[Auto-Generated] Bug Report - dc_copy[pname][element_index] = mutant_str

[1d3df9903ad]

User description

No user description was provided for this bug report given that it was related to handled exceptions in scan with id a76693edeb

Version Information

  Python version: 2.7.3 (default, Jul 24 2012, 10:05:38) [GCC 4.7.0 20120507 (Red Hat 4.7.0-5)]
  GTK version: 2.24.13
  PyGTK version: 2.24.0
  w3af version:
    w3af - Web Application Attack and Audit Framework
    Version: 1.5
    Revision: 2371550670 - 13 Jun 2013 13:45
    Author: Andres Riancho and the w3af team.

Traceback

An exception was found while running audit.xss on "http://domain/%%75%46%46%30e\%uF%463%32%%75%46F4%39%uFF%349%uF%46%34%34%%75%46%461%39%u%46F13%uF%46%32d%%75%46%464%65%uF%46%348%u%46%46%31%35%%75%46F26%%75%46F2%32%u%46F%356%%75F%46%353%%75%46%4659%%75%46%46%358%u%46%46%33%30%u%46F%324\%%75FF0%65\%uF%460%65%uFF%2d%312%%75%46F-11%%75FF%30e\%u%46F0e\ | Method: GET | Parameters: (z41Xx="Y", z41Xx="2", z41Xx="7", z41Xx="J", z41Xx="R", z41Xx="R", z41Xx="u", z41Xx="E")". The exception was: "'str' object does not support item assignment" at mutant.py:_create_mutants_worker():274.The full traceback is:
  File "/home/user/w3af/core/controllers/core_helpers/consumers/audit.py", line 111, in _audit
    plugin.audit_with_copy(fuzzable_request, orig_resp)
  File "/home/user/w3af/core/controllers/plugins/audit_plugin.py", line 126, in audit_with_copy
    return self.audit(fuzzable_request.copy(), orig_resp)
  File "/home/user/w3af/plugins/audit/xss.py", line 68, in audit
    fake_mutants = create_mutants(freq, ['',])
  File "/home/user/w3af/core/data/fuzzer/fuzzer.py", line 55, in create_mutants
    fuzzer_config)
  File "/home/user/w3af/core/data/fuzzer/mutants/querystring_mutant.py", line 51, in create_mutants
    append, fuzzer_config)
  File "/home/user/w3af/core/data/fuzzer/mutants/mutant.py", line 274, in _create_mutants_worker
    dc_copy[pname][element_index] = mutant_str

Enabled Plugins

{'attack': {},
 'audit': {'blind_sqli': {},
           'buffer_overflow': {},
           'cors_origin': {},
           'csrf': {},
           'dav': {},
           'eval': {},
           'file_upload': {},
           'format_string': {},
           'frontpage': {},
           'generic': {},
           'global_redirect': {},
           'htaccess_methods': {},
           'ldapi': {},
           'lfi': {},
           'mx_injection': {},
           'os_commanding': {},
           'phishing_vector': {},
           'preg_replace': {},
           'redos': {},
           'response_splitting': {},
           'rfi': {},
           'sqli': {},
           'ssi': {},
           'ssl_certificate': {},
           'un_ssl': {},
           'xpath': {},
           'xss': {},
           'xst': {}},
 'auth': {},
 'bruteforce': {'basic_auth': {}, 'form_auth': {}},
 'crawl': {'content_negotiation': {},
           'dot_listing': {},
           'find_backdoors': {},
           'phishtank': {},
           'phpinfo': {},
           'pykto': {},
           'ria_enumerator': {},
           'robots_txt': {},
           'sitemap_xml': {},
           'url_fuzzer': {},
           'urllist_txt': {},
           'wsdl_finder': {}},
 'evasion': {'backspace_between_dots': {},
             'full_width_encode': {},
             'mod_security': {},
             'reversed_slashes': {},
             'rnd_case': {},
             'rnd_hex_encode': {},
             'rnd_param': {},
             'rnd_path': {},
             'self_reference': {},
             'shift_out_in_between_dots': {},
             'x_forwarded_for': {}},
 'grep': {'ajax': {},
          'analyze_cookies': {},
          'blank_body': {},
          'cache_control': {},
          'clamav': {},
          'click_jacking': {},
          'code_disclosure': {},
          'credit_cards': {},
          'cross_domain_js': {},
          'csp': {},
          'directory_indexing': {},
          'dom_xss': {},
          'dot_net_event_validation': {},
          'error_500': {},
          'error_pages': {},
          'feeds': {},
          'form_autocomplete': {},
          'get_emails': {},
          'hash_analysis': {},
          'html_comments': {},
          'http_auth_detect': {},
          'http_in_body': {},
          'lang': {},
          'meta_tags': {},
          'motw': {},
          'objects': {},
          'oracle': {},
          'password_profiling': {},
          'path_disclosure': {},
          'private_ip': {},
          'ssn': {},
          'strange_headers': {},
          'strange_http_codes': {},
          'strange_parameters': {},
          'strange_reason': {},
          'svn_users': {},
          'symfony': {},
          'url_session': {},
          'user_defined_regex': {},
          'wsdl_greper': {},
          'xss_protection_header': {}},
 'infrastructure': {'afd': {},
                    'allowed_methods': {},
                    'detect_reverse_proxy': {},
                    'detect_transparent_proxy': {},
                    'dns_wildcard': {},
                    'domain_dot': {},
                    'dot_net_errors': {},
                    'favicon_identification': {},
                    'find_jboss': {},
                    'find_vhosts': {},
                    'finger_bing': {},
                    'finger_google': {},
                    'finger_pks': {},
                    'fingerprint_WAF': {},
                    'fingerprint_os': {},
                    'frontpage_version': {},
                    'halberd': {},
                    'hmap': {},
                    'http_vs_https_dist': {},
                    'php_eggs': {},
                    'server_header': {},
                    'server_status': {},
                    'shared_hosting': {},
                    'xssed_dot_com': {},
                    'zone_h': {}},
 'mangle': {},
 'output': {'console': {}, 'csv_file': {}, 'html_file': {}, 'text_file': {}}}

[andresriancho]

Someone experimenting with w3af. Maybe Achim :)