[Auto-Generated] Bug Report - raise ValueError('Invalid header value %r' % (one_value,))

[1d3df9903ad]

No user description was provided for this bug report given that it was related to handled exceptions in scan with id 949898e10a

Version Information

  Python version: 2.7.10 (default, May 24 2015, 14:46:10) [GCC]
  GTK version: 2.24.29
  PyGTK version: 2.24.0
  w3af version:
    w3af - Web Application Attack and Audit Framework
    Version: 1.7.6
    Revision: b699b9602b - 27 ene 2016 12:06
    Branch: master
    Local changes: No
    Author: Andres Riancho and the w3af team.

Traceback

A "ValueError" exception was found while running audit.blind_sqli on "Method: GET | http://domain:8008/1894831558/saveprofile | URL encoded form: (action, uid, pw, is_author)". The exception was: "Invalid header value 'GRUYERE=90923465|w3af; GRUYERE=42367666|w3af\rvulnerable073b: ae5cw3af||author'" at httplib.py:putheader():1031.The full traceback is:
  File "/home/user/w3af/w3af/core/controllers/core_helpers/consumers/audit.py", line 126, in _audit
    plugin.audit_with_copy(fuzzable_request, orig_resp)
  File "/home/user/w3af/w3af/core/controllers/plugins/audit_plugin.py", line 138, in audit_with_copy
    return self.audit(fuzzable_request, orig_resp)
  File "/home/user/w3af/w3af/plugins/audit/blind_sqli.py", line 80, in audit
    found_vuln = method.is_injectable(mutant)
  File "/home/user/w3af/w3af/core/controllers/sql_tools/blind_sqli_response_diff.py", line 69, in is_injectable
    statement_type)
  File "/home/user/w3af/w3af/core/controllers/sql_tools/blind_sqli_response_diff.py", line 115, in _find_bsql
    _, body_true_response = send_clean(mutant)
  File "/home/user/w3af/w3af/core/data/url/extended_urllib.py", line 494, in send_clean
    http_response = self.send_mutant(mutant, cache=False)
  File "/home/user/w3af/w3af/core/data/url/extended_urllib.py", line 576, in send_mutant
    res = functor(*args, **kwargs)
  File "/home/user/w3af/w3af/core/data/url/extended_urllib.py", line 634, in GET
    return self.send(req, grep=grep)
  File "/home/user/w3af/w3af/core/data/url/extended_urllib.py", line 810, in send
    res = self._opener.open(req)
  File "/home/user/w3af/w3af/core/data/url/director.py", line 33, in open
    response = self._open(req, data)
  File "/usr/lib/python2.7/urllib2.py", line 449, in _open
    '_open', req)
  File "/usr/lib/python2.7/urllib2.py", line 409, in _call_chain
    result = func(*args)
  File "/home/user/w3af/w3af/core/data/url/handlers/keepalive/handler.py", line 330, in http_open
    return self.do_open(req)
  File "/home/user/w3af/w3af/core/data/url/handlers/keepalive/handler.py", line 142, in do_open
    resp, start = self._get_response(conn, req)
  File "/home/user/w3af/w3af/core/data/url/handlers/keepalive/handler.py", line 217, in _get_response
    self._start_transaction(conn, request)
  File "/home/user/w3af/w3af/core/data/url/handlers/keepalive/handler.py", line 311, in _start_transaction
    to_utf8_raw(v))
  File "/usr/lib/python2.7/httplib.py", line 1031, in putheader
    raise ValueError('Invalid header value %r' % (one_value,))

Enabled Plugins

{'attack': {},
 'audit': {'blind_sqli': {},
           'buffer_overflow': {},
           'csrf': {},
           'dav': {},
           'eval': {},
           'file_upload': {},
           'format_string': {},
           'frontpage': {},
           'generic': {},
           'global_redirect': {},
           'htaccess_methods': {},
           'ldapi': {},
           'lfi': {},
           'mx_injection': {},
           'os_commanding': {},
           'phishing_vector': {},
           'preg_replace': {},
           'redos': {},
           'response_splitting': {},
           'rfi': {},
           'sqli': {},
           'ssi': {},
           'ssl_certificate': {},
           'un_ssl': {},
           'xpath': {},
           'xss': {},
           'xst': {}},
 'auth': {},
 'bruteforce': {},
 'crawl': {'bing_spider': {},
           'oracle_discovery': {},
           'phishtank': {},
           'phpinfo': {},
           'robots_txt': {},
           'sitemap_xml': {},
           'user_dir': {},
           'web_spider': {}},
 'evasion': {},
 'grep': {'analyze_cookies': {},
          'blank_body': {},
          'click_jacking': {},
          'code_disclosure': {},
          'credit_cards': {},
          'directory_indexing': {},
          'dom_xss': {},
          'dot_net_event_validation': {},
          'error_500': {},
          'error_pages': {},
          'feeds': {},
          'form_autocomplete': {},
          'get_emails': {},
          'hash_analysis': {},
          'html_comments': {},
          'http_auth_detect': {},
          'http_in_body': {},
          'lang': {},
          'meta_tags': {},
          'motw': {},
          'objects': {},
          'oracle': {},
          'password_profiling': {},
          'path_disclosure': {},
          'private_ip': {},
          'ssn': {},
          'strange_headers': {},
          'strange_http_codes': {},
          'strange_parameters': {},
          'strange_reason': {},
          'svn_users': {},
          'symfony': {},
          'wsdl_greper': {}},
 'infrastructure': {'afd': {},
                    'allowed_methods': {},
                    'detect_reverse_proxy': {},
                    'detect_transparent_proxy': {},
                    'dns_wildcard': {},
                    'dot_net_errors': {},
                    'find_vhosts': {},
                    'finger_bing': {},
                    'finger_google': {},
                    'finger_pks': {},
                    'fingerprint_WAF': {},
                    'fingerprint_os': {},
                    'frontpage_version': {},
                    'halberd': {},
                    'hmap': {},
                    'php_eggs': {},
                    'server_header': {},
                    'server_status': {},
                    'shared_hosting': {}},
 'mangle': {},
 'output': {'console': {}}}

[andreydanin]

This error occurs during header fuzzing.

$ cat crlf.w3af

misc-settings
set fuzzable_headers host
back

target
set target http://w3af-target
back

plugins
audit response_splitting
back

start
exit

$ w3af_console -s crlf.w3af

w3af>>> misc-settings w3af/config:misc-settings>>> set fuzzable_headers host w3af/config:misc-settings>>> back The configuration has been saved. w3af>>> target w3af/config:target>>> set target http://w3af-target w3af/config:target>>> back The configuration has been saved. w3af>>> plugins w3af/plugins>>> audit response_splitting w3af/plugins>>> back w3af>>> start A "ValueError" exception was found while running audit.response_splitting on "Method: GET | http://domain/". The exception was: "Invalid header value 'w3af\nvulnerable073b: ae5cw3af'" at httplib.py:putheader():1035. The scan will continue but some vulnerabilities might not be identified. Scan finished in 3 seconds. Stopping the core... w3af>>> exit w3af>>> Liked it? Donate some money!

$ cat /tmp/w3af-crash-*

A "ValueError" exception was found while running audit.response_splitting on "Method: GET | http://domain/". The exception was: "Invalid header value 'w3af\nvulnerable073b: ae5cw3af'" at httplib.py:putheader():1035.The full traceback is: File "/usr/share/w3af/w3af/core/controllers/core_helpers/consumers/audit.py", line 126, in _audit plugin.audit_with_copy(fuzzable_request, orig_resp) ...