search

hahwul / dalfox

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
https://dalfox.hahwul.com
MIT License
3.73k stars 414 forks source link

Not error handling in gzip case #363

Closed hahwul closed 2 years ago

hahwul commented 2 years ago

Describe the bug

goroutine 27738 [running]:
compress/gzip.(*Reader).Close(0x0)
    /usr/local/go/src/compress/gzip/gunzip.go:292 +0x14
panic({0xbf40c0, 0x13e6b60})
    /usr/local/go/src/runtime/panic.go:1038 +0x215
compress/gzip.(*Reader).Read(0x40b58d, {0xc008424e00, 0x0, 0x0})
    /usr/local/go/src/compress/gzip/gunzip.go:247 +0x2e
io.ReadAll({0xe196c0, 0x0})
    /usr/local/go/src/io/io.go:633 +0xfe
io/ioutil.ReadAll(…)
    /usr/local/go/src/io/ioutil/ioutil.go:27
github.com/hahwul/dalfox/v2/pkg/scanning.SendReq(_, {_, _}, {{0x142f450, 0x0, 0x0}, {0xe065e8, 0x0}, {0xc00dc97d00, 0x10, …}, …})
    /go/pkg/mod/github.com/hahwul/dalfox/v2@v2.7.2/pkg/scanning/sendReq.go:90 +0x4f0
github.com/hahwul/dalfox/v2/pkg/scanning.ParameterAnalysis.func7.1()
    /go/pkg/mod/github.com/hahwul/dalfox/v2@v2.7.2/pkg/scanning/parameterAnlaysis.go:271 +0x22e
created by github.com/hahwul/dalfox/v2/pkg/scanning.ParameterAnalysis.func7
    /go/pkg/mod/github.com/hahwul/dalfox/v2@v2.7.2/pkg/scanning/parameterAnlaysis.go:267 +0xd07

Environment