search

ron190 / jsql-injection

jSQL Injection is a Java application for automatic SQL database injection.
GNU General Public License v2.0
1.51k stars 416 forks source link

Unhandled IllegalArgumentException #95742

Closed jsql-robot closed 1 month ago

jsql-robot commented 1 month ago 
jSQL: v0.101
Java: v21.0.3-amd64-en on OpenJDK Runtime Environment
OS: Linux (v6.8.11-amd64)
Desktop: undefined
Strategy: undefined
Db engine: MySQL
Exception on ThreadBeginInjection
java.lang.IllegalArgumentException: Illegal character in query at index 89: login.php?cmd=login&userid=adminand(select*from(select+sleep(0))a/**/union/**/select+1)='"#-)'"*-- -zwOJ&psn=2
    at java.net.http/jdk.internal.net.http.HttpClientImpl.send(HttpClientImpl.java:941)
    at java.net.http/jdk.internal.net.http.HttpClientFacade.send(HttpClientFacade.java:133)
    at com.jsql.model.InjectionModel.inject(InjectionModel.java:331)
    at com.jsql.model.AbstractModelObservable.injectWithoutIndex(AbstractModelObservable.java:54)
    at com.jsql.model.injection.vendor.MediatorVendor.fingerprintVendor(MediatorVendor.java:207)
    at com.jsql.model.injection.strategy.MediatorStrategy.testStrategies(MediatorStrategy.java:147)
    at com.jsql.model.injection.method.AbstractMethodInjection.checkLastParam(AbstractMethodInjection.java:106)
    at com.jsql.model.injection.method.AbstractMethodInjection.testParameters(AbstractMethodInjection.java:76)
    at com.jsql.model.injection.method.AbstractMethodInjection.testParameters(AbstractMethodInjection.java:41)
    at com.jsql.model.InjectionModel.beginInjection(InjectionModel.java:175)
    at java.base/java.lang.Thread.run(Thread.java:1583)
Caused by: java.lang.IllegalArgumentException: Illegal character in query at index 89: login.php?cmd=login&userid=adminand(select*from(select+sleep(0))a/**/union/**/select+1)='"#-)'"*-- -zwOJ&psn=2
    at java.base/java.net.URI.create(URI.java:932)
    at java.base/java.util.Optional.map(Optional.java:260)
    at java.net.http/jdk.internal.net.http.RedirectFilter.getRedirectedURI(RedirectFilter.java:148)
    at java.net.http/jdk.internal.net.http.RedirectFilter.handleResponse(RedirectFilter.java:131)
    at java.net.http/jdk.internal.net.http.RedirectFilter.response(RedirectFilter.java:83)
    at java.net.http/jdk.internal.net.http.MultiExchange.responseFilters(MultiExchange.java:253)
    at java.net.http/jdk.internal.net.http.MultiExchange.lambda$responseAsyncImpl$6(MultiExchange.java:418)
    at java.base/java.util.concurrent.CompletableFuture$UniCompose.tryFire(CompletableFuture.java:1150)
    at java.base/java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:510)
    at java.base/java.util.concurrent.CompletableFuture.postFire(CompletableFuture.java:614)
    at java.base/java.util.concurrent.CompletableFuture$UniApply.tryFire(CompletableFuture.java:653)
    at java.base/java.util.concurrent.CompletableFuture$Completion.run(CompletableFuture.java:482)
    at java.net.http/jdk.internal.net.http.HttpClientImpl$DelegatingExecutor.execute(HttpClientImpl.java:177)
    at java.base/java.util.concurrent.CompletableFuture$UniCompletion.claim(CompletableFuture.java:572)
    at java.base/java.util.concurrent.CompletableFuture$UniApply.tryFire(CompletableFuture.java:642)
    at java.base/java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:510)
    at java.base/java.util.concurrent.CompletableFuture.complete(CompletableFuture.java:2179)
    at java.net.http/jdk.internal.net.http.Http1Response$HeadersReader.handle(Http1Response.java:610)
    at java.net.http/jdk.internal.net.http.Http1Response$HeadersReader.handle(Http1Response.java:536)
    at java.net.http/jdk.internal.net.http.Http1Response$Receiver.accept(Http1Response.java:527)
    at java.net.http/jdk.internal.net.http.Http1Response$HeadersReader.tryAsyncReceive(Http1Response.java:583)
    at java.net.http/jdk.internal.net.http.Http1AsyncReceiver.flush(Http1AsyncReceiver.java:233)
    at java.net.http/jdk.internal.net.http.common.SequentialScheduler$LockingRestartableTask.run(SequentialScheduler.java:182)
    at java.net.http/jdk.internal.net.http.common.SequentialScheduler$CompleteRestartableTask.run(SequentialScheduler.java:149)
    at java.net.http/jdk.internal.net.http.common.SequentialScheduler$SchedulableTask.run(SequentialScheduler.java:207)
    at java.net.http/jdk.internal.net.http.HttpClientImpl$DelegatingExecutor.execute(HttpClientImpl.java:177)
    at java.net.http/jdk.internal.net.http.common.SequentialScheduler.runOrSchedule(SequentialScheduler.java:282)
    at java.net.http/jdk.internal.net.http.common.SequentialScheduler.runOrSchedule(SequentialScheduler.java:251)
    at java.net.http/jdk.internal.net.http.Http1AsyncReceiver.asyncReceive(Http1AsyncReceiver.java:468)
    at java.net.http/jdk.internal.net.http.Http1AsyncReceiver$Http1TubeSubscriber.onNext(Http1AsyncReceiver.java:589)
    at java.net.http/jdk.internal.net.http.Http1AsyncReceiver$Http1TubeSubscriber.onNext(Http1AsyncReceiver.java:546)
    at java.net.http/jdk.internal.net.http.common.SSLTube$DelegateWrapper.onNext(SSLTube.java:210)
    at java.net.http/jdk.internal.net.http.common.SSLTube$SSLSubscriberWrapper.onNext(SSLTube.java:492)
    at java.net.http/jdk.internal.net.http.common.SSLTube$SSLSubscriberWrapper.onNext(SSLTube.java:295)
    at java.net.http/jdk.internal.net.http.common.SubscriberWrapper$DownstreamPusher.run1(SubscriberWrapper.java:316)
    at java.net.http/jdk.internal.net.http.common.SubscriberWrapper$DownstreamPusher.run(SubscriberWrapper.java:259)
    at java.net.http/jdk.internal.net.http.common.SequentialScheduler$LockingRestartableTask.run(SequentialScheduler.java:182)
    at java.net.http/jdk.internal.net.http.common.SequentialScheduler$CompleteRestartableTask.run(SequentialScheduler.java:149)
    at java.net.http/jdk.internal.net.http.common.SequentialScheduler$SchedulableTask.run(SequentialScheduler.java:207)
    at java.net.http/jdk.internal.net.http.common.SequentialScheduler.runOrSchedule(SequentialScheduler.java:280)
    at java.net.http/jdk.internal.net.http.common.SequentialScheduler.runOrSchedule(SequentialScheduler.java:233)
    at java.net.http/jdk.internal.net.http.common.SubscriberWrapper.outgoing(SubscriberWrapper.java:232)
    at java.net.http/jdk.internal.net.http.common.SubscriberWrapper.outgoing(SubscriberWrapper.java:198)
    at java.net.http/jdk.internal.net.http.common.SSLFlowDelegate$Reader.processData(SSLFlowDelegate.java:451)
    at java.net.http/jdk.internal.net.http.common.SSLFlowDelegate$Reader$ReaderDownstreamPusher.run(SSLFlowDelegate.java:269)
    at java.net.http/jdk.internal.net.http.common.SequentialScheduler$LockingRestartableTask.run(SequentialScheduler.java:182)
    at java.net.http/jdk.internal.net.http.common.SequentialScheduler$CompleteRestartableTask.run(SequentialScheduler.java:149)
    at java.net.http/jdk.internal.net.http.common.SequentialScheduler$SchedulableTask.run(SequentialScheduler.java:207)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
    ... 1 more
Caused by: java.net.URISyntaxException: Illegal character in query at index 89: login.php?cmd=login&userid=adminand(select*from(select+sleep(0))a/**/union/**/select+1)='"#-)'"*-- -zwOJ&psn=2
    at java.base/java.net.URI$Parser.fail(URI.java:2995)
    at java.base/java.net.URI$Parser.checkChars(URI.java:3166)
    at java.base/java.net.URI$Parser.parseHierarchical(URI.java:3254)
    at java.base/java.net.URI$Parser.parse(URI.java:3207)
    at java.base/java.net.URI.<init>(URI.java:645)
    at java.base/java.net.URI.create(URI.java:930)
    ... 50 more