Hi Andres and Co, Been playing with w3af today and had the following error during the xss audit plugin:
---------------------- Traceback (most recent call last): File "/home/christian/w3af/w3af/core/ui/gtkUi/main.py", line 588, in startScanWrap self.w3af.start() File "/home/christian/w3af/w3af/core/controllers/w3afCore.py", line 411, in start self._realStart() File "/home/christian/w3af/w3af/core/controllers/w3afCore.py", line 520, in _realStart self._audit() File "/home/christian/w3af/w3af/core/controllers/w3afCore.py", line 854, in _audit plugin.end() File "/home/christian/w3af/w3af/plugins/audit/xss.py", line 413, in end msg += ' URL: ' + mutant.getURL()+ '. ' + mutant.printModValue() File "/home/christian/w3af/w3af/core/data/fuzzer/mutant.py", line 85, in printModValue return 'The sent '+ self.getMutantType() +' is: "' + self.getData() + '" .' TypeError: cannot concatenate 'str' and 'form' objects ----------------------------- The version details of w3af I'm using are: ----------------------------- Starting w3af, running on: Python version: 2.5.2 (r252:60911, Oct 5 2008, 19:24:49) [GCC 4.3.2] GTK version: 2.14.4 PyGTK version: 2.13.0 w3af - Web Application Attack and Audit Framework Version: 1.1 (from SVN server) Revision: 3021 Author: Andres Riancho and the w3af team. ------------------------------ I made a slight change in the w3af/plugins/audit/xss.py as commented below (from line 411): ------------------------------ msg = 'Permanent Cross Site Scripting was found at: ' + response.getURL() msg += ' . Using method: ' + v.getMethod() + '. The XSS was sent to the' #CF 28/08/09 - original line below - new line below that #msg += ' URL: ' + mutant.getURL()+ '. ' + mutant.printModValue() msg += ' URL: ' + mutant.getURL() ------------------------------ This seemed to resolve the problem but I don't think the above is anything more than a bad hack. Unsure if the actual fault lied within w3af/core/data/fuzzer/mutant.py getData() function. Awesome work Andres! Regards, Christian -- Christian Frichot e: xnt...@gmail.com w: http://un-excogitate.org ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop