search

andresriancho / w3af

w3af: web application attack and audit framework, the open source web vulnerability scanner.
http://w3af.org/
4.55k stars 1.22k forks source link

[Auto-Generated] Bug Report - current_response_wait_time = response.get_wait_time() #454

Closed 1d3df9903ad closed 11 years ago

1d3df9903ad commented 11 years ago

User description

No user description was provided for this bug report given that it was related to handled exceptions in scan with id 0b7ecf6ee7

Version Information

  Python version: 2.7.4 (default, Apr 19 2013, 18:28:01) [GCC 4.7.3]
  GTK version: 2.24.17
  PyGTK version: 2.24.0
  w3af version:
    w3af - Web Application Attack and Audit Framework
    Version: 1.5
    Revision: 7731e36eb4 - 10  6月 2013 21:56
    Author: Andres Riancho and the w3af team.

Traceback

An exception was found while running audit.os_commanding on "http://domain/search.php | Method: GET | Parameters: (keyword="提醒您请输入您要搜索...", pagelist="")". The exception was: "'NoneType' object has no attribute 'get_wait_time'" at exact_delay_controller.py:delay_for():115.The full traceback is:
  File "/home/user/Program/w3af/core/controllers/core_helpers/consumers/audit.py", line 111, in _audit
    plugin.audit_with_copy(fuzzable_request, orig_resp)
  File "/home/user/Program/w3af/core/controllers/plugins/audit_plugin.py", line 126, in audit_with_copy
    return self.audit(fuzzable_request.copy(), orig_resp)
  File "/home/user/Program/w3af/plugins/audit/os_commanding.py", line 74, in audit
    self._with_time_delay(freq)
  File "/home/user/Program/w3af/plugins/audit/os_commanding.py", line 153, in _with_time_delay
    success, responses = ed.delay_is_controlled()
  File "/home/user/Program/w3af/core/controllers/delay_detection/exact_delay_controller.py", line 86, in delay_is_controlled
    success, response = self.delay_for(delay, original_wait_time)
  File "/home/user/Program/w3af/core/controllers/delay_detection/exact_delay_controller.py", line 115, in delay_for
    current_response_wait_time = response.get_wait_time()

Enabled Plugins

{'attack': {},
 'audit': {u'blind_sqli': <OptionList: eq_limit>,
           u'buffer_overflow': <OptionList: >,
           u'csrf': <OptionList: >,
           u'dav': <OptionList: >,
           u'eval': <OptionList: use_time_delay|use_echo>,
           u'file_upload': <OptionList: extensions>,
           u'format_string': <OptionList: >,
           u'frontpage': <OptionList: >,
           u'generic': <OptionList: diff_ratio>,
           u'global_redirect': <OptionList: >,
           u'htaccess_methods': <OptionList: >,
           u'ldapi': <OptionList: >,
           u'lfi': <OptionList: >,
           u'mx_injection': <OptionList: >,
           u'os_commanding': <OptionList: >,
           u'phishing_vector': <OptionList: >,
           u'preg_replace': <OptionList: >,
           u'redos': <OptionList: >,
           u'response_splitting': <OptionList: >,
           u'rfi': <OptionList: listen_address|listen_port|use_w3af_site>,
           u'sqli': <OptionList: >,
           u'ssi': <OptionList: >,
           u'ssl_certificate': <OptionList: minExpireDays|caFileName>,
           u'un_ssl': <OptionList: >,
           u'xpath': <OptionList: >,
           u'xss': <OptionList: persistent_xss>,
           u'xst': <OptionList: >},
 'auth': {},
 'bruteforce': {},
 'crawl': {u'bing_spider': <OptionList: result_limit>,
           u'oracle_discovery': <OptionList: >,
           u'phishtank': <OptionList: >,
           u'phpinfo': <OptionList: >,
           u'robots_txt': <OptionList: >,
           u'sitemap_xml': <OptionList: >,
           u'user_dir': <OptionList: identify_os|identify_apps>,
           u'web_spider': <OptionList: only_forward|follow_regex|ignore_regex>},
 'evasion': {},
 'grep': {u'ajax': <OptionList: >,
          u'analyze_cookies': <OptionList: >,
          u'blank_body': <OptionList: >,
          u'click_jacking': <OptionList: >,
          u'code_disclosure': <OptionList: >,
          u'credit_cards': <OptionList: >,
          u'directory_indexing': <OptionList: >,
          u'dom_xss': <OptionList: >,
          u'dot_net_event_validation': <OptionList: >,
          u'error_500': <OptionList: >,
          u'error_pages': <OptionList: >,
          u'feeds': <OptionList: >,
          u'file_upload': <OptionList: >,
          u'form_autocomplete': <OptionList: >,
          u'get_emails': <OptionList: only_target_domain>,
          u'hash_analysis': <OptionList: >,
          u'html_comments': <OptionList: >,
          u'http_auth_detect': <OptionList: >,
          u'http_in_body': <OptionList: >,
          u'lang': <OptionList: >,
          u'meta_tags': <OptionList: >,
          u'motw': <OptionList: >,
          u'objects': <OptionList: >,
          u'oracle': <OptionList: >,
          u'password_profiling': <OptionList: >,
          u'path_disclosure': <OptionList: >,
          u'private_ip': <OptionList: >,
          u'ssn': <OptionList: >,
          u'strange_headers': <OptionList: >,
          u'strange_http_codes': <OptionList: >,
          u'strange_parameters': <OptionList: >,
          u'strange_reason': <OptionList: >,
          u'svn_users': <OptionList: >,
          u'symfony': <OptionList: override>,
          u'wsdl_greper': <OptionList: >},
 'infrastructure': {u'afd': <OptionList: >,
                    u'allowed_methods': <OptionList: execOneTime|reportDavOnly>,
                    u'detect_reverse_proxy': <OptionList: >,
                    u'detect_transparent_proxy': <OptionList: >,
                    u'dns_wildcard': <OptionList: >,
                    u'dot_net_errors': <OptionList: >,
                    u'find_vhosts': <OptionList: >,
                    'finger_bing': {},
                    'finger_google': {},
                    'finger_pks': {},
                    u'fingerprint_WAF': <OptionList: >,
                    u'fingerprint_os': <OptionList: >,
                    'frontpage_version': {},
                    u'halberd': <OptionList: >,
                    u'hmap': <OptionList: genFpF>,
                    u'php_eggs': <OptionList: >,
                    u'server_header': <OptionList: >,
                    u'server_status': <OptionList: >,
                    u'shared_hosting': <OptionList: result_limit>},
 'mangle': {},
 'output': {u'console': <OptionList: verbose>}}
andresriancho commented 11 years ago

Fixed by 05fe09b781b873fe16abc48cf13773f2039617ed