Re: [W3af-users] Crash while scanning

[Chris Clements]

Andres,

From:  Andres Riancho <andres.rian...@gmail.com>
Date:  Wed, 9 Mar 2011 16:37:30 -0300
To:  Chris Clements <ccleme...@flatearth.net>
Cc:  <w3af-users@lists.sourceforge.net>
Subject:  Re: [W3af-users] Crash while scanning

Chris,

On Tue, Mar 1, 2011 at 12:37 PM, Chris Clements <ccleme...@flatearth.net>
<mailto:ccleme...@flatearth.net>>  wrote:
> Andres,
> From: Andres Riancho <andres.rian...@gmail.com>
<mailto:andres.rian...@gmail.com>>
> Date: Mon, 28 Feb 2011 15:55:05 -0300
> To: Chris Clements <ccleme...@flatearth.net> <mailto:ccleme...@flatearth.net>>
> Cc: <w3af-users@lists.sourceforge.net>
<mailto:w3af-users@lists.sourceforge.net>>
> Subject: Re: [W3af-users] Crash while scanning
>
> Chris,
>
> On Mon, Feb 28, 2011 at 1:19 PM, Chris Clements <ccleme...@flatearth.net>
<mailto:ccleme...@flatearth.net>>
> wrote:
>> Andres,
>> On Feb 26, 2011, at 1:56 PM, Andres Riancho wrote:
>>
>> Chris,
>>
>> On Wed, Feb 23, 2011 at 4:07 PM, Christopher Clements
>> <christopher.a.cleme...@gmail.com> <mailto:christopher.a.cleme...@gmail.com>>
wrote:
>>> Python version:
>>> 2.6.6 (r266:84292, Sep 15 2010, 16:22:56)
>>> [GCC 4.4.5]
>>> GTK version:2.22.0
>>> PyGTK version:2.21.0
>>>
>>> w3af - Web Application Attack and Audit Framework
>>> Version: 1.1 (from SVN server)
>>> Revision: 4054
>>> Author: Andres Riancho and the w3af team.Traceback (most recent call
>>> last):
>>>   File "/root/tools/w3af/trunk/core/ui/gtkUi/main.py", line 635, in
>>> startScanWrap
>>>     self.w3af.start()
>>>   File "/root/tools/w3af/trunk/core/controllers/w3afCore.py", line 418,
>>> in
>>> start
>>>     self._realStart()
>>>   File "/root/tools/w3af/trunk/core/controllers/w3afCore.py", line 618,
>>> in
>>> _realStart
>>>     raise e
>>> w3afException: Too many retries (2) while requesting:
>>> http://server01.somedomain.net/webmail/src/redirect.php
>
>>> This redirect.php script is the URL that's requested? Is that the URL
>>> you set in the target? What happens if you set another URL?
>
> The URL set for the target is simply the
> root http://server01.somedomain.net/
> The webspider crawls the site until it hits the redirect page, then bombs
> out with the aforementioned error.

> "/webmail/src/redirect.php" sounds like squirrelmail to me. Am I
> right? Which version of Squirrelmail are you guys using? Any
> customizations to the code? I'm thinking about setting up out own
> squirrelmail installation in order to try to reproduce this issue.

Indeed it is.  Version 1.4.20.  No customizations that I know of.  It's  a
vanilla load from OSX server.

> Regards,
> --
> Andrés Riancho
> Director of Web Security at Rapid7 LLC
> Founder at Bonsai Information Security
> Project Leader at w3af

  
   
  
------------------------------------------------------------------------------
Colocation vs. Managed Hosting
A question and answer guide to determining the best fit
for your organization - today and in the future.
http://p.sf.net/sfu/internap-sfd2d
_______________________________________________
W3af-users mailing list
W3af-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-users