MAYASEVEN/CVE-2019-12562

KeyError: 'aria-label'

jpitcairn opened this issue · 1 comments

Hello. When I run this script i'm getting an error.

[ Checking the target ]
 [+] Target is DNN website.
 [+] URL: XXXXXXXXXXX
[ Running an exploit ]
 [+] Fetching DNN random parameter name.
Traceback (most recent call last):
  File "CVE-2019-12562.py", line 151, in <module>
    main()
  File "CVE-2019-12562.py", line 138, in main
    if(exploit()):
  File "CVE-2019-12562.py", line 105, in exploit
    print(" [+]", i["aria-label"],":", i["name"])
  File "/usr/lib/python3/dist-packages/bs4/element.py", line 1321, in __getitem__
    return self.attrs[key]
KeyError: 'aria-label'

Hello,
In the exploit function, the exploit code will get the parameter name from the source code in that default register page. I use BeautifulSoup to get the input box, and the aria-label is the title for the input box such as Username, Password, PasswordConfirm, etc.

The problem is aria-label key is not exist in the register page. Please make sure that the register page is has a valid aria-label key.