search

ron190 / jsql-injection

jSQL Injection is a Java application for automatic SQL database injection.
GNU General Public License v2.0
1.51k stars 416 forks source link

Unhandled IllegalArgumentException #95775

Open jsql-robot opened 1 week ago

jsql-robot commented 1 week ago 
jSQL: v0.101
Java: v23-ea-amd64-en on OpenJDK Runtime Environment
OS: Linux (v6.8.11-amd64)
Desktop: undefined
Strategy: undefined
Db engine: MySQL
Exception on ThreadBeginInjection
java.lang.IllegalArgumentException: Illegal character in fragment at index 88: /cms/man/opens/article-view-.php?nid=2'"#-)'"*-- -Tdup&bid=1411&et=&pn=
    at java.net.http/jdk.internal.net.http.HttpClientImpl.send(HttpClientImpl.java:946)
    at java.net.http/jdk.internal.net.http.HttpClientFacade.send(HttpClientFacade.java:133)
    at com.jsql.model.InjectionModel.inject(InjectionModel.java:331)
    at com.jsql.model.AbstractModelObservable.injectWithoutIndex(AbstractModelObservable.java:54)
    at com.jsql.model.injection.vendor.MediatorVendor.fingerprintVendor(MediatorVendor.java:207)
    at com.jsql.model.injection.strategy.MediatorStrategy.testStrategies(MediatorStrategy.java:147)
    at com.jsql.model.injection.method.AbstractMethodInjection.checkParamWithStar(AbstractMethodInjection.java:91)
    at com.jsql.model.injection.method.AbstractMethodInjection.testParameters(AbstractMethodInjection.java:74)
    at com.jsql.model.injection.method.AbstractMethodInjection.testParameters(AbstractMethodInjection.java:41)
    at com.jsql.model.InjectionModel.beginInjection(InjectionModel.java:172)
    at java.base/java.lang.Thread.run(Thread.java:1575)
Caused by: java.lang.IllegalArgumentException: Illegal character in fragment at index 88: /cms/man/opens/article-view-.php?nid=2'"#-)'"*-- -Tdup&bid=1411&et=&pn=
    at java.base/java.net.URI.create(URI.java:932)
    at java.base/java.util.Optional.map(Optional.java:260)
    at java.net.http/jdk.internal.net.http.RedirectFilter.getRedirectedURI(RedirectFilter.java:148)
    at java.net.http/jdk.internal.net.http.RedirectFilter.handleResponse(RedirectFilter.java:131)
    at java.net.http/jdk.internal.net.http.RedirectFilter.response(RedirectFilter.java:83)
    at java.net.http/jdk.internal.net.http.MultiExchange.responseFilters(MultiExchange.java:254)
    at java.net.http/jdk.internal.net.http.MultiExchange.lambda$responseAsyncImpl$6(MultiExchange.java:450)
    at java.base/java.util.concurrent.CompletableFuture$UniCompose.tryFire(CompletableFuture.java:1194)
    at java.base/java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:554)
    at java.base/java.util.concurrent.CompletableFuture.postFire(CompletableFuture.java:658)
    at java.base/java.util.concurrent.CompletableFuture$UniApply.tryFire(CompletableFuture.java:697)
    at java.base/java.util.concurrent.CompletableFuture$Completion.run(CompletableFuture.java:526)
    at java.net.http/jdk.internal.net.http.HttpClientImpl$DelegatingExecutor.execute(HttpClientImpl.java:178)
    at java.base/java.util.concurrent.CompletableFuture$UniCompletion.claim(CompletableFuture.java:616)
    at java.base/java.util.concurrent.CompletableFuture$UniApply.tryFire(CompletableFuture.java:686)
    at java.base/java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:554)
    at java.base/java.util.concurrent.CompletableFuture.complete(CompletableFuture.java:2223)
    at java.net.http/jdk.internal.net.http.Stream.completeResponse(Stream.java:1229)
    at java.net.http/jdk.internal.net.http.Stream.handleResponse(Stream.java:568)
    at java.net.http/jdk.internal.net.http.Stream.incoming(Stream.java:488)
    at java.net.http/jdk.internal.net.http.Http2Connection.processFrame(Http2Connection.java:943)
    at java.net.http/jdk.internal.net.http.frame.FramesDecoder.decode(FramesDecoder.java:155)
    at java.net.http/jdk.internal.net.http.Http2Connection$FramesController.processReceivedData(Http2Connection.java:311)
    at java.net.http/jdk.internal.net.http.Http2Connection.asyncReceive(Http2Connection.java:782)
    at java.net.http/jdk.internal.net.http.Http2Connection$Http2TubeSubscriber.processQueue(Http2Connection.java:1604)
    at java.net.http/jdk.internal.net.http.common.SequentialScheduler$LockingRestartableTask.run(SequentialScheduler.java:182)
    at java.net.http/jdk.internal.net.http.common.SequentialScheduler$CompleteRestartableTask.run(SequentialScheduler.java:149)
    at java.net.http/jdk.internal.net.http.common.SequentialScheduler$SchedulableTask.run(SequentialScheduler.java:207)
    at java.net.http/jdk.internal.net.http.common.SequentialScheduler.runOrSchedule(SequentialScheduler.java:280)
    at java.net.http/jdk.internal.net.http.common.SequentialScheduler.runOrSchedule(SequentialScheduler.java:233)
    at java.net.http/jdk.internal.net.http.Http2Connection$Http2TubeSubscriber.runOrSchedule(Http2Connection.java:1622)
    at java.net.http/jdk.internal.net.http.Http2Connection$Http2TubeSubscriber.onNext(Http2Connection.java:1648)
    at java.net.http/jdk.internal.net.http.Http2Connection$Http2TubeSubscriber.onNext(Http2Connection.java:1582)
    at java.net.http/jdk.internal.net.http.common.SSLTube$DelegateWrapper.onNext(SSLTube.java:210)
    at java.net.http/jdk.internal.net.http.common.SSLTube$SSLSubscriberWrapper.onNext(SSLTube.java:492)
    at java.net.http/jdk.internal.net.http.common.SSLTube$SSLSubscriberWrapper.onNext(SSLTube.java:295)
    at java.net.http/jdk.internal.net.http.common.SubscriberWrapper$DownstreamPusher.run1(SubscriberWrapper.java:316)
    at java.net.http/jdk.internal.net.http.common.SubscriberWrapper$DownstreamPusher.run(SubscriberWrapper.java:259)
    at java.net.http/jdk.internal.net.http.common.SequentialScheduler$LockingRestartableTask.run(SequentialScheduler.java:182)
    at java.net.http/jdk.internal.net.http.common.SequentialScheduler$CompleteRestartableTask.run(SequentialScheduler.java:149)
    at java.net.http/jdk.internal.net.http.common.SequentialScheduler$SchedulableTask.run(SequentialScheduler.java:207)
    at java.net.http/jdk.internal.net.http.common.SequentialScheduler.runOrSchedule(SequentialScheduler.java:280)
    at java.net.http/jdk.internal.net.http.common.SequentialScheduler.runOrSchedule(SequentialScheduler.java:233)
    at java.net.http/jdk.internal.net.http.common.SubscriberWrapper.outgoing(SubscriberWrapper.java:232)
    at java.net.http/jdk.internal.net.http.common.SubscriberWrapper.outgoing(SubscriberWrapper.java:198)
    at java.net.http/jdk.internal.net.http.common.SSLFlowDelegate$Reader.processData(SSLFlowDelegate.java:465)
    at java.net.http/jdk.internal.net.http.common.SSLFlowDelegate$Reader$ReaderDownstreamPusher.run(SSLFlowDelegate.java:283)
    at java.net.http/jdk.internal.net.http.common.SequentialScheduler$LockingRestartableTask.run(SequentialScheduler.java:182)
    at java.net.http/jdk.internal.net.http.common.SequentialScheduler$CompleteRestartableTask.run(SequentialScheduler.java:149)
    at java.net.http/jdk.internal.net.http.common.SequentialScheduler$SchedulableTask.run(SequentialScheduler.java:207)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
    ... 1 more
Caused by: java.net.URISyntaxException: Illegal character in fragment at index 88: /cms/man/opens/article-view-.php?nid=2'"#-)'"*-- -Tdup&bid=1411&et=&pn=
    at java.base/java.net.URI$Parser.fail(URI.java:2995)
    at java.base/java.net.URI$Parser.checkChars(URI.java:3166)
    at java.base/java.net.URI$Parser.parse(URI.java:3210)
    at java.base/java.net.URI.<init>(URI.java:645)
    at java.base/java.net.URI.create(URI.java:930)
    ... 52 more