nxbdi/jsunpack-n

Problem extracting links to JARs

Closed this issue · 1 comments

What steps will reproduce the problem?
Use jsunpack to scan a file with the following line in it:

<Applet Code="Update.class" archive="Update.jar" width="0" Height="0">

What do you see instead?
Traceback (most recent call last):
  File "./jsunpackn.py", line 1359, in <module>
    main()
  File "./jsunpackn.py", line 1300, in main
    js = jsunpack(file, ['',mydata,file], options)
  File "./jsunpackn.py", line 133, in __init__
    self.main_decoder(mydata,myfile)
  File "./jsunpackn.py", line 1023, in main_decoder
    jsinurls = self.find_urls(predecoded,tcpaddr)
  File "./jsunpackn.py", line 482, in find_urls
    jars = re.findall('<(applet|object)([^>]*)?[ ]+archive=\\\\?[\\\'"]?(.*?)\\\\?[\\\'"> ]', data, re.IGNORECASE)
  File "/usr/lib/python2.6/re.py", line 177, in findall
    return _compile(pattern, flags).findall(string)
  File "/usr/lib/python2.6/re.py", line 245, in _compile
    raise error, v # invalid expression
sre_constants.error: nothing to repeat


What version of the product are you using? On what operating system?
r55

Please provide any additional information below.

The testcase came from the Eleonore exploit kit v1.4.1, exp.php.

#Ex. <applet mayscript='true' code='bpac.a.class' archive='bnktjvdpxuko4.jar
jars = re.findall('<(applet|object)([^>]*)?[ 
]+archive=\\\\?[\\\'"]?(.*?)\\\\?[\\\'"> ]', data, re.IGNORECASE)

Original issue reported on code.google.com by dgu...@gmail.com on 6 Apr 2011 at 11:27

fixed in r59

Original comment by urul...@gmail.com on 25 Jul 2011 at 2:43

  • Changed state: Fixed