jiamingc
commented
4 years ago I think the issue is coming from pycurl, which is unable to retrieve a content type for whatever reason. Take a look at #47 for a workaround.
Closed Dylan886 closed 4 years ago
jiamingc
commented
4 years ago I think the issue is coming from pycurl, which is unable to retrieve a content type for whatever reason. Take a look at #47 for a workaround.
Dylan886
commented
4 years ago Yep,i watch your code and try it again,the problem doesn't happen again,but another issue coming,about field accept not be declared, http-code: 406 and [WinError 10057]
epsylon
commented
4 years ago Please, try it with: Python3.5.x
epsylon
commented
4 years ago jiamingc
commented
4 years ago Describe the bug XSSer crashes when response contains no content-type header.
To Reproduce
xsser -u <dvwa_address>/cdn-cgi/email-protection/XSSExpected behavior There should be no crash and execution should continue as normal.
Running environment:
Target details:
/cdn-cgi/email-protection/<hash> has no Content-Type header, which is probably what's causing the crash.Traceback (most recent call last):
File "xsser", line 35, in <module>
app.run()
File "/usr/share/xsser/core/main.py", line 2717, in run
self.poll_workers()
File "/usr/share/xsser/core/main.py", line 2234, in poll_workers
self.pool.poll()
File "/usr/share/xsser/core/threadpool.py", line 358, in poll
request.callback(request, result)
File "/usr/share/xsser/core/main.py", line 916, in _cb
query_string, url, dest_url)
File "/usr/share/xsser/core/main.py", line 1029, in finish_attack_url_payload
if c.info()["http-code"] in ["200", "302", "301"]:
File "/usr/share/xsser/core/curlcontrol.py", line 454, in info
m['content-type'] = (self.handle.getinfo(pycurl.CONTENT_TYPE) or '').strip(';')
TypeError: decoding to str: need a bytes-like object, NoneType foundAll right.
Describe the bug
XSSer report that http-code:406 and the [WinError 10057] .
To Reproduce
Run an instance of my private web Run xsser -u
-g </userList?Name=XSS> --cookie=Expected behavior There should be no crash and execution should continue as normal.
Running environment:
XSSer 1.8.2 Operating system: windows10 Python version 3.7.2
Target details:
[Client Request]Cookie: ASESSIONID=<...> User Agent:<...> Referer: <...> Extra Headers: None X-Forwarded-For: None X-Client-IP: None Authentication Type: None Authentication Credentials: None Proxy: None Timeout: 30 Delaying: 0 seconds Delaying: 0 seconds Retries: 1
[Server Reply]
http-code: 406 total-time: 1.172258 namelookup-time: 6.7e-05 connect-time: 1.0399 header-size: 564 request-size: 598 response-code: 406 cookielist: []
2. WinError 10057
```Traceback (most recent call last):
File "xsser", line 36, in <module>
app.land(True)
File "D:\tool\xsser\core\main.py", line 2779, in land
self.hub.shutdown()
File "D:\tool\xsser\core\tokenhub.py", line 64, in shutdown
self.socket.shutdown(socket.SHUT_RDWR)
OSError: [WinError 10057] A request to send or receive data was disallowed because the socket is not connected and (when sending on a datagram socket using a sendto call) no address was supplied```Did you read me? -> https://github.com/epsylon/xsser/issues/48#issuecomment-558713166
epsylon
commented
4 years ago This should be fixed after this commit: https://github.com/epsylon/xsser/commit/e57be7a0d26e0a3b61df21eaea5d96447ddc5d22
epsylon
commented
3 years ago another related fix: https://github.com/epsylon/xsser/commit/d27089443962c60a94f20921f82129ed497d33b4
When i run the xsser in my python3.7 , an error occurred
How could i resolve this? i think it is a compatibility issues between py2.x and py3.x.