search

dionach / CMSmap

CMSmap is a python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs.
GNU General Public License v3.0
1.03k stars 253 forks source link

"worprees plugin bug dar" directory contains unmasked control characters #19

Open merlinwoff opened 4 years ago

merlinwoff commented 4 years ago

Issue Details

CMSmap Version: v1.0 CMS Type: Wordpress CMS Version: 2.7.1 Plugin Name: - OS Information: CentOS 8

Getting strange error with control characters in URLs after updating ExploitDB.

Exception in thread Thread-2: Traceback (most recent call last): File "/usr/lib64/python3.6/threading.py", line 916, in _bootstrap_inner self.run() File "/opt/CMSmap/cmsmap/lib/threadscanner.py", line 30, in run requester.request(self.url + self.pluginPath + plugin + self.pluginPathEnd, data=None) File "/opt/CMSmap/cmsmap/lib/requester.py", line 29, in request self.response = urllib.request.urlopen(self.req, context=self.ctx) File "/usr/lib64/python3.6/urllib/request.py", line 223, in urlopen return opener.open(url, data, timeout) File "/usr/lib64/python3.6/urllib/request.py", line 526, in open response = self._open(req, data) File "/usr/lib64/python3.6/urllib/request.py", line 544, in _open '_open', req) File "/usr/lib64/python3.6/urllib/request.py", line 504, in _call_chain result = func(*args) File "/usr/lib64/python3.6/urllib/request.py", line 1361, in https_open context=self._context, check_hostname=self._check_hostname) File "/usr/lib64/python3.6/urllib/request.py", line 1318, in do_open encode_chunked=req.has_header('Transfer-encoding')) File "/usr/lib64/python3.6/http/client.py", line 1254, in request self._send_request(method, url, body, headers, encode_chunked) File "/usr/lib64/python3.6/http/client.py", line 1265, in _send_request self.putrequest(method, url, **skips) File "/usr/lib64/python3.6/http/client.py", line 1127, in putrequest raise InvalidURL(f"URL can't contain control characters. {url!r} " http.client.InvalidURL: URL can't contain control characters. '.../wp-content/plugins/worprees plugin bug dar/' (found at least ' ')

duanearnett commented 4 years ago

Also experiencing this issue

szrobert84 commented 3 years ago

To fix this error change the cmsmap/data/wp_plugins_small.txt at line 362 and replace from wordprees plugin bug dar to wordpress_plugin_bug_da that should solve the problem. I hope it helps.

Neonatus commented 3 years ago

The file is not there, nor is it in repository here. From where can it be downloaded? Or anyone has a code and we can create the file ourselves?

Gromek1982 commented 3 years ago

I confirm the same.