0

When I run the following part of my code the "undefined method `each' for nil:NilClass" error appears.

if request and request.body
  print_status(request.body);
  request.body.split('&').each { |var|
    parts = var.split('=', 2)
    if parts.length != 2
      print_error("Weird, we got a var that doesn't contain an equals: #{parts.inspect}")
    else
      fln,fld = parts
      fld = Rex::Text.uri_decode(fld)
      if fln == "script"
        script = fld
      end
    end
  }
end


Some tests with request.body:

- ----------------------------------
- request.body.class: String
- request.body: script=test
- request.body.split('&'): ["script=test"]
- Sending
- ----------------------------------
- request.body.class: String
- request.body: script=alert%28%27ok%27%29%3B
- request.body.split('&'): ["script=alert%28%27ok%27%29%3B"]
- Sending
- ----------------------------------
- request.body.class: String
- request.body: script=alert%28%27ok%27%29%3B%3D
- request.body.split('&'): ["script=alert%28%27ok%27%29%3B%3D"]
- Exception handling request: undefined method `each' for nil:NilClass
- ----------------------------------
- request.body.class: String
- request.body: script=alert%28%27ok%27%29%3B%5D
- request.body.split('&'): ["script=alert%28%27ok%27%29%3B%5D"]
- Exception handling request: undefined method `each' for nil:NilClass
- ----------------------------------
- request.body.class: String
- request.body: script=alert%28%27ok%27%29%3B-
- request.body.split('&'): ["script=alert%28%27ok%27%29%3B-"]
- Exception handling request: undefined method `each' for nil:NilClass
- ----------------------------------
- request.body.class: String
- request.body: script=alert%28%27ok%27%29%3B+
- request.body.split('&'): ["script=alert%28%27ok%27%29%3B+"]
- Exception handling request: undefined method `each' for nil:NilClass

Most special characters make the error occurs.
What could be wrong?

Robert
  • 3
  • 1
  • 4
  • 1
    What is `request.body`? A string? – Marek Lipka Feb 14 '14 at 10:08
  • Is it really `request.body.split('&').each` line throwing an exception? I don't see the problem here, if `request.body.split('&')` is always a string. – Maksim Gladkov Feb 14 '14 at 10:49
  • request.body.split('&') return an array of 1 item. Yes, it is the only each on entire rb file. – Robert Feb 14 '14 at 10:53
  • It might be each defined somewhere else. Could you post your backtrace? (e.g. there might be `each` inside `Rex::Text.url_encode` method). Split is always returning an array, so it must be somewhere else. – BroiSatse Feb 14 '14 at 10:58
  • There is no method url_encode inside Rex::Text. There is uri_encode / uri_decode. Check the sources: https://dev.metasploit.com/api/Rex/Text.html#uri_encode-class_method https://dev.metasploit.com/api/Rex/Text.html#uri_decode-class_method – Robert Feb 14 '14 at 11:11
  • I've tried to put an exception handler to backtrrace (with begin and rescue => e) but it doen't catch the excpetion. I don't know why. – Robert Feb 14 '14 at 11:14
  • You're right. The problem is not in this code. After execute this, there is the following calls: js = ::Rex::Exploitation::JSObfu.new %Q| #{script} js.obfuscate | the problem is inside js.obfuscate method. Exactly in this function: https://dev.metasploit.com/api/Rex/Exploitation/JSObfu.html#obfuscate_r-instance_method – Robert Feb 14 '14 at 11:22

1 Answers1

1

Please, try to use request.body.read instead of request.body.

ActionDispatch::Request.body method is StringIO, refer to: http://api.rubyonrails.org/classes/ActionDispatch/Request.html#method-i-body

Maksim Gladkov
  • 3,051
  • 1
  • 14
  • 16