Problem extracting links to JARs
Closed this issue · 1 comments
GoogleCodeExporter commented
What steps will reproduce the problem?
Use jsunpack to scan a file with the following line in it:
<Applet Code="Update.class" archive="Update.jar" width="0" Height="0">
What do you see instead?
Traceback (most recent call last):
File "./jsunpackn.py", line 1359, in <module>
main()
File "./jsunpackn.py", line 1300, in main
js = jsunpack(file, ['',mydata,file], options)
File "./jsunpackn.py", line 133, in __init__
self.main_decoder(mydata,myfile)
File "./jsunpackn.py", line 1023, in main_decoder
jsinurls = self.find_urls(predecoded,tcpaddr)
File "./jsunpackn.py", line 482, in find_urls
jars = re.findall('<(applet|object)([^>]*)?[ ]+archive=\\\\?[\\\'"]?(.*?)\\\\?[\\\'"> ]', data, re.IGNORECASE)
File "/usr/lib/python2.6/re.py", line 177, in findall
return _compile(pattern, flags).findall(string)
File "/usr/lib/python2.6/re.py", line 245, in _compile
raise error, v # invalid expression
sre_constants.error: nothing to repeat
What version of the product are you using? On what operating system?
r55
Please provide any additional information below.
The testcase came from the Eleonore exploit kit v1.4.1, exp.php.
#Ex. <applet mayscript='true' code='bpac.a.class' archive='bnktjvdpxuko4.jar
jars = re.findall('<(applet|object)([^>]*)?[
]+archive=\\\\?[\\\'"]?(.*?)\\\\?[\\\'"> ]', data, re.IGNORECASE)
Original issue reported on code.google.com by dgu...@gmail.com
on 6 Apr 2011 at 11:27
GoogleCodeExporter commented
fixed in r59
Original comment by urul...@gmail.com
on 25 Jul 2011 at 2:43
- Changed state: Fixed