ron190 / jsql-injection

jSQL Injection is a Java application for automatic SQL database injection.
GNU General Public License v2.0
1.51k stars 416 forks source link

Unhandled IllegalArgumentException #95709

Open jsql-robot opened 2 months ago

jsql-robot commented 2 months ago
jSQL: v0.101
Java: v22.0.2-amd64-en on Java(TM) SE Runtime Environment
OS: Windows 8.1 (v6.3)
Desktop: undefined
Strategy: undefined
Db engine: MySQL
Exception on ThreadBeginInjection
java.lang.IllegalArgumentException: URLDecoder: Illegal hex characters in escape (%) pattern - Error at index 0 in: "%2"
    at java.base/java.net.URLDecoder.decode(URLDecoder.java:229)
    at com.jsql.model.InjectionModel.applyEncoding(InjectionModel.java:711)
    at com.jsql.model.InjectionModel.buildQuery(InjectionModel.java:580)
    at com.jsql.model.InjectionModel.initializeHeader(InjectionModel.java:450)
    at com.jsql.model.InjectionModel.inject(InjectionModel.java:306)
    at com.jsql.model.AbstractModelObservable.injectWithoutIndex(AbstractModelObservable.java:54)
    at com.jsql.model.injection.vendor.MediatorVendor.fingerprintVendor(MediatorVendor.java:207)
    at com.jsql.model.injection.strategy.MediatorStrategy.testStrategies(MediatorStrategy.java:147)
    at com.jsql.model.injection.method.AbstractMethodInjection.testJsonlessParam(AbstractMethodInjection.java:179)
    at com.jsql.model.injection.method.AbstractMethodInjection.isParamInjectable(AbstractMethodInjection.java:156)
    at com.jsql.model.injection.method.AbstractMethodInjection.checkAllParams(AbstractMethodInjection.java:127)
    at com.jsql.model.injection.method.AbstractMethodInjection.testParameters(AbstractMethodInjection.java:78)
    at com.jsql.model.injection.method.AbstractMethodInjection.testParameters(AbstractMethodInjection.java:41)
    at com.jsql.model.InjectionModel.beginInjection(InjectionModel.java:176)
    at java.base/java.lang.Thread.run(Thread.java:1570)