From 593ef8ffa1e3f50b1a88fa3b17d32d854caf74d9 Mon Sep 17 00:00:00 2001 From: Teodor Date: Sun, 8 May 2022 07:14:52 -0700 Subject: [PATCH] Fix vulnerabiliti and some bugs --- src/wfuzz/helpers/obj_dyn.py | 6 ++++-- src/wfuzz/plugins/payloads/burpitem.py | 2 +- src/wfuzz/plugins/scripts/screenshot.py | 2 +- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/src/wfuzz/helpers/obj_dyn.py b/src/wfuzz/helpers/obj_dyn.py index 6221294e..dffc7a19 100644 --- a/src/wfuzz/helpers/obj_dyn.py +++ b/src/wfuzz/helpers/obj_dyn.py @@ -23,7 +23,8 @@ "history.scheme", "history.host", "history.content", - "history.raw_content" "history.is_path", + "history.raw_content", + "history.is_path", "history.pstrip", "history.cookies", "history.headers", @@ -35,7 +36,8 @@ "r.scheme", "r.host", "r.content", - "r.raw_content" "r.is_path", + "r.raw_content", + "r.is_path", "r.pstrip", "r.cookies.", "r.headers.", diff --git a/src/wfuzz/plugins/payloads/burpitem.py b/src/wfuzz/plugins/payloads/burpitem.py index e97de7ef..ca663fc3 100644 --- a/src/wfuzz/plugins/payloads/burpitem.py +++ b/src/wfuzz/plugins/payloads/burpitem.py @@ -4,7 +4,7 @@ from wfuzz.fuzzrequest import FuzzRequest from wfuzz.plugin_api.base import BasePayload from wfuzz.helpers.obj_dyn import rgetattr -import xml.etree.cElementTree as ET +import defusedxml.etree.cElementTree as ET from base64 import b64decode diff --git a/src/wfuzz/plugins/scripts/screenshot.py b/src/wfuzz/plugins/scripts/screenshot.py index bec68bd7..f223bdae 100644 --- a/src/wfuzz/plugins/scripts/screenshot.py +++ b/src/wfuzz/plugins/scripts/screenshot.py @@ -39,7 +39,7 @@ def process(self, fuzzresult): + ".jpg", ) - subprocess.call( + subprocess.check_call( [ "cutycapt", "--url=%s" % pipes.quote(fuzzresult.url),