Closed Br2850 closed 4 years ago
Hi @Br2850 First of all, thank you very much for your report. I have not been able to reproduce the output you indicate in my sandbox tests, but I do remember what could happen in some operating systems. I have released a patch as follows: https://github.com/epsylon/xsser/commit/60fe0325ccb06b4f8bacca4bbb51189cab6f08b1 Tell me if with the update made we avoid the error. Greetings.
That seems to have resolved the issue 👍
Reproduce Error
Potential error found when attempting to run XSSer v1.8[2] on Google App-spot XSS playground. XSSer runs accordingly, but upon termination of payload injections, the command line tool quits with an
OSError
.Command used:
xsser -u 'https://xss-game.appspot.com/level1/frame' -g '?query=XSS' --auto --auto-set=2 --silent --save
Result Error Log:
Cause:
I believe this error is being thrown do to an incorrect state change causing
self.ready
in thetokenhub.py
file to be set toTrue
when in fact a socket is no longer active. Early termination by server or logic error in XSSershutdown
procedure may be the cause of this error being thrown.Solution:
Explicitly catch the
OSError
and allow forself.ready
to be set toFalse
in accordance with the rest of the code logic.Summary:
Socket is potentially incorrectly identified as being
connected
. Commit catchesOSError
thrown.