search

epinna / tplmap

Server-Side Template Injection and Code Injection Detection and Exploitation Tool
GNU General Public License v3.0
3.75k stars 670 forks source link

Fixing python 3 incompatibilities #101

Closed Guilhem-DELAITRE closed 2 years ago

Guilhem-DELAITRE commented 2 years ago

I patched incompatibilities by using conditionnal imports and fixing syntax incompatibilities (like parenthesis for print)

I manage to execute all tests series except node one because the docker container build failed (just like on your own branch if I'm not mistaken).

After my changes, I managed to exploit a machine both using python2.7.18 and 3.9.10 using -os-shell.

Thx in advance for feedback.

harunurkst commented 2 years ago

while installing requirements.txt using python3, its showing this error

Collecting wsgiref==0.1.2
  Downloading wsgiref-0.1.2.zip (37 kB)
  Preparing metadata (setup.py) ... error
  error: subprocess-exited-with-error

  × python setup.py egg_info did not run successfully.
  │ exit code: 1
  ╰─> [9 lines of output]
      Traceback (most recent call last):
        File "<string>", line 2, in <module>
        File "<pip-setuptools-caller>", line 34, in <module>
        File "/tmp/pip-install-bhmziijw/wsgiref_bea7a3e89d1d46988ad801bfa1a41c1f/setup.py", line 5, in <module>
          import ez_setup
        File "/tmp/pip-install-bhmziijw/wsgiref_bea7a3e89d1d46988ad801bfa1a41c1f/ez_setup/__init__.py", line 170
          print "Setuptools version",version,"or greater has been installed."
                ^
      SyntaxError: Missing parentheses in call to 'print'. Did you mean print("Setuptools version",version,"or greater has been installed.")?
      [end of output]

  note: This error originates from a subprocess, and is likely not a problem with pip.
error: metadata-generation-failed

× Encountered error while generating package metadata.
╰─> See above for output.

note: This is an issue with the package mentioned above, not pip.
hint: See above for details.
Guilhem-DELAITRE commented 2 years ago

while installing requirements.txt using python3, its showing this error

Collecting wsgiref==0.1.2
  Downloading wsgiref-0.1.2.zip (37 kB)
  Preparing metadata (setup.py) ... error
  error: subprocess-exited-with-error

  × python setup.py egg_info did not run successfully.
  │ exit code: 1
  ╰─> [9 lines of output]
      Traceback (most recent call last):
        File "<string>", line 2, in <module>
        File "<pip-setuptools-caller>", line 34, in <module>
        File "/tmp/pip-install-bhmziijw/wsgiref_bea7a3e89d1d46988ad801bfa1a41c1f/setup.py", line 5, in <module>
          import ez_setup
        File "/tmp/pip-install-bhmziijw/wsgiref_bea7a3e89d1d46988ad801bfa1a41c1f/ez_setup/__init__.py", line 170
          print "Setuptools version",version,"or greater has been installed."
                ^
      SyntaxError: Missing parentheses in call to 'print'. Did you mean print("Setuptools version",version,"or greater has been installed.")?
      [end of output]

  note: This error originates from a subprocess, and is likely not a problem with pip.
error: metadata-generation-failed

× Encountered error while generating package metadata.
╰─> See above for output.

note: This is an issue with the package mentioned above, not pip.
hint: See above for details.

Not sure, but python 3 issue might be the place to post this.

To answer you, I only fixed the incompatibilities in TPLMAP python basecode to make it able to run under python 3, but I didn't automated the install process.

For now you have to manually install whatever package is missing when running it in python 3

The good method would probably be creating a requirements3.txt including python 3 needed package. Feel free to do it because in theory it must be really simple : run tplmap without requirements, see what is missing, and create a requirement3.txt with those missing packets (not sure I'm not very knowledgeable in either python or pip, so I may be mistaken about what should be done)