Martin,
On Fri, Aug 27, 2010 at 5:25 PM, Martin Alderete <malder...@gmail.com> wrote:
> Hi everybody!
>
> How is it going?
> I found a bug using w3af in console mode, exactly when I try to quit from
> the NO ROOT MENU.
> Iam running the last SVN version!
> Here I wrote down my session for check the error.
>
> tin...@sherly-l:{ ~/proyectos/w3af }$ ./w3af_console
> w3af>>> plugins
> w3af/plugins>>> exit
> w3af/plugins>>> Traceback (most recent call last):
> File "./w3af_console", line 96, in <module>
> errCode = main()
> File "./w3af_console", line 92, in main
> console.sh()
> File "/home/tincho/proyectos/w3af/core/ui/consoleUi/consoleUi.py", line
> 120, in sh
> self._context.join()
> AttributeError: pluginsMenu instance has no attribute 'join'
> tin...@sherly-l:{ ~/proyectos/w3af }$
>
> As you can see the problem is when i try to quit from "w3af/plugins"(no root
> menu), it really happend with any module(plugins, exploit....)
> I have debugged the file core/ui/consoleUi/consoleUi.py in line 120 and I
> found the following code:
>
> if not hasattr(self, '_parent'):
> self._w3af.quit()
> self._context.join()
> om.out.console(self._randomMessage())
>
> The code above ask for "not _parent in self" that is always TRUE because
> consoleUI instance doesn't have _parent attribute.
> But that is not the problem, the error is raised on the
> "self._context.join()" method call. The self._context attribute reference
> the "current" menu(where we are), so we could have a "rootMenu" or a
> "pluginMenu" both of them are "menu"'s subclass, but only rootMenu implement
> the "join()" method. so I have patched the code by adding the "join" method
> to core/ui/consoleUi/menu.py in the menu class (Top level class of rootMenu
> and pluginsMenu), with that change the code doesn't fail anymore and the
> rootMenu class re-implemments the join method so all looks good =)!
>
> here is the added join method:
>
> core/ui/consoleUi/menu.py
>
> def join(self):
> '''
> This is a abstract method to emulate the join
> method on a thread, by default DO NOTHING
> '''
> pass
>
>
> I appreciate if somebody could check it!
Verified that the bug exists.
Verified that your patch fixes the vulnerability.
Commited the change, ahhhh, if everything would be so easy! :)
Regards,
> Cheers,
>
> --
> Alderete, Martin Nicolas
> Senior Python Developer
>
>
--
Andrés Riancho
Founder, Bonsai - Information Security
http://www.bonsai-sec.com/
http://w3af.sf.net/
------------------------------------------------------------------------------
This SF.net Dev2Dev email is sponsored by:
Show off your parallel programming skills.
Enter the Intel(R) Threading Challenge 2010.
http://p.sf.net/sfu/intel-thread-sfd
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
