search

andresriancho / w3af

w3af: web application attack and audit framework, the open source web vulnerability scanner.
http://w3af.org/
4.58k stars 1.22k forks source link

password_profiling merge_maps: old_data[d] = data[d] #2429

Closed 1d3df9903ad closed 10 years ago

1d3df9903ad commented 10 years ago

User description

No user description was provided for this bug report given that it was related to handled exceptions in scan with id e72afe5480

Version Information

  Python version: 2.7.3 (default, Mar 13 2014, 11:03:55) [GCC 4.7.2]
  GTK version: 2.24.10
  PyGTK version: 2.24.0
  w3af version:
    w3af - Web Application Attack and Audit Framework
    Version: 1.6.0.2
    Distribution: Kali Linux
    Author: Andres Riancho and the w3af team.

Traceback

An exception was found while running grep.password_profiling on "http://domain/ | Method: GET". The exception was: "list indices must be integers, not str" at password_profiling.py:merge_maps():150.The full traceback is:
  File "/usr/share/w3af/w3af/core/controllers/core_helpers/consumers/grep.py", line 76, in run
    plugin.grep_wrapper(request, response)
  File "/usr/share/w3af/w3af/core/controllers/plugins/grep_plugin.py", line 51, in grep_wrapper
    self.grep(fuzzable_request, response)
  File "/usr/share/w3af/w3af/plugins/grep/password_profiling.py", line 80, in grep
    self.captured_lang)
  File "/usr/share/w3af/w3af/plugins/grep/password_profiling.py", line 150, in merge_maps
    old_data[d] = data[d]

Enabled Plugins

{'attack': {},
 'audit': {'blind_sqli': {},
           'buffer_overflow': {},
           'cors_origin': {},
           'csrf': {},
           'dav': {},
           'eval': {},
           'file_upload': {},
           'format_string': {},
           'frontpage': {},
           'generic': {},
           'global_redirect': {},
           'htaccess_methods': {},
           'ldapi': {},
           'lfi': {},
           'mx_injection': {},
           'os_commanding': {},
           'phishing_vector': {},
           'preg_replace': {},
           'redos': {},
           'response_splitting': {},
           'rfi': {},
           'sqli': {},
           'ssi': {},
           'ssl_certificate': {},
           'un_ssl': {},
           'xpath': {},
           'xss': {},
           'xst': {}},
 'auth': {'detailed': {}},
 'bruteforce': {'basic_auth': {}, 'form_auth': {}},
 'crawl': {},
 'evasion': {},
 'grep': {'ajax': {},
          'analyze_cookies': {},
          'blank_body': {},
          'cache_control': {},
          'clamav': {},
          'click_jacking': {},
          'code_disclosure': {},
          'credit_cards': {},
          'cross_domain_js': {},
          'csp': {},
          'directory_indexing': {},
          'dom_xss': {},
          'dot_net_event_validation': {},
          'error_500': {},
          'error_pages': {},
          'feeds': {},
          'form_autocomplete': {},
          'get_emails': {},
          'hash_analysis': {},
          'html_comments': {},
          'http_auth_detect': {},
          'http_in_body': {},
          'lang': {},
          'meta_tags': {},
          'motw': {},
          'objects': {},
          'oracle': {},
          'password_profiling': {},
          'path_disclosure': {},
          'private_ip': {},
          'ssn': {},
          'strange_headers': {},
          'strange_http_codes': {},
          'strange_parameters': {},
          'strange_reason': {},
          'svn_users': {},
          'symfony': {},
          'url_session': {},
          'user_defined_regex': {},
          'wsdl_greper': {},
          'xss_protection_header': {}},
 'infrastructure': {'afd': {},
                    'allowed_methods': {},
                    'detect_reverse_proxy': {},
                    'detect_transparent_proxy': {},
                    'dns_wildcard': {},
                    'domain_dot': {},
                    'dot_net_errors': {},
                    'favicon_identification': {},
                    'find_jboss': {},
                    'find_vhosts': {},
                    'finger_bing': {},
                    'finger_google': {},
                    'finger_pks': {},
                    'fingerprint_WAF': {},
                    'fingerprint_os': {},
                    'frontpage_version': {},
                    'halberd': {},
                    'hmap': {},
                    'http_vs_https_dist': {},
                    'php_eggs': {},
                    'server_header': {},
                    'server_status': {},
                    'shared_hosting': {},
                    'xssed_dot_com': {},
                    'zone_h': {}},
 'mangle': {'sed': {}},
 'output': {u'console': <OptionList: verbose>}}
andresriancho commented 10 years ago

Related with https://github.com/andresriancho/w3af/commit/ff8b2a5ebd316aadc4bd70bef096d62285bd6df1

703