search

w-digital-scanner / w13scan

Passive Security Scanner (被动式安全扫描器)
GNU General Public License v2.0
1.9k stars 360 forks source link

Unhandled exception (#4557596a) #498

Open sqlmapreporter opened 2 years ago

sqlmapreporter commented 2 years ago 
W13scan plugin traceback:
Running version: 0.9.17
Python version: 3.7.4
Operating system: Windows-10-10.0.17763-SP0
Threads: 10

request raw:
GET / 1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/538
Content-Type: application/x-www-form-urlencoded

Traceback (most recent call last):
  File "D:\Penetration\ScanTools\VulnScan\w13scan\W13SCAN\lib\plugins.py", line 50, in execute
    output = self.audit()
  File "D:\Penetration\ScanTools\VulnScan\w13scan\W13SCAN\plugins\PerFile\struts2_037.py", line 57, in audit
    r = requests.get(netloc + payload, headers=headers)
  File "C:\Python37\lib\site-packages\requests\api.py", line 76, in get
    return request('get', url, params=params, **kwargs)
  File "C:\Python37\lib\site-packages\requests\api.py", line 61, in request
    return session.request(method=method, url=url, **kwargs)
  File "D:\Penetration\ScanTools\VulnScan\w13scan\W13SCAN\thirdpart\requests\__init__.py", line 81, in session_request
    resp = self.send(prep, **send_kwargs)
  File "C:\Python37\lib\site-packages\requests\sessions.py", line 655, in send
    r = adapter.send(request, **kwargs)
  File "C:\Python37\lib\site-packages\requests\adapters.py", line 449, in send
    timeout=timeout
  File "C:\Python37\lib\site-packages\urllib3\connectionpool.py", line 627, in urlopen
    parsed_url = parse_url(url)
  File "C:\Python37\lib\site-packages\urllib3\util\url.py", line 392, in parse_url
    return six.raise_from(LocationParseError(source_url), None)
  File "<string>", line 3, in raise_from
urllib3.exceptions.LocationParseError: Failed to parse: //%28%23_memberAccess%3D@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS)%3F(%23wr%3D%23context%5B%23parameters.obj%5B0%5D%5D.getWriter(),%23rs%3D@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec(%23parameters.command%5B0%5D).getInputStream()),%23wr.println(%23rs),%23wr.flush(),%23wr.close()):xx.toString.json?&obj=com.opensymphony.xwork2.dispatcher.HttpServletResponse&content=7556&command=print%20test