search

andresriancho / w3af

w3af: web application attack and audit framework, the open source web vulnerability scanner.
http://w3af.org/
4.58k stars 1.22k forks source link

[Auto-Generated] Bug Report - dc_copy[pname][element_index] = mutant_str #2136

Closed 1d3df9903ad closed 10 years ago

1d3df9903ad commented 10 years ago

User description

No user description was provided for this bug report given that it was related to handled exceptions in scan with id f0bfc1e965

Version Information

  Python version: 2.7.3 (default, Mar 14 2014, 11:57:14) [GCC 4.7.2]
  GTK version: 2.24.10
  PyGTK version: 2.24.0
  w3af version:
    w3af - Web Application Attack and Audit Framework
    Version: 1.6
    Distribution: Kali Linux
    Author: Andres Riancho and the w3af team.

Traceback

An exception was found while running audit.blind_sqli on "http://domain/%%75F%460%65\%%75FF%32f%%75F%46%33%33%%75%46F3%32%u%46%46%35%32%%75F%4616%%75F%461%31%uFF%317%%75%46F%34d%uFF5%33%%75F%46%34%32%uF%46%327%uF%46%330%uF%462%39%%75F%46%351%uFF26%%75%46F%348%uFF2%38%%75%46%46%32f%%75%46%46%337%%75F%464a%u%46F17%%75FF2%61\%uF%460%65\%uFF0e%%75%46F-12%uFF-1%31%%75%46F0e\%uFF%30%65\ | Method: GET | Parameters: (42Vp7="X", 42Vp7="v", 42Vp7="Q", 42Vp7="2", 42Vp7="k", 42Vp7="F", 42Vp7="G", 42Vp7="q")". The exception was: "'str' object does not support item assignment" at mutant.py:_create_mutants_worker():275.The full traceback is:
  File "/usr/share/w3af/w3af/core/controllers/core_helpers/consumers/audit.py", line 114, in _audit
    plugin.audit_with_copy(fuzzable_request, orig_resp)
  File "/usr/share/w3af/w3af/core/controllers/plugins/audit_plugin.py", line 126, in audit_with_copy
    return self.audit(fuzzable_request.copy(), orig_resp)
  File "/usr/share/w3af/w3af/plugins/audit/blind_sqli.py", line 67, in audit
    fake_mutants = create_mutants(freq, ['', ])
  File "/usr/share/w3af/w3af/core/data/fuzzer/fuzzer.py", line 55, in create_mutants
    fuzzer_config)
  File "/usr/share/w3af/w3af/core/data/fuzzer/mutants/querystring_mutant.py", line 51, in create_mutants
    append, fuzzer_config)
  File "/usr/share/w3af/w3af/core/data/fuzzer/mutants/mutant.py", line 275, in _create_mutants_worker
    dc_copy[pname][element_index] = mutant_str

Enabled Plugins

{'attack': {},
 'audit': {u'blind_sqli': <OptionList: eq_limit>,
           u'buffer_overflow': <OptionList: >,
           u'cors_origin': <OptionList: origin_header_value>,
           u'csrf': <OptionList: >,
           u'dav': <OptionList: >,
           u'eval': <OptionList: use_time_delay|use_echo>,
           u'file_upload': <OptionList: extensions>,
           u'format_string': <OptionList: >,
           u'frontpage': <OptionList: >,
           u'generic': <OptionList: diff_ratio>,
           u'global_redirect': <OptionList: >,
           u'htaccess_methods': <OptionList: >,
           u'ldapi': <OptionList: >,
           u'lfi': <OptionList: >,
           u'mx_injection': <OptionList: >,
           u'os_commanding': <OptionList: >,
           u'phishing_vector': <OptionList: >,
           u'preg_replace': <OptionList: >,
           u'redos': <OptionList: >,
           u'response_splitting': <OptionList: >,
           u'rfi': <OptionList: listen_address|listen_port|use_w3af_site>,
           u'sqli': <OptionList: >,
           u'ssi': <OptionList: >,
           'ssl_certificate': {},
           u'un_ssl': <OptionList: >,
           u'xpath': <OptionList: >,
           u'xss': <OptionList: persistent_xss>,
           u'xst': <OptionList: >},
 'auth': {'detailed': {}},
 'bruteforce': {'basic_auth': {}, 'form_auth': {}},
 'crawl': {'archive_dot_org': {},
           'bing_spider': {},
           'content_negotiation': {},
           'digit_sum': {},
           'dir_file_bruter': {},
           'dot_listing': {},
           'find_backdoors': {},
           'find_captchas': {},
           'find_dvcs': {},
           'genexus_xml': {},
           'ghdb': {},
           'google_spider': {},
           'import_results': {},
           'oracle_discovery': {},
           'phishtank': {},
           'phpinfo': {},
           'pykto': {},
           'ria_enumerator': {},
           'robots_txt': {},
           'sitemap_xml': {},
           'spider_man': {},
           'url_fuzzer': {},
           'urllist_txt': {},
           'user_dir': {},
           'web_diff': {},
           u'web_spider': <OptionList: only_forward|follow_regex|ignore_regex>,
           'wordnet': {},
           'wordpress_enumerate_users': {},
           'wordpress_fingerprint': {},
           'wordpress_fullpathdisclosure': {},
           'wsdl_finder': {}},
 'evasion': {'backspace_between_dots': {},
             'full_width_encode': {},
             'mod_security': {},
             'reversed_slashes': {},
             'rnd_case': {},
             'rnd_hex_encode': {},
             'rnd_param': {},
             'rnd_path': {},
             'self_reference': {},
             'shift_out_in_between_dots': {},
             'x_forwarded_for': {}},
 'grep': {u'ajax': <OptionList: >,
          u'analyze_cookies': <OptionList: >,
          u'blank_body': <OptionList: >,
          u'cache_control': <OptionList: >,
          'clamav': {},
          u'click_jacking': <OptionList: >,
          u'code_disclosure': <OptionList: >,
          u'credit_cards': <OptionList: >,
          u'cross_domain_js': <OptionList: >,
          'csp': {},
          u'directory_indexing': <OptionList: >,
          u'dom_xss': <OptionList: >,
          u'dot_net_event_validation': <OptionList: >,
          u'error_500': <OptionList: >,
          u'error_pages': <OptionList: >,
          u'feeds': <OptionList: >,
          u'file_upload': <OptionList: >,
          u'form_autocomplete': <OptionList: >,
          u'get_emails': <OptionList: only_target_domain>,
          u'hash_analysis': <OptionList: >,
          u'html_comments': <OptionList: >,
          u'http_auth_detect': <OptionList: >,
          u'http_in_body': <OptionList: >,
          u'lang': <OptionList: >,
          u'meta_tags': <OptionList: >,
          u'motw': <OptionList: >,
          u'objects': <OptionList: >,
          u'oracle': <OptionList: >,
          u'password_profiling': <OptionList: >,
          u'path_disclosure': <OptionList: >,
          u'private_ip': <OptionList: >,
          u'ssn': <OptionList: >,
          u'strange_headers': <OptionList: >,
          u'strange_http_codes': <OptionList: >,
          u'strange_parameters': <OptionList: >,
          u'strange_reason': <OptionList: >,
          u'svn_users': <OptionList: >,
          u'symfony': <OptionList: override>,
          u'url_session': <OptionList: >,
          u'user_defined_regex': <OptionList: single_regex|regex_file_path>,
          u'wsdl_greper': <OptionList: >,
          u'xss_protection_header': <OptionList: >},
 'infrastructure': {u'afd': <OptionList: >,
                    u'allowed_methods': <OptionList: execOneTime|reportDavOnly>,
                    u'detect_reverse_proxy': <OptionList: >,
                    u'detect_transparent_proxy': <OptionList: >,
                    u'dns_wildcard': <OptionList: >,
                    u'domain_dot': <OptionList: >,
                    'dot_net_errors': {},
                    u'favicon_identification': <OptionList: >,
                    u'find_jboss': <OptionList: >,
                    u'find_vhosts': <OptionList: >,
                    'finger_bing': {},
                    'finger_google': {},
                    'finger_pks': {},
                    u'fingerprint_WAF': <OptionList: >,
                    u'fingerprint_os': <OptionList: >,
                    u'frontpage_version': <OptionList: >,
                    u'halberd': <OptionList: >,
                    u'hmap': <OptionList: gen_fingerprint>,
                    u'http_vs_https_dist': <OptionList: httpPort|httpsPort>,
                    u'php_eggs': <OptionList: >,
                    u'server_header': <OptionList: >,
                    u'server_status': <OptionList: >,
                    'shared_hosting': {},
                    'xssed_dot_com': {},
                    'zone_h': {}},
 'mangle': {'sed': {}},
 'output': {u'console': <OptionList: verbose>,
            'csv_file': {},
            'email_report': {},
            'export_requests': {},
            'html_file': {},
            u'text_file': <OptionList: verbose|output_file|http_output_file>,
            'xml_file': {}}}
andresriancho commented 10 years ago

Duplicates #2154