Closed
Description
Describe the bug
When try to retrieve tables with --skip-urlencode getting following error:
Traceback (most recent call last):
File "C:\Program Files\Python310\lib\site-packages\ghauri-1.2.1-py3.10.egg\ghauri\core\inject.py", line 87, in inject_expression
attack = request.perform(
File "C:\Program Files\Python310\lib\site-packages\ghauri-1.2.1-py3.10.egg\ghauri\core\request.py", line 180, in perform
raise e
File "C:\Program Files\Python310\lib\site-packages\ghauri-1.2.1-py3.10.egg\ghauri\core\request.py", line 135, in perform
response = opener.open(request, timeout=timeout)
File "C:\Program Files\Python310\lib\urllib\request.py", line 519, in open
response = self._open(req, data)
File "C:\Program Files\Python310\lib\urllib\request.py", line 536, in _open
result = self._call_chain(self.handle_open, protocol, protocol +
File "C:\Program Files\Python310\lib\urllib\request.py", line 496, in _call_chain
result = func(*args)
File "C:\Program Files\Python310\lib\urllib\request.py", line 1377, in http_open
return self.do_open(http.client.HTTPConnection, req)
File "C:\Program Files\Python310\lib\urllib\request.py", line 1348, in do_open
h.request(req.get_method(), req.selector, req.data, headers,
File "C:\Program Files\Python310\lib\http\client.py", line 1276, in request
self._send_request(method, url, body, headers, encode_chunked)
File "C:\Program Files\Python310\lib\http\client.py", line 1287, in _send_request
self.putrequest(method, url, **skips)
File "C:\Program Files\Python310\lib\http\client.py", line 1121, in putrequest
self._validate_path(url)
File "C:\Program Files\Python310\lib\http\client.py", line 1221, in _validate_path
raise InvalidURL(f"URL can't contain control characters. {url!r} "
http.client.InvalidURL: URL can't contain control characters. '/load/(SELECT(0)FROM(SELECT(IF(LENGTH(LENGTH((/*!SELECT*//**_**/COUNT(*)#/**_**/\nFROM' (found at least '\n')
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "C:\Program Files\Python310\Scripts\ghauri-script.py", line 33, in <module>
sys.exit(load_entry_point('ghauri==1.2.1', 'console_scripts', 'ghauri')())
File "C:\Program Files\Python310\lib\site-packages\ghauri-1.2.1-py3.10.egg\ghauri\scripts\ghauri.py", line 514, in main
target.extract_tables(
File "C:\Program Files\Python310\lib\site-packages\ghauri-1.2.1-py3.10.egg\ghauri\ghauri.py", line 735, in extract_tables
response = target_adv.fetch_tables(
File "C:\Program Files\Python310\lib\site-packages\ghauri-1.2.1-py3.10.egg\ghauri\extractor\advance.py", line 423, in fetch_tables
retval = self.__execute_expression(
File "C:\Program Files\Python310\lib\site-packages\ghauri-1.2.1-py3.10.egg\ghauri\extractor\advance.py", line 82, in __execute_expression
retval = ghauri_extractor.fetch_characters(
File "C:\Program Files\Python310\lib\site-packages\ghauri-1.2.1-py3.10.egg\ghauri\core\extract.py", line 2015, in fetch_characters
length = self.fetch_length(
File "C:\Program Files\Python310\lib\site-packages\ghauri-1.2.1-py3.10.egg\ghauri\core\extract.py", line 1515, in fetch_length
noc, _ = self.fetch_noc(
File "C:\Program Files\Python310\lib\site-packages\ghauri-1.2.1-py3.10.egg\ghauri\core\extract.py", line 1424, in fetch_noc
attack = inject_expression(
File "C:\Program Files\Python310\lib\site-packages\ghauri-1.2.1-py3.10.egg\ghauri\core\inject.py", line 141, in inject_expression
logger.critical(f"{e.reason}. Ghauri is going to retry..")
AttributeError: 'InvalidURL' object has no attribute 'reason'
To Reproduce
Steps to reproduce the behavior:
ghauri -u "http://***.bg/load/*" -D bu*** --tables --skip-urlencode
you got the website in your email
Expected behavior
To retrieve tables without error
Screenshots
Desktop (please complete the following information):
- OS: Windows
- Ghauri version which is causing the error (should be latest) 1.2.3
- Type of SQL injection which cause the error: time
- Phase where error occur: table