Scan Aborted: lexical error: invalid char in json text.

[wizlab-it]

Subject of the issue

When performing a scan, the process terminates with error: "Scan Aborted: lexical error: invalid char in json text."

Your environment

• Version of WPScan: 3.8.22
• Version of Ruby: 3.0.3p157
• Operating System (OS): Kali

Steps to reproduce

It happens when I scan a specific website. The website is known to have been compromised. I don't want to publicly disclose the URL of the website, so please contact me privately.

Expected behavior

The scan is expected to complete normally.

Actual behavior

The scan terminates with error: "Scan Aborted: lexical error: invalid char in json text."

Full error stack:

Scan Aborted: lexical error: invalid char in json text.
                                       <!DOCTYPE html> <!--[if lt IE 7
                     (right here) ------^

Trace: /usr/lib/ruby/vendor_ruby/yajl/json_gem/parsing.rb:15:in `rescue in parse'
/usr/lib/ruby/vendor_ruby/yajl/json_gem/parsing.rb:11:in `parse'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.22/lib/wpscan/db/vuln_api.rb:30:in `get'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.22/lib/wpscan/db/vuln_api.rb:48:in `plugin_data'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.22/app/models/plugin.rb:27:in `db_data'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.22/app/models/plugin.rb:22:in `metadata'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.22/app/models/wp_item.rb:65:in `latest_version'
(erb):2:in `render'
/usr/lib/ruby/3.0.0/erb.rb:905:in `eval'
/usr/lib/ruby/3.0.0/erb.rb:905:in `result'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.13.8/lib/cms_scanner/formatter.rb:100:in `render'
(erb):9:in `block in render'
(erb):6:in `each'
(erb):6:in `render'
/usr/lib/ruby/3.0.0/erb.rb:905:in `eval'
/usr/lib/ruby/3.0.0/erb.rb:905:in `result'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.13.8/lib/cms_scanner/formatter.rb:100:in `render'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.13.8/lib/cms_scanner/formatter.rb:84:in `output'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.13.8/lib/cms_scanner/controller.rb:59:in `output'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.22/app/controllers/enumeration/enum_methods.rb:83:in `enum_plugins'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.22/app/controllers/enumeration.rb:13:in `run'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.13.8/lib/cms_scanner/controllers.rb:50:in `each'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.13.8/lib/cms_scanner/controllers.rb:50:in `block in run'
/usr/lib/ruby/3.0.0/timeout.rb:80:in `timeout'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.13.8/lib/cms_scanner/controllers.rb:45:in `run'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.13.8/lib/cms_scanner/scan.rb:24:in `run'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.22/bin/wpscan:17:in `block in <top (required)>'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.13.8/lib/cms_scanner/scan.rb:15:in `initialize'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.22/bin/wpscan:6:in `new'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.22/bin/wpscan:6:in `<top (required)>'
/usr/bin/wpscan:25:in `load'
/usr/bin/wpscan:25:in `<main>'

What have you already tried

I tried to peform the scan from a clean OS, with a fresh installation of wpscan and ruby. The result is the same.
Scanning other WPs works fine.

• Update WPScan to the latest version [ x ]
• Update Ruby to the latest version [ x ]
• Ensure you can reach the target site using cURL [ x ]
• Proxied WPScan through a HTTP proxy to view the raw traffic [ ]
• Ensure you are using a supported Operating System (Linux and macOS) [ x ]

[alexsanford]

It looks like this was caused by an invalid response from the WPScan API. If this is the case, I imagine it was a temporary issue. Are you able to re-test on the latest version and see whether the issue is still occurring?