Closed 1d3df9903ad closed 8 years ago
This error occurs during header fuzzing.
$ cat crlf.w3af
misc-settings
set fuzzable_headers host
back
target
set target http://w3af-target
back
plugins
audit response_splitting
back
start
exit
$ w3af_console -s crlf.w3af
w3af>>> misc-settings w3af/config:misc-settings>>> set fuzzable_headers host w3af/config:misc-settings>>> back The configuration has been saved. w3af>>> target w3af/config:target>>> set target http://w3af-target w3af/config:target>>> back The configuration has been saved. w3af>>> plugins w3af/plugins>>> audit response_splitting w3af/plugins>>> back w3af>>> start A "ValueError" exception was found while running audit.response_splitting on "Method: GET | http://domain/". The exception was: "Invalid header value 'w3af\nvulnerable073b: ae5cw3af'" at httplib.py:putheader():1035. The scan will continue but some vulnerabilities might not be identified. Scan finished in 3 seconds. Stopping the core... w3af>>> exit w3af>>> Liked it? Donate some money!
$ cat /tmp/w3af-crash-*
A "ValueError" exception was found while running audit.response_splitting on "Method: GET | http://domain/". The exception was: "Invalid header value 'w3af\nvulnerable073b: ae5cw3af'" at httplib.py:putheader():1035.The full traceback is: File "/usr/share/w3af/w3af/core/controllers/core_helpers/consumers/audit.py", line 126, in _audit plugin.audit_with_copy(fuzzable_request, orig_resp) ...
No user description was provided for this bug report given that it was related to handled exceptions in scan with id 949898e10a
Version Information
Traceback
Enabled Plugins