search

intigriti / misconfig-mapper

Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/or bug bounty targets!
https://bugology.intigriti.io/misconfig-mapper-docs
MIT License
267 stars 17 forks source link

Error in template 9 #15

Closed GKNSB closed 3 weeks ago

GKNSB commented 3 weeks ago

I'm coming across the following error on template with id 9

panic: regexp: Compile(`Illuminate\Foundation\Bootstrap\HandleExceptions::handleError`): error parsing regexp: invalid escape sequence: `\F`

goroutine 1 [running]:
regexp.MustCompile({0xc00001e2c0, 0x3d})
        /opt/hostedtoolcache/go/1.22.3/x64/src/regexp/regexp.go:317 +0xb4
main.checkResponse(0xc000133040, 0xc0000ebbb0, 0xc000072a80)
        /home/runner/work/misconfig-mapper/misconfig-mapper/main.go:353 +0xbd1
main.main()
        /home/runner/work/misconfig-mapper/misconfig-mapper/main.go:608 +0x1390

The error indicates that something is going wrong on the following line in services.json

"Illuminate\\Foundation\\Bootstrap\\HandleExceptions::handleError"

I don't currently have a vulnerable instance I can test against, hence I don't issue a pr, however I believe that you should use double the number of backslashes. As it is now, the regex engine sees \F or \B or even \H which are not valid. By converting the previous line to the following, the errors go away and detection "should" work:

"Illuminate\\\\Foundation\\\\Bootstrap\\\\HandleExceptions::handleError"
0xblackbird commented 3 weeks ago

Hey! Thank you for reporting this issue!

I was able to reproduce the exception you encountered and a fix will be available in a short while!

0xblackbird commented 3 weeks ago

Hey!

Quick update. The issue surrounding the fingerprints has been fixed. I recommend you get the latest release.

Once again, thank you for your contributions! We appreciate these a lot! If there's anything, feel free to create a new Issue or PR in the future!