search

andresriancho / w3af

w3af: web application attack and audit framework, the open source web vulnerability scanner.
http://w3af.org/
4.56k stars 1.22k forks source link

wordnet unhandled exception: offsets = self._lemma_pos_offset_map[lemma_name][synset.pos] #5949

Closed 1d3df9903ad closed 9 years ago

1d3df9903ad commented 9 years ago

User description

No user description was provided for this bug report given that it was related to handled exceptions in scan with id 7bbc6e9ea2

The user provided the following email address forcontact: muhammedsoner@firat.edu.tr

Version Information

  Python version: 2.7.3 (default, Mar 13 2014, 11:03:55) [GCC 4.7.2]
  GTK version: 2.24.10
  PyGTK version: 2.24.0
  w3af version:
    w3af - Web Application Attack and Audit Framework
    Version: 1.6.0.3
    Distribution: Kali Linux
    Author: Andres Riancho and the w3af team.

Traceback

An exception was found while running crawl.wordnet on "https://domain/%uF%460e\%u%46%46%31%32%u%46%461%32%uFF38%%75FF%343%uF%46%32%32%uF%46%33%32%u%46F%333%u%46F4%64%%75F%46%32%33%%75FF4%61%%75F%46%331%%75F%46%32a%%75F%46%31%35%u%46F%33%61%u%46%4649%%75%46%46%34%36%uF%46%355\%%75%46F%30%65\%%75FF0e%u%46F-12%%75FF-11%u%46F0e\%%75FF0%65\ | Method: GET | Parameters: (9Uqjk="i", 9Uqjk="S", 9Uqjk="f", 9Uqjk="F", 9Uqjk="7", 9Uqjk="e", 9Uqjk="Z", 9Uqjk="1")". The exception was: "'n'" at wordnet.py:_synset_from_pos_and_line():1176.The full traceback is:
  File "/usr/share/w3af/w3af/core/controllers/core_helpers/consumers/crawl_infrastructure.py", line 399, in _discover_worker
    result = plugin.discover_wrapper(fuzzable_request)
  File "/usr/share/w3af/w3af/core/controllers/plugins/crawl_plugin.py", line 47, in crawl_wrapper
    return self.crawl(fuzzable_request_copy)
  File "/usr/share/w3af/w3af/plugins/crawl/wordnet.py", line 62, in crawl
    self.worker_pool.map_multi_args(self._check_existance, args)
  File "/usr/share/w3af/w3af/core/controllers/threads/threadpool.py", line 83, in map_multi_args
    return self.map_async(one_to_many(func), iterable, chunksize).get()
  File "/usr/lib/python2.7/multiprocessing/pool.py", line 303, in map_async
    iterable = list(iterable)
  File "/usr/share/w3af/w3af/plugins/crawl/wordnet.py", line 108, in _generate_qs
    wordnet_result = self._search_wn(orig_content)
  File "/usr/share/w3af/w3af/plugins/crawl/wordnet.py", line 134, in _search_wn
    synset_list = wn.synsets(word)
  File "/usr/lib/python2.7/dist-packages/nltk/corpus/reader/wordnet.py", line 1201, in synsets
    for offset in index[form].get(p, [])]
  File "/usr/lib/python2.7/dist-packages/nltk/corpus/reader/wordnet.py", line 1059, in _synset_from_pos_and_offset
    synset = self._synset_from_pos_and_line(pos, data_file_line)
  File "/usr/lib/python2.7/dist-packages/nltk/corpus/reader/wordnet.py", line 1176, in _synset_from_pos_and_line
    offsets = self._lemma_pos_offset_map[lemma_name][synset.pos]

Enabled Plugins

{'attack': {},
 'audit': {'blind_sqli': {},
           'buffer_overflow': {},
           'cors_origin': {},
           'csrf': {},
           'dav': {},
           'eval': {},
           'file_upload': {},
           'format_string': {},
           'frontpage': {},
           'generic': {},
           'global_redirect': {},
           'htaccess_methods': {},
           'ldapi': {},
           'lfi': {},
           'mx_injection': {},
           'os_commanding': {},
           'phishing_vector': {},
           'preg_replace': {},
           'redos': {},
           'response_splitting': {},
           'rfi': {},
           'sqli': {},
           'ssi': {},
           'ssl_certificate': {},
           'un_ssl': {},
           'xpath': {},
           'xss': {},
           'xst': {}},
 'auth': {'detailed': {}},
 'bruteforce': {'basic_auth': {}, 'form_auth': {}},
 'crawl': {'archive_dot_org': {},
           'bing_spider': {},
           'content_negotiation': {},
           'digit_sum': {},
           'dir_file_bruter': {},
           'dot_listing': {},
           'find_backdoors': {},
           'find_captchas': {},
           'find_dvcs': {},
           'genexus_xml': {},
           'ghdb': {},
           'google_spider': {},
           'import_results': {},
           'oracle_discovery': {},
           'phishtank': {},
           'phpinfo': {},
           'pykto': {},
           'ria_enumerator': {},
           'robots_txt': {},
           'sitemap_xml': {},
           'spider_man': {},
           'url_fuzzer': {},
           'urllist_txt': {},
           'user_dir': {},
           'web_diff': {},
           'web_spider': {},
           'wordnet': {},
           'wordpress_enumerate_users': {},
           'wordpress_fingerprint': {},
           'wordpress_fullpathdisclosure': {},
           'wsdl_finder': {}},
 'evasion': {'backspace_between_dots': {},
             'full_width_encode': {},
             'mod_security': {},
             'reversed_slashes': {},
             'rnd_case': {},
             'rnd_hex_encode': {},
             'rnd_param': {},
             'rnd_path': {},
             'self_reference': {},
             'shift_out_in_between_dots': {},
             'x_forwarded_for': {}},
 'grep': {'ajax': {},
          'analyze_cookies': {},
          'blank_body': {},
          'cache_control': {},
          'clamav': {},
          'click_jacking': {},
          'code_disclosure': {},
          'credit_cards': {},
          'cross_domain_js': {},
          'csp': {},
          'directory_indexing': {},
          'dom_xss': {},
          'dot_net_event_validation': {},
          'error_500': {},
          'error_pages': {},
          'feeds': {},
          'form_autocomplete': {},
          'get_emails': {},
          'hash_analysis': {},
          'html_comments': {},
          'http_auth_detect': {},
          'http_in_body': {},
          'lang': {},
          'meta_tags': {},
          'motw': {},
          'objects': {},
          'oracle': {},
          'password_profiling': {},
          'path_disclosure': {},
          'private_ip': {},
          'ssn': {},
          'strange_headers': {},
          'strange_http_codes': {},
          'strange_parameters': {},
          'strange_reason': {},
          'svn_users': {},
          'symfony': {},
          'url_session': {},
          'user_defined_regex': {},
          'wsdl_greper': {},
          'xss_protection_header': {}},
 'infrastructure': {'afd': {},
                    'allowed_methods': {},
                    'detect_reverse_proxy': {},
                    'detect_transparent_proxy': {},
                    'dns_wildcard': {},
                    'domain_dot': {},
                    'dot_net_errors': {},
                    'favicon_identification': {},
                    'find_jboss': {},
                    'find_vhosts': {},
                    'finger_bing': {},
                    'finger_google': {},
                    'finger_pks': {},
                    'fingerprint_WAF': {},
                    'fingerprint_os': {},
                    'frontpage_version': {},
                    'halberd': {},
                    'hmap': {},
                    'http_vs_https_dist': {},
                    'php_eggs': {},
                    'server_header': {},
                    'server_status': {},
                    'shared_hosting': {},
                    'xssed_dot_com': {},
                    'zone_h': {}},
 'mangle': {'sed': {}},
 'output': {u'console': <OptionList: verbose>}}
andresriancho commented 9 years ago

This was fixed in later versions