Comments (9)
jiamingc
commented on August 27, 2024
1
I think the issue is coming from pycurl, which is unable to retrieve a content type for whatever reason. Take a look at #47 for a workaround.
from xsser.
epsylon
commented on August 27, 2024
1
This should be fixed after this commit: e57be7a
from xsser.
Dylan886
commented on August 27, 2024
Yep,i watch your code and try it again,the problem doesn't happen again,but another issue coming,about field accept not be declared, http-code: 406 and [WinError 10057]
from xsser.
epsylon
commented on August 27, 2024
Please, try it with: Python3.5.x
from xsser.
epsylon
commented on August 27, 2024
BTW: https://github.com/epsylon/xsser/tree/master/.github/ISSUE_TEMPLATE
from xsser.
jiamingc
commented on August 27, 2024
Describe the bug
XSSer crashes when response contains no content-type header.
To Reproduce
- Run an instance of DVWA: https://hub.docker.com/r/vulnerables/web-dvwa
- Run
xsser -u <dvwa_address>/cdn-cgi/email-protection/XSS - XSSer crashes
Expected behavior
There should be no crash and execution should continue as normal.
Running environment:
- XSSer 1.8.2
- Installation method: apt
- Operating system: Kali 2019.4
- Python version 3.7.5
Target details:
- The response from
/cdn-cgi/email-protection/<hash>has no Content-Type header, which is probably what's causing the crash. - Exception traceback:
Traceback (most recent call last):
File "xsser", line 35, in <module>
app.run()
File "/usr/share/xsser/core/main.py", line 2717, in run
self.poll_workers()
File "/usr/share/xsser/core/main.py", line 2234, in poll_workers
self.pool.poll()
File "/usr/share/xsser/core/threadpool.py", line 358, in poll
request.callback(request, result)
File "/usr/share/xsser/core/main.py", line 916, in _cb
query_string, url, dest_url)
File "/usr/share/xsser/core/main.py", line 1029, in finish_attack_url_payload
if c.info()["http-code"] in ["200", "302", "301"]:
File "/usr/share/xsser/core/curlcontrol.py", line 454, in info
m['content-type'] = (self.handle.getinfo(pycurl.CONTENT_TYPE) or '').strip(';')
TypeError: decoding to str: need a bytes-like object, NoneType found
from xsser.
Dylan886
commented on August 27, 2024
All right.
Describe the bug
XSSer report that http-code:406 and the [WinError 10057] .
To Reproduce
Run an instance of my private web
Run xsser -u
Expected behavior
There should be no crash and execution should continue as normal.
Running environment:
XSSer 1.8.2
Operating system: windows10
Python version 3.7.2
Target details:
- http-code:406, ( i think it's the issue coming from the request, maybe some field loss, like line 103 in core/curlcontrol.py )
[Client Request]
Cookie: ASESSIONID=<...>
User Agent:<...>
Referer: <...>
Extra Headers: None
X-Forwarded-For: None
X-Client-IP: None
Authentication Type: None
Authentication Credentials: None
Proxy: None
Timeout: 30
Delaying: 0 seconds
Delaying: 0 seconds
Retries: 1
[Server Reply]
http-code: 406
total-time: 1.172258
namelookup-time: 6.7e-05
connect-time: 1.0399
header-size: 564
request-size: 598
response-code: 406
cookielist: []
- WinError 10057
File "xsser", line 36, in <module>
app.land(True)
File "D:\tool\xsser\core\main.py", line 2779, in land
self.hub.shutdown()
File "D:\tool\xsser\core\tokenhub.py", line 64, in shutdown
self.socket.shutdown(socket.SHUT_RDWR)
OSError: [WinError 10057] A request to send or receive data was disallowed because the socket is not connected and (when sending on a datagram socket using a sendto call) no address was supplied```
from xsser.
epsylon
commented on August 27, 2024
Did you read me? -> #48 (comment)
from xsser.
epsylon
commented on August 27, 2024
another related fix: d270894
from xsser.
Related Issues (20)
- Valueerror when install xsser in windows 8 32bit HOT 4
- --reverse-check fails due to initial cookies improperly added to second query with reverse payload HOT 10
- it seems not useful HOT 4
- Couldnt specify injection point HOT 1
- xsser can't find the attack place HOT 1
- Using python 3.5 TypeError: coercing to str: need a bytes-like object, NoneType found HOT 11
- Error HOT 2
- TypeError HOT 2
- TypeError HOT 1
- xsser can not working HOT 1
- xsser not working HOT 1
- Error execution HOT 1
- Mac (12.0.1) Installation HOT 1
- print result bug INT HOT 1
- Typo in main.py - "self.repot" HOT 1
- Infinity Landing gtk HOT 3
- pycurl installation error HOT 1
- Xsser calls not found on every parameter HOT 2
- Error] Not any valid source provided to start a test... Aborting! HOT 1
- UnboundLocalError: cannot access local variable 'payload_string' where it is not associated with a value HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from xsser.