[Auto-Generated] Bug Report - entropy = floor(log(total) * (len(value) / log(2)))

[1d3df9903ad]

User description

No user description was provided for this bug report given that it was related to handled exceptions in scan with id 60fb098f2c

Version Information

  Python version: 2.7.3 (default, Feb 27 2014, 20:00:17) [GCC 4.6.3]
  GTK version: 2.24.10
  PyGTK version: 2.24.0
  w3af version:
    w3af - Web Application Attack and Audit Framework
    Version: 1.6
    Revision: f7d67d8022 - 01  4月 2014 12:03
    Branch: master
    Local changes: No
    Author: Andres Riancho and the w3af team.

Traceback

An exception was found while running audit.csrf on "http://domain/reg/process.php | Method: POST | Parameters: (email="", password="", confirm_password="", pname="", engname="", bogi="女性", tel1="", tel2="", school="", office="", veg="數位設計領域")". The exception was: "math domain error" at csrf.py:is_csrf_token():247.The full traceback is:
  File "/home/user/w3af/w3af/core/controllers/core_helpers/consumers/audit.py", line 114, in _audit
    plugin.audit_with_copy(fuzzable_request, orig_resp)
  File "/home/user/w3af/w3af/core/controllers/plugins/audit_plugin.py", line 126, in audit_with_copy
    return self.audit(fuzzable_request.copy(), orig_resp)
  File "/home/user/w3af/w3af/plugins/audit/csrf.py", line 86, in audit
    if self._find_csrf_token(freq):
  File "/home/user/w3af/w3af/plugins/audit/csrf.py", line 170, in _find_csrf_token
    if self.is_csrf_token(param_name, element_value):
  File "/home/user/w3af/w3af/plugins/audit/csrf.py", line 247, in is_csrf_token
    entropy = floor(log(total) * (len(value) / log(2)))

Enabled Plugins

{'attack': {},
 'audit': {u'blind_sqli': <OptionList: eq_limit>,
           u'buffer_overflow': <OptionList: >,
           u'csrf': <OptionList: >,
           u'dav': <OptionList: >,
           u'eval': <OptionList: use_time_delay|use_echo>,
           u'file_upload': <OptionList: extensions>,
           u'format_string': <OptionList: >,
           u'frontpage': <OptionList: >,
           u'generic': <OptionList: diff_ratio>,
           u'global_redirect': <OptionList: >,
           u'htaccess_methods': <OptionList: >,
           u'ldapi': <OptionList: >,
           u'lfi': <OptionList: >,
           u'mx_injection': <OptionList: >,
           u'os_commanding': <OptionList: >,
           u'phishing_vector': <OptionList: >,
           u'preg_replace': <OptionList: >,
           u'redos': <OptionList: >,
           u'response_splitting': <OptionList: >,
           u'rfi': <OptionList: listen_address|listen_port|use_w3af_site>,
           u'sqli': <OptionList: >,
           u'ssi': <OptionList: >,
           u'ssl_certificate': <OptionList: minExpireDays|caFileName>,
           u'un_ssl': <OptionList: >,
           u'xpath': <OptionList: >,
           u'xss': <OptionList: persistent_xss>,
           u'xst': <OptionList: >},
 'auth': {},
 'bruteforce': {},
 'crawl': {u'bing_spider': <OptionList: result_limit>,
           u'oracle_discovery': <OptionList: >,
           u'phishtank': <OptionList: >,
           u'phpinfo': <OptionList: >,
           u'robots_txt': <OptionList: >,
           u'sitemap_xml': <OptionList: >,
           u'user_dir': <OptionList: identify_os|identify_apps>,
           u'web_spider': <OptionList: only_forward|follow_regex|ignore_regex>},
 'evasion': {},
 'grep': {u'ajax': <OptionList: >,
          u'analyze_cookies': <OptionList: >,
          u'blank_body': <OptionList: >,
          u'click_jacking': <OptionList: >,
          u'code_disclosure': <OptionList: >,
          u'credit_cards': <OptionList: >,
          u'directory_indexing': <OptionList: >,
          u'dom_xss': <OptionList: >,
          u'dot_net_event_validation': <OptionList: >,
          u'error_500': <OptionList: >,
          u'error_pages': <OptionList: >,
          u'feeds': <OptionList: >,
          u'file_upload': <OptionList: >,
          u'form_autocomplete': <OptionList: >,
          u'get_emails': <OptionList: only_target_domain>,
          u'hash_analysis': <OptionList: >,
          u'html_comments': <OptionList: >,
          u'http_auth_detect': <OptionList: >,
          u'http_in_body': <OptionList: >,
          u'lang': <OptionList: >,
          u'meta_tags': <OptionList: >,
          u'motw': <OptionList: >,
          u'objects': <OptionList: >,
          u'oracle': <OptionList: >,
          u'password_profiling': <OptionList: >,
          u'path_disclosure': <OptionList: >,
          u'private_ip': <OptionList: >,
          u'ssn': <OptionList: >,
          u'strange_headers': <OptionList: >,
          u'strange_http_codes': <OptionList: >,
          u'strange_parameters': <OptionList: >,
          u'strange_reason': <OptionList: >,
          u'svn_users': <OptionList: >,
          u'symfony': <OptionList: override>,
          u'wsdl_greper': <OptionList: >},
 'infrastructure': {u'afd': <OptionList: >,
                    u'allowed_methods': <OptionList: execOneTime|reportDavOnly>,
                    u'detect_reverse_proxy': <OptionList: >,
                    u'detect_transparent_proxy': <OptionList: >,
                    u'dns_wildcard': <OptionList: >,
                    u'dot_net_errors': <OptionList: >,
                    u'find_vhosts': <OptionList: >,
                    'finger_bing': {},
                    'finger_google': {},
                    'finger_pks': {},
                    u'fingerprint_WAF': <OptionList: >,
                    u'fingerprint_os': <OptionList: >,
                    'frontpage_version': {},
                    u'halberd': <OptionList: >,
                    u'hmap': <OptionList: gen_fingerprint>,
                    u'php_eggs': <OptionList: >,
                    u'server_header': <OptionList: >,
                    u'server_status': <OptionList: >,
                    u'shared_hosting': <OptionList: result_limit>},
 'mangle': {},
 'output': {u'console': <OptionList: verbose>}}

[andresriancho]

Dup #452