search

andresriancho / w3af

w3af: web application attack and audit framework, the open source web vulnerability scanner.
http://w3af.org/
4.57k stars 1.22k forks source link

[Auto-Generated] Bug Report - if rfi_data.rfi_result in response: #473

Closed 1d3df9903ad closed 11 years ago

1d3df9903ad commented 11 years ago

User description

No user description was provided for this bug report given that it was related to handled exceptions in scan with id b150f60aba

Version Information

  Python version: 2.7.4 (default, Apr 19 2013, 18:28:01) [GCC 4.7.3]
  GTK version: 2.24.17
  PyGTK version: 2.24.0
  w3af version:
    w3af - Web Application Attack and Audit Framework
    Version: 1.5
    Revision: db956b8abd - 17  6月 2013 12:20
    Author: Andres Riancho and the w3af team.

Traceback

An exception was found while running audit.rfi on "http://domain/app/member/login.php | Method: POST | Parameters: (uid2="guest", SS="", SR="", TS="", username="帐号", passwd="xx@x@x.x", rmNum="验证码")". The exception was: "argument of type 'NoneType' is not iterable" at rfi.py:_analyze_result():300.The full traceback is:
  File "/home/user/w3af/core/controllers/core_helpers/consumers/audit.py", line 111, in _audit
    plugin.audit_with_copy(fuzzable_request, orig_resp)
  File "/home/user/w3af/core/controllers/plugins/audit_plugin.py", line 126, in audit_with_copy
    return self.audit(fuzzable_request.copy(), orig_resp)
  File "/home/user/w3af/plugins/audit/rfi.py", line 89, in audit
    self._w3af_site_test_inclusion(freq, orig_response)
  File "/home/user/w3af/plugins/audit/rfi.py", line 249, in _w3af_site_test_inclusion
    self._test_inclusion(freq, rfi_data, orig_response)
  File "/home/user/w3af/plugins/audit/rfi.py", line 266, in _test_inclusion
    analyze_result_par)
  File "/home/user/w3af/core/controllers/plugins/plugin.py", line 200, in _send_mutants_in_threads
    callback(mutant, http_response)
  File "/home/user/w3af/plugins/audit/rfi.py", line 300, in _analyze_result
    if rfi_data.rfi_result in response:

Enabled Plugins

{'attack': {},
 'audit': {u'blind_sqli': <OptionList: eq_limit>,
           u'buffer_overflow': <OptionList: >,
           u'csrf': <OptionList: >,
           u'dav': <OptionList: >,
           u'eval': <OptionList: use_time_delay|use_echo>,
           u'file_upload': <OptionList: extensions>,
           u'format_string': <OptionList: >,
           u'frontpage': <OptionList: >,
           u'generic': <OptionList: diff_ratio>,
           u'global_redirect': <OptionList: >,
           u'htaccess_methods': <OptionList: >,
           u'ldapi': <OptionList: >,
           u'lfi': <OptionList: >,
           u'mx_injection': <OptionList: >,
           u'os_commanding': <OptionList: >,
           u'phishing_vector': <OptionList: >,
           u'preg_replace': <OptionList: >,
           u'redos': <OptionList: >,
           u'response_splitting': <OptionList: >,
           u'rfi': <OptionList: listen_address|listen_port|use_w3af_site>,
           u'sqli': <OptionList: >,
           u'ssi': <OptionList: >,
           u'ssl_certificate': <OptionList: minExpireDays|caFileName>,
           u'un_ssl': <OptionList: >,
           u'xpath': <OptionList: >,
           u'xss': <OptionList: persistent_xss>,
           u'xst': <OptionList: >},
 'auth': {},
 'bruteforce': {},
 'crawl': {u'bing_spider': <OptionList: result_limit>,
           u'oracle_discovery': <OptionList: >,
           u'phishtank': <OptionList: >,
           u'phpinfo': <OptionList: >,
           u'robots_txt': <OptionList: >,
           u'sitemap_xml': <OptionList: >,
           u'user_dir': <OptionList: identify_os|identify_apps>,
           u'web_spider': <OptionList: only_forward|follow_regex|ignore_regex>},
 'evasion': {},
 'grep': {u'ajax': <OptionList: >,
          u'analyze_cookies': <OptionList: >,
          u'blank_body': <OptionList: >,
          u'click_jacking': <OptionList: >,
          u'code_disclosure': <OptionList: >,
          u'credit_cards': <OptionList: >,
          u'directory_indexing': <OptionList: >,
          u'dom_xss': <OptionList: >,
          u'dot_net_event_validation': <OptionList: >,
          u'error_500': <OptionList: >,
          u'error_pages': <OptionList: >,
          u'feeds': <OptionList: >,
          u'file_upload': <OptionList: >,
          u'form_autocomplete': <OptionList: >,
          u'get_emails': <OptionList: only_target_domain>,
          u'hash_analysis': <OptionList: >,
          u'html_comments': <OptionList: >,
          u'http_auth_detect': <OptionList: >,
          u'http_in_body': <OptionList: >,
          u'lang': <OptionList: >,
          u'meta_tags': <OptionList: >,
          u'motw': <OptionList: >,
          u'objects': <OptionList: >,
          u'oracle': <OptionList: >,
          u'password_profiling': <OptionList: >,
          u'path_disclosure': <OptionList: >,
          u'private_ip': <OptionList: >,
          u'ssn': <OptionList: >,
          u'strange_headers': <OptionList: >,
          u'strange_http_codes': <OptionList: >,
          u'strange_parameters': <OptionList: >,
          u'strange_reason': <OptionList: >,
          u'svn_users': <OptionList: >,
          u'symfony': <OptionList: override>,
          u'wsdl_greper': <OptionList: >},
 'infrastructure': {u'afd': <OptionList: >,
                    u'allowed_methods': <OptionList: execOneTime|reportDavOnly>,
                    u'detect_reverse_proxy': <OptionList: >,
                    u'detect_transparent_proxy': <OptionList: >,
                    u'dns_wildcard': <OptionList: >,
                    u'dot_net_errors': <OptionList: >,
                    u'find_vhosts': <OptionList: >,
                    'finger_bing': {},
                    'finger_google': {},
                    'finger_pks': {},
                    u'fingerprint_WAF': <OptionList: >,
                    u'fingerprint_os': <OptionList: >,
                    'frontpage_version': {},
                    u'halberd': <OptionList: >,
                    u'hmap': <OptionList: genFpF>,
                    u'php_eggs': <OptionList: >,
                    u'server_header': <OptionList: >,
                    u'server_status': <OptionList: >,
                    u'shared_hosting': <OptionList: result_limit>},
 'mangle': {},
 'output': {u'console': <OptionList: verbose>}}
andresriancho commented 11 years ago

Fixed by 05fe09b781b873fe16abc48cf13773f2039617ed