wpscan
wpscan copied to clipboard
wpscanteam
Scan Aborted: lexical error: invalid char in json text.
Subject of the issue
When performing a scan, the process terminates with error: "Scan Aborted: lexical error: invalid char in json text."
Your environment
- Version of WPScan: 3.8.22
- Version of Ruby: 3.0.3p157
- Operating System (OS): Kali
Steps to reproduce
It happens when I scan a specific website. The website is known to have been compromised. I don't want to publicly disclose the URL of the website, so please contact me privately.
Expected behavior
The scan is expected to complete normally.
Actual behavior
The scan terminates with error: "Scan Aborted: lexical error: invalid char in json text."
Full error stack:
Scan Aborted: lexical error: invalid char in json text.
<!DOCTYPE html> <!--[if lt IE 7
(right here) ------^
Trace: /usr/lib/ruby/vendor_ruby/yajl/json_gem/parsing.rb:15:in `rescue in parse'
/usr/lib/ruby/vendor_ruby/yajl/json_gem/parsing.rb:11:in `parse'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.22/lib/wpscan/db/vuln_api.rb:30:in `get'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.22/lib/wpscan/db/vuln_api.rb:48:in `plugin_data'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.22/app/models/plugin.rb:27:in `db_data'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.22/app/models/plugin.rb:22:in `metadata'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.22/app/models/wp_item.rb:65:in `latest_version'
(erb):2:in `render'
/usr/lib/ruby/3.0.0/erb.rb:905:in `eval'
/usr/lib/ruby/3.0.0/erb.rb:905:in `result'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.13.8/lib/cms_scanner/formatter.rb:100:in `render'
(erb):9:in `block in render'
(erb):6:in `each'
(erb):6:in `render'
/usr/lib/ruby/3.0.0/erb.rb:905:in `eval'
/usr/lib/ruby/3.0.0/erb.rb:905:in `result'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.13.8/lib/cms_scanner/formatter.rb:100:in `render'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.13.8/lib/cms_scanner/formatter.rb:84:in `output'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.13.8/lib/cms_scanner/controller.rb:59:in `output'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.22/app/controllers/enumeration/enum_methods.rb:83:in `enum_plugins'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.22/app/controllers/enumeration.rb:13:in `run'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.13.8/lib/cms_scanner/controllers.rb:50:in `each'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.13.8/lib/cms_scanner/controllers.rb:50:in `block in run'
/usr/lib/ruby/3.0.0/timeout.rb:80:in `timeout'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.13.8/lib/cms_scanner/controllers.rb:45:in `run'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.13.8/lib/cms_scanner/scan.rb:24:in `run'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.22/bin/wpscan:17:in `block in <top (required)>'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.13.8/lib/cms_scanner/scan.rb:15:in `initialize'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.22/bin/wpscan:6:in `new'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.22/bin/wpscan:6:in `<top (required)>'
/usr/bin/wpscan:25:in `load'
/usr/bin/wpscan:25:in `<main>'
What have you already tried
I tried to peform the scan from a clean OS, with a fresh installation of wpscan and ruby. The result is the same. Scanning other WPs works fine.
- Update WPScan to the latest version [ x ]
- Update Ruby to the latest version [ x ]
- Ensure you can reach the target site using cURL [ x ]
- Proxied WPScan through a HTTP proxy to view the raw traffic [ ]
- Ensure you are using a supported Operating System (Linux and macOS) [ x ]
It looks like this was caused by an invalid response from the WPScan API. If this is the case, I imagine it was a temporary issue. Are you able to re-test on the latest version and see whether the issue is still occurring?
