Improper Domain Variable Interpretation - Causes 500 Server Error upon redirect/can't handle #'s in domain name

kgretzky / evilginx

PLEASE USE NEW VERSION: https://github.com/kgretzky/evilginx2

MIT License

1.07k stars 261 forks source link

Improper Domain Variable Interpretation - Causes 500 Server Error upon redirect/can't handle #'s in domain name #25

Closed BabySalad closed 7 years ago

BabySalad commented 7 years ago

Hello - If I get around to it this will be a Pull request and not an issue.

When you check for special characters in the domain name, you use: " for c in phish_host: if not c.isalpha(): phish_hostname_esc += '%' phish_hostname_esc += c phish_hostnames_esc.append(phish_hostname_esc)"

You must change the isalpha():" to "isalnum()" to include numbers, otherwise the domain name will have escape characters inserted in front of every number.

kgretzky commented 7 years ago

Hello. Yes, thanks for pointing that out. This has actually been fixed in the development branch with if not c.isalpha() and not c.isdigit().

I expect to make a version 1.1 release tomorrow, which will solve the issue.

kgretzky commented 7 years ago

Fixed in version 1.1. Case closed.