search

andresriancho / w3af

w3af: web application attack and audit framework, the open source web vulnerability scanner.
http://w3af.org/
4.56k stars 1.22k forks source link

[Auto-Generated] Bug Report - dc_copy[pname][element_index] = mutant_str #2141

Closed 1d3df9903ad closed 10 years ago

1d3df9903ad commented 10 years ago

User description

No user description was provided for this bug report given that it was related to handled exceptions in scan with id f0bfc1e965

Version Information

  Python version: 2.7.3 (default, Mar 14 2014, 11:57:14) [GCC 4.7.2]
  GTK version: 2.24.10
  PyGTK version: 2.24.0
  w3af version:
    w3af - Web Application Attack and Audit Framework
    Version: 1.6
    Distribution: Kali Linux
    Author: Andres Riancho and the w3af team.

Traceback

An exception was found while running audit.mx_injection on "http://domain/%%75F%460%65\%%75FF%32f%%75F%46%33%33%%75%46F3%32%u%46%46%35%32%%75F%4616%%75F%461%31%uFF%317%%75%46F%34d%uFF5%33%%75F%46%34%32%uF%46%327%uF%46%330%uF%462%39%%75F%46%351%uFF26%%75%46F%348%uFF2%38%%75%46%46%32f%%75%46%46%337%%75F%464a%u%46F17%%75FF2%61\%uF%460%65\%uFF0e%%75%46F-12%uFF-1%31%%75%46F0e\%uFF%30%65\ | Method: GET | Parameters: (42Vp7="X", 42Vp7="v", 42Vp7="Q", 42Vp7="2", 42Vp7="k", 42Vp7="F", 42Vp7="G", 42Vp7="q")". The exception was: "'str' object does not support item assignment" at mutant.py:_create_mutants_worker():275.The full traceback is:
  File "/usr/share/w3af/w3af/core/controllers/core_helpers/consumers/audit.py", line 114, in _audit
    plugin.audit_with_copy(fuzzable_request, orig_resp)
  File "/usr/share/w3af/w3af/core/controllers/plugins/audit_plugin.py", line 126, in audit_with_copy
    return self.audit(fuzzable_request.copy(), orig_resp)
  File "/usr/share/w3af/w3af/plugins/audit/mx_injection.py", line 66, in audit
    orig_resp=orig_response)
  File "/usr/share/w3af/w3af/core/data/fuzzer/fuzzer.py", line 55, in create_mutants
    fuzzer_config)
  File "/usr/share/w3af/w3af/core/data/fuzzer/mutants/querystring_mutant.py", line 51, in create_mutants
    append, fuzzer_config)
  File "/usr/share/w3af/w3af/core/data/fuzzer/mutants/mutant.py", line 275, in _create_mutants_worker
    dc_copy[pname][element_index] = mutant_str

Enabled Plugins

{'attack': {},
 'audit': {u'blind_sqli': <OptionList: eq_limit>,
           u'buffer_overflow': <OptionList: >,
           u'cors_origin': <OptionList: origin_header_value>,
           u'csrf': <OptionList: >,
           u'dav': <OptionList: >,
           u'eval': <OptionList: use_time_delay|use_echo>,
           u'file_upload': <OptionList: extensions>,
           u'format_string': <OptionList: >,
           u'frontpage': <OptionList: >,
           u'generic': <OptionList: diff_ratio>,
           u'global_redirect': <OptionList: >,
           u'htaccess_methods': <OptionList: >,
           u'ldapi': <OptionList: >,
           u'lfi': <OptionList: >,
           u'mx_injection': <OptionList: >,
           u'os_commanding': <OptionList: >,
           u'phishing_vector': <OptionList: >,
           u'preg_replace': <OptionList: >,
           u'redos': <OptionList: >,
           u'response_splitting': <OptionList: >,
           u'rfi': <OptionList: listen_address|listen_port|use_w3af_site>,
           u'sqli': <OptionList: >,
           u'ssi': <OptionList: >,
           'ssl_certificate': {},
           u'un_ssl': <OptionList: >,
           u'xpath': <OptionList: >,
           u'xss': <OptionList: persistent_xss>,
           u'xst': <OptionList: >},
 'auth': {'detailed': {}},
 'bruteforce': {'basic_auth': {}, 'form_auth': {}},
 'crawl': {'archive_dot_org': {},
           'bing_spider': {},
           'content_negotiation': {},
           'digit_sum': {},
           'dir_file_bruter': {},
           'dot_listing': {},
           'find_backdoors': {},
           'find_captchas': {},
           'find_dvcs': {},
           'genexus_xml': {},
           'ghdb': {},
           'google_spider': {},
           'import_results': {},
           'oracle_discovery': {},
           'phishtank': {},
           'phpinfo': {},
           'pykto': {},
           'ria_enumerator': {},
           'robots_txt': {},
           'sitemap_xml': {},
           'spider_man': {},
           'url_fuzzer': {},
           'urllist_txt': {},
           'user_dir': {},
           'web_diff': {},
           u'web_spider': <OptionList: only_forward|follow_regex|ignore_regex>,
           'wordnet': {},
           'wordpress_enumerate_users': {},
           'wordpress_fingerprint': {},
           'wordpress_fullpathdisclosure': {},
           'wsdl_finder': {}},
 'evasion': {'backspace_between_dots': {},
             'full_width_encode': {},
             'mod_security': {},
             'reversed_slashes': {},
             'rnd_case': {},
             'rnd_hex_encode': {},
             'rnd_param': {},
             'rnd_path': {},
             'self_reference': {},
             'shift_out_in_between_dots': {},
             'x_forwarded_for': {}},
 'grep': {u'ajax': <OptionList: >,
          u'analyze_cookies': <OptionList: >,
          u'blank_body': <OptionList: >,
          u'cache_control': <OptionList: >,
          'clamav': {},
          u'click_jacking': <OptionList: >,
          u'code_disclosure': <OptionList: >,
          u'credit_cards': <OptionList: >,
          u'cross_domain_js': <OptionList: >,
          'csp': {},
          u'directory_indexing': <OptionList: >,
          u'dom_xss': <OptionList: >,
          u'dot_net_event_validation': <OptionList: >,
          u'error_500': <OptionList: >,
          u'error_pages': <OptionList: >,
          u'feeds': <OptionList: >,
          u'file_upload': <OptionList: >,
          u'form_autocomplete': <OptionList: >,
          u'get_emails': <OptionList: only_target_domain>,
          u'hash_analysis': <OptionList: >,
          u'html_comments': <OptionList: >,
          u'http_auth_detect': <OptionList: >,
          u'http_in_body': <OptionList: >,
          u'lang': <OptionList: >,
          u'meta_tags': <OptionList: >,
          u'motw': <OptionList: >,
          u'objects': <OptionList: >,
          u'oracle': <OptionList: >,
          u'password_profiling': <OptionList: >,
          u'path_disclosure': <OptionList: >,
          u'private_ip': <OptionList: >,
          u'ssn': <OptionList: >,
          u'strange_headers': <OptionList: >,
          u'strange_http_codes': <OptionList: >,
          u'strange_parameters': <OptionList: >,
          u'strange_reason': <OptionList: >,
          u'svn_users': <OptionList: >,
          u'symfony': <OptionList: override>,
          u'url_session': <OptionList: >,
          u'user_defined_regex': <OptionList: single_regex|regex_file_path>,
          u'wsdl_greper': <OptionList: >,
          u'xss_protection_header': <OptionList: >},
 'infrastructure': {u'afd': <OptionList: >,
                    u'allowed_methods': <OptionList: execOneTime|reportDavOnly>,
                    u'detect_reverse_proxy': <OptionList: >,
                    u'detect_transparent_proxy': <OptionList: >,
                    u'dns_wildcard': <OptionList: >,
                    u'domain_dot': <OptionList: >,
                    'dot_net_errors': {},
                    u'favicon_identification': <OptionList: >,
                    u'find_jboss': <OptionList: >,
                    u'find_vhosts': <OptionList: >,
                    'finger_bing': {},
                    'finger_google': {},
                    'finger_pks': {},
                    u'fingerprint_WAF': <OptionList: >,
                    u'fingerprint_os': <OptionList: >,
                    u'frontpage_version': <OptionList: >,
                    u'halberd': <OptionList: >,
                    u'hmap': <OptionList: gen_fingerprint>,
                    u'http_vs_https_dist': <OptionList: httpPort|httpsPort>,
                    u'php_eggs': <OptionList: >,
                    u'server_header': <OptionList: >,
                    u'server_status': <OptionList: >,
                    'shared_hosting': {},
                    'xssed_dot_com': {},
                    'zone_h': {}},
 'mangle': {'sed': {}},
 'output': {u'console': <OptionList: verbose>,
            'csv_file': {},
            'email_report': {},
            'export_requests': {},
            'html_file': {},
            u'text_file': <OptionList: verbose|output_file|http_output_file>,
            'xml_file': {}}}
andresriancho commented 10 years ago

Duplicates #2154