Testing google.com fails on Python 2

hhucn / webvulnscan

automated web application vulnerability scanner

MIT License

38 stars 27 forks source link

$ python2.7 -m webvulnscan google.com Warning: http://google.com HTML Error Unclosed tag <br> Warning: http://google.com HTML Error Unclosed tag <input> Warning: http://google.com HTML Error Unclosed tag <meta> Traceback (most recent call last): File "/usr/lib/python2.7/runpy.py", line 162, in _run_module_as_main "__main__", fname, loader, pkg_name) File "/usr/lib/python2.7/runpy.py", line 72, in _run_code exec code in run_globals File "/home/phihag/projects/webvulnscan/webvulnscan/__main__.py", line 18, in <module> webvulnscan.main() File "webvulnscan/__init__.py", line 103, in main messages = run(options, arguments) File "webvulnscan/__init__.py", line 82, in run attack(client, log, page) File "webvulnscan/utils.py", line 125, in run cls.attack(client, log, *s) File "webvulnscan/attacks/xss.py", line 47, in xss globals()['attack_' + target_type](client, log, *args) File "webvulnscan/attacks/xss.py", line 18, in attack_post attacked_page = form.send(client, parameters) File "webvulnscan/form.py", line 39, in send url = add_get_params(self.action, parameters) File "webvulnscan/utils.py", line 149, in add_get_params urlencode(params)) File "/usr/lib/python2.7/urllib.py", line 1329, in urlencode v = quote_plus(str(v)) UnicodeEncodeError: 'ascii' codec can't encode character u'\xfc' in position 10: ordinal not in range(128)

I could reproduce this error on a clean Magento 1.9.0.0 installation:

python -m webvulnscan http://localhost/magento
Vulnerability: http://localhost/magento/catalogsearch/result/ CSRF Vulnerability 
Vulnerability: http://localhost/magento/poll/vote/add/poll_id/2/ CSRF Vulnerability 
Vulnerability: http://localhost/magento Clickjacking no X-Frame-Options header
Vulnerability: http://localhost/magento Implicit Cacheable Cookies 
Traceback (most recent call last):
  File "/usr/lib/python2.7/runpy.py", line 162, in _run_module_as_main
    "__main__", fname, loader, pkg_name)
  File "/usr/lib/python2.7/runpy.py", line 72, in _run_code
    exec code in run_globals
  File "/home/user/dev/webvulnscan/webvulnscan/webvulnscan/__main__.py", line 18, in <module>
    webvulnscan.main()
  File "webvulnscan/__init__.py", line 102, in main
    messages = run(options, arguments)
  File "webvulnscan/__init__.py", line 85, in run
    attack(client, log, page)
  File "webvulnscan/utils.py", line 125, in run
    cls.attack(client, log, *s)
  File "webvulnscan/attacks/exotic_characters.py", line 48, in exotic_characters
    globals()['attack_' + target_type](client, log, *args)
  File "webvulnscan/attacks/exotic_characters.py", line 17, in attack_form
    page = form.send(client, parameters)
  File "webvulnscan/form.py", line 39, in send
    url = add_get_params(self.action, parameters)
  File "webvulnscan/utils.py", line 149, in add_get_params
    urlencode(params))
  File "/usr/lib/python2.7/urllib.py", line 1312, in urlencode
    v = quote_plus(str(v))
UnicodeEncodeError: 'ascii' codec can't encode character u'\u1d55' in position 0: ordinal not in range(128)

hhucn / webvulnscan

Testing google.com fails on Python 2 #60