当我运行代码的以下部分时,出现“nil:NilClass 的未定义方法 `each'”错误。
if request and request.body
print_status(request.body);
request.body.split('&').each { |var|
parts = var.split('=', 2)
if parts.length != 2
print_error("Weird, we got a var that doesn't contain an equals: #{parts.inspect}")
else
fln,fld = parts
fld = Rex::Text.uri_decode(fld)
if fln == "script"
script = fld
end
end
}
end
request.body 的一些测试:
- ---------------------------------- - request.body.class:字符串 - request.body:脚本=测试 - request.body.split('&'): ["script=test"] - 发送 - ---------------------------------- - request.body.class:字符串 - request.body:脚本=警报%28%27ok%27%29%3B - request.body.split('&'): ["script=alert%28%27ok%27%29%3B"] - 发送 - ---------------------------------- - request.body.class:字符串 - request.body:脚本=alert%28%27ok%27%29%3B%3D - request.body.split('&'): ["script=alert%28%27ok%27%29%3B%3D"] - 异常处理请求:nil:NilClass 的未定义方法“每个” - ---------------------------------- - request.body.class:字符串 - request.body:脚本=alert%28%27ok%27%29%3B%5D - request.body.split('&'): ["script=alert%28%27ok%27%29%3B%5D"] - 异常处理请求:nil:NilClass 的未定义方法“每个” - ---------------------------------- - request.body.class:字符串 - request.body:脚本=alert%28%27ok%27%29%3B- - request.body.split('&'): ["script=alert%28%27ok%27%29%3B-"] - 异常处理请求:nil:NilClass 的未定义方法“每个” - ---------------------------------- - request.body.class:字符串 - request.body: 脚本=alert%28%27ok%27%29%3B+ - request.body.split('&'): ["script=alert%28%27ok%27%29%3B+"] - 异常处理请求:nil:NilClass 的未定义方法“每个”
大多数特殊字符会使错误发生。
有什么问题?