dionach/CMSmap

Crash when searching moddle vuln

Opened this issue · 0 comments

avelin0 commented

Issue Details

CMSmap Version: current
CMS Type: moodle, but the tool say wordpress
CMS Version: crash
Plugin Name: cmsmap crashes when searching plugins
OS Information: ubuntu 16.04

Steps to reproduce the issue

Describe how to reproduce the issue
cmsmap https://dominioalvo/moodle/index.php

Expected behaviour

Describe how CMSmap should have handled the issue
Return vulnerabilities

Issue

[-] Default WordPress Files:
[-] Searching Wordpress Plugins ...
77%Exception in thread Thread-5:
Traceback (most recent call last):
File "/usr/lib/python3.6/threading.py", line 916, in _bootstrap_inner
self.run()
File "/usr/local/lib/python3.6/dist-packages/cmsmap/lib/threadscanner.py", line 30, in run
requester.request(self.url + self.pluginPath + plugin + self.pluginPathEnd, data=None)
File "/usr/local/lib/python3.6/dist-packages/cmsmap/lib/requester.py", line 31, in request
self.response = urllib.request.urlopen(self.req)
File "/usr/lib/python3.6/urllib/request.py", line 223, in urlopen
return opener.open(url, data, timeout)
File "/usr/lib/python3.6/urllib/request.py", line 526, in open
response = self._open(req, data)
File "/usr/lib/python3.6/urllib/request.py", line 544, in _open
'_open', req)
File "/usr/lib/python3.6/urllib/request.py", line 504, in _call_chain
result = func(*args)
File "/usr/lib/python3.6/urllib/request.py", line 1368, in https_open
context=self._context, check_hostname=self._check_hostname)
File "/usr/lib/python3.6/urllib/request.py", line 1325, in do_open
encode_chunked=req.has_header('Transfer-encoding'))
File "/usr/lib/python3.6/http/client.py", line 1264, in request
self._send_request(method, url, body, headers, encode_chunked)
File "/usr/lib/python3.6/http/client.py", line 1275, in _send_request
self.putrequest(method, url, **skips)
File "/usr/lib/python3.6/http/client.py", line 1129, in putrequest
raise InvalidURL(f"URL can't contain control characters. {url!r} "
http.client.InvalidURL: URL can't contain control characters. '/moodle/index.php/wp-content/plugins/worprees plugin bug dar/' (found at least ' ')