settings.HTTPMETHOD.GET, header_name, url, http_request_method, filename, timesec)
File \"controller.py", line 576, in do_injection
injection_proccess(url, check_parameter, http_request_method, filename, timesec)
File \"controller.py", line 364, in injection_proccess
url = command_injection_heuristic_basic(url, http_request_method, check_parameter, the_type, header_name, inject_http_headers)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File \"controller.py", line 149, in command_injection_heuristic_basic
response, url = heuristic_request(url, http_request_method, check_parameter, payload, whitespace)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File \"controller.py", line 129, in heuristic_request
response = requests.get_request_response(request)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File \"requests.py", line 405, in get_request_response
headers.check_http_traffic(request)
File \"headers.py", line 210, in check_http_traffic
response = _urllib.request.urlopen(request, timeout=settings.TIMEOUT)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File \"request.py", line 215, in urlopen
return opener.open(url, data, timeout)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File \"request.py", line 515, in open
response = self._open(req, data)
^^^^^^^^^^^^^^^^^^^^^
File \"request.py", line 532, in _open
result = self._call_chain(self.handle_open, protocol, protocol +
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File \"request.py", line 492, in _call_chain
result = func(*args)
^^^^^^^^^^^
File \"request.py", line 1373, in http_open
return self.do_open(http.client.HTTPConnection, req)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File \"request.py", line 1344, in do_open
h.request(req.get_method(), req.selector, req.data, headers,
File \"client.py", line 1336, in request
self._send_request(method, url, body, headers, encode_chunked)
File \"client.py", line 1347, in _send_request
self.putrequest(method, url, **skips)
File \"client.py", line 1181, in putrequest
self._validate_path(url)
File \"client.py", line 1281, in _validate_path
raise InvalidURL(f"URL can't contain control characters. {url!r} "
http.client.InvalidURL: URL can't contain control characters. '/firestore/databases/esmeralda-db/data/panel/users/h9WhArg6Fs8nQCSWPk81?project=\\f\\r\\i\\e\\n\\d\\l\\y-\\i\\d\\ea-441420-\\s2;\\e\\c\\h\\o%20`\\e\\x\\p\\r 2071%20%2B%204935`%26\\e\\c\\h\\o%20`\\e\\x\\p\\r 2071%20%2B%204935`|\\e\\c\\h\\o%20`\\e\\x\\p\\r 2071%20%2B%204935`\\n\\r\\r\\y\\V\\Q\\b5\\P\\v' (found at least ' ')
commixreporter
commented
1 week ago