Hi Andres,
got following degug output when using robotsreader plugin
[ 05/06/09 11:09:41 - information ] A robots.txt file was found at:
https://some.tld/robots.txt;. This information was found in the request with
id 17.
[ 05/06/09 11:09:41 - error ]
[ 05/06/09 11:09:41 - error ]
Hi Andres,
got a buggy charset in a meta tag, which forced following:
---
[ 05/06/09 11:09:40 - debug ] GET https://some.tld/some.do?WSDL returned HTTP
code 204
[ 05/06/09 11:09:40 - debug ] Unhandled exception in xUrllib._send(): unknown
encoding: utf-81
[ 05/06/09 11:09:40 - debug ]
what does following mean?
[ 05/06/09 12:36:03 - vulnerability ] An unidentified web application error was
found at: https://some.tld/report_popup.jsp;. Enable all
plugins and try again, if the error still is not identified, please verify
mannually. And report it to the w3af developers. This
Achim,
On Wed, May 6, 2009 at 6:51 AM, Achim Hoffmann a...@securenet.de wrote:
Hi Andres,
got following degug output when using robotsreader plugin
[ 05/06/09 11:09:41 - information ] A robots.txt file was found at:
https://some.tld/robots.txt;. This information was found in
got 100s of following message in the console window right befor w3af GUI
crashed:
File D:\Programs\w3af\core\data\kb\info.py, line 168, in _convert_to_range
respomse_string += ' ' + self._convert_to_range()
RuntimeError: maximum recursion depth exceeded
Achim
Achim,
On Wed, May 6, 2009 at 8:26 AM, Achim Hoffmann a...@securenet.de wrote:
what does following mean?
[ 05/06/09 12:36:03 - vulnerability ] An unidentified web application error
was
found at: https://some.tld/report_popup.jsp;. Enable all
plugins and try again, if the error still is
Achim,
On Wed, May 6, 2009 at 8:31 AM, Achim Hoffmann a...@securenet.de wrote:
got 100s of following message in the console window right befor w3af GUI
crashed:
File D:\Programs\w3af\core\data\kb\info.py, line 168, in _convert_to_range
respomse_string += ' ' +
Hi Andres,
On Wed, 6 May 2009, Andres Riancho wrote:
!! It means that a request performed by w3af, returned an error 500, but
!! this request/response pair could not be associated with a specific
!! vulnerability like SQL injection. w3af warns you in order for you to
!! manually check this
!! File D:\Programs\w3af\core\data\kb\info.py, line 168, in
_convert_to_range
!! respomse_string += ' ' + self._convert_to_range()
!! RuntimeError: maximum recursion depth exceeded
!!
!!
!! I got that message some times before, but I failed to debug it
!! properly. Could you please
Andres,
sometimes (mainly after changing the Scan config) the [Clear] or
[Start] button right to the target URL is disabled.
Nothing seem to enable it again.
I've to close w3af GUI and start again.
Any ideas?
Achim
--
Achim
On Wed, May 6, 2009 at 9:29 AM, Achim Hoffmann a...@securenet.de wrote:
Andres,
sometimes (mainly after changing the Scan config) the [Clear] or
[Start] button right to the target URL is disabled.
Nothing seem to enable it again.
I've to close w3af GUI and start again.
Any ideas?
Hi Andres,
another nasty thing.
I'll explain first, then see the corresponding debug.
Tried to write a fix, but it seems not that simple without understanding
how w3af works.
Here we go:
* a requests returns with a 302 status response (including a Location
header)
* the given FQDN in
while browsung through the requsts reported by the dav-methods plugin
I detected that the plugin seems to send the request without the
specicified UA, at least the listed request does not contain the
UA header. This is for most, but not all requests.
I guess this is a bug, somehow.
Achim
all the requests reported by the dav-method plugin are shown as
GET
even the description shows multiple DAV methods, the request is always
GET. Is this correct? It's at least confusing, and the reported request
is useless (according the description).
Achim
Some requests are missing in the output logfiles. I guess that are requests
which timed out.
Would not be a problem, but some plugins (at least seen in dav-method plugin)
refer to the id of such requests and then show an empty request and response
tab.
As the information is missing, I can't
The knowledge base under the results tab is a very useful sheet to
get a quick information about the total findigs.
Unfortunatelly some plugins show their findings in different ways.
For example:
strangeHeaders (1)
strangeHeaders (2)
! Strange header
! Strange header
16 matches
Mail list logo
