Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bug Report: Unhandled exception "http.client.InvalidURL: URL can't contain control characters. '/firestore/databases/esmeralda-db/data/panel/users/h9WhArg6Fs8nQCSWPk81?project=\\f\\r\\i\\e\\n\\d\\l\\y-\\i\\d\\ea-441420-\\s2;\\e\\c\\h\\o%20\\e\\x\\p\\r 2071%20%2B%204935%26\\e\\c\\h\\o%20\\e\\x\\p\\r 2071%20%2B%204935|\\e\\c\\h\\o%20\\e\\x\\p\\r 2071%20%2B%204935\\n\\r\\r\\y\\V\\Q\\b5\\P\\v' (found at least ' ')" (#284966e1) #981

Closed
commixreporter opened this issue Nov 13, 2024 · 1 comment
Assignees
Milestone

Comments

@commixreporter
Copy link

Commix version: 4.0-dev#106
Python version: 3.12.6
Operating system: posix
Command line: commix.py -r ********** --random-agent --tamper=backticks,backslashes --ignore-code=400 -v1

Traceback (most recent call last):
  File \"commix.py", line 36, in <module>
    main()
  File \"commix.py", line 31, in main
    import src.core.main
  File \"main.py", line 899, in <module>
    main(filename, url, http_request_method)
  File \"main.py", line 560, in main
    controller.do_check(url, http_request_method, filename)
  File \"controller.py", line 743, in do_check
    perform_checks(url, http_request_method, filename)
  File \"controller.py", line 706, in perform_checks
    data_checks(url, http_request_method, filename, timesec)
  File \"controller.py", line 627, in data_checks
    if get_request(url, http_request_method, filename, timesec) is None:
       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File \"controller.py", line 590, in get_request
    do_injection(found_url, settings.HTTPMETHOD.GET, header_name, url, http_request_method, filename, timesec)
  File \"controller.py", line 576, in do_injection
    injection_proccess(url, check_parameter, http_request_method, filename, timesec)
  File \"controller.py", line 364, in injection_proccess
    url = command_injection_heuristic_basic(url, http_request_method, check_parameter, the_type, header_name, inject_http_headers)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File \"controller.py", line 149, in command_injection_heuristic_basic
    response, url = heuristic_request(url, http_request_method, check_parameter, payload, whitespace)
                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File \"controller.py", line 129, in heuristic_request
    response = requests.get_request_response(request)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File \"requests.py", line 405, in get_request_response
    headers.check_http_traffic(request)
  File \"headers.py", line 210, in check_http_traffic
    response = _urllib.request.urlopen(request, timeout=settings.TIMEOUT)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File \"request.py", line 215, in urlopen
    return opener.open(url, data, timeout)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File \"request.py", line 515, in open
    response = self._open(req, data)
               ^^^^^^^^^^^^^^^^^^^^^
  File \"request.py", line 532, in _open
    result = self._call_chain(self.handle_open, protocol, protocol +
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File \"request.py", line 492, in _call_chain
    result = func(*args)
             ^^^^^^^^^^^
  File \"request.py", line 1373, in http_open
    return self.do_open(http.client.HTTPConnection, req)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File \"request.py", line 1344, in do_open
    h.request(req.get_method(), req.selector, req.data, headers,
  File \"client.py", line 1336, in request
    self._send_request(method, url, body, headers, encode_chunked)
  File \"client.py", line 1347, in _send_request
    self.putrequest(method, url, **skips)
  File \"client.py", line 1181, in putrequest
    self._validate_path(url)
  File \"client.py", line 1281, in _validate_path
    raise InvalidURL(f"URL can't contain control characters. {url!r} "
http.client.InvalidURL: URL can't contain control characters. '/firestore/databases/esmeralda-db/data/panel/users/h9WhArg6Fs8nQCSWPk81?project=\\f\\r\\i\\e\\n\\d\\l\\y-\\i\\d\\ea-441420-\\s2;\\e\\c\\h\\o%20`\\e\\x\\p\\r 2071%20%2B%204935`%26\\e\\c\\h\\o%20`\\e\\x\\p\\r 2071%20%2B%204935`|\\e\\c\\h\\o%20`\\e\\x\\p\\r 2071%20%2B%204935`\\n\\r\\r\\y\\V\\Q\\b5\\P\\v' (found at least ' ')
Copy link

This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.

This action has been performed automatically by a bot.

@github-actions github-actions bot locked and limited conversation to collaborators Dec 19, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

2 participants