Re: [W3af-users] too many retries

Andres Riancho Fri, 06 May 2011 11:09:23 -0700

Scott,

    Please read inline,


On Fri, May 6, 2011 at 2:17 PM, Scott Bickford <[email protected]> wrote:
> I'm on version:
>
> 1.0-rc5 (from svn server)
> SVN Revision:3968
>
> Shortly after starting I get too many retries then it stops:
>
> Cross site scripting was found at:
> "http://ws7e6ourdomain.com/content/sitesearch/sitesearch.html";, using
> HTTP method GET.  The sent data was "searchterm=<SCrIPT>
> alert("AmTd")</SCrIPT>&Submit=search". This vulnerability affects ALL
> browsers. This vulnerability was found in the request with id 186.
> The thread: <WorkerThread(Thread-3, started daemon -1236673680)>
> raised an exception while running the request: <bound method
> formatString._sendMutant of <plugins.audit.formatString.formatString
> instance at 0xb01e62c>>
> Exception: Too many retries (2) while requesting:
> http://ws7e6ourdomain.com/content/sitesearch/sitesearch.html?searchterm=%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n&Submit=search
> The thread: <WorkerThread(Thread-4, started daemon -1245066384)>
> raised an exception while running the request: <bound method
> formatString._sendMutant of <plugins.audit.formatString.formatString
> instance at 0xb01e62c>>
> Exception: Too many retries (2) while requesting:
> http://ws7e6ourdomain.com/content/sitesearch/sitesearch.html?searchterm=%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n&Submit=search
> Traceback: Traceback (most recent call last):
>  File "/w3af/core/controllers/threads/threadpool.py", line 106, in run
>    self.resultQueue.put( (request, request.callable(*request.args,
> **request.kwds)) )
>  File "/w3af/core/controllers/basePlugin/basePlugin.py", line 179, in
> _sendMutant
>    'grepResult': grepResult, 'useCache': useCache})
>  File "/w3af/core/data/url/xUrllib.py", line 296, in GET
>    return self._send( req , useCache=useCache, grepResult=grepResult)
>  File "/w3af/core/data/url/xUrllib.py", line 531, in _send
>    return self._retry(req, useCache)
>  File "/w3af/core/data/url/xUrllib.py", line 618, in _retry
>    return self._send(req, useCache)
>  File "/w3af/core/data/url/xUrllib.py", line 531, in _send
>    return self._retry(req, useCache)
>  File "/w3af/core/data/url/xUrllib.py", line 625, in _retry
>    raise w3afException(msg)
> w3afException: Too many retries (2) while requesting:
> http://ws7e6ourdomain.com/content/sitesearch/sitesearch.html?searchterm=%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n&Submit=search
>
> Traceback: Traceback (most recent call last):
>  File "/w3af/core/controllers/threads/threadpool.py", line 106, in run
>    self.resultQueue.put( (request, request.callable(*request.args,
> **request.kwds)) )
>  File "/w3af/core/controllers/basePlugin/basePlugin.py", line 179, in
> _sendMutant
>    'grepResult': grepResult, 'useCache': useCache})
>  File "/w3af/core/data/url/xUrllib.py", line 296, in GET
>    return self._send( req , useCache=useCache, grepResult=grepResult)
>  File "/w3af/core/data/url/xUrllib.py", line 531, in _send
>    return self._retry(req, useCache)
>  File "/w3af/core/data/url/xUrllib.py", line 618, in _retry
>    return self._send(req, useCache)
>  File "/w3af/core/data/url/xUrllib.py", line 531, in _send
>    return self._retry(req, useCache)
>  File "/w3af/core/data/url/xUrllib.py", line 625, in _retry
>    raise w3afException(msg)
> w3afException: Too many retries (2) while requesting:
> http://ws7e6ourdomain.com/content/sitesearch/sitesearch.html?searchterm=%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n&Submit=search
>
> Too many retries (2) while requesting:
> http://ws7e6ourdomain.com/content/sitesearch/sitesearch.html?searchterm=%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n&Submit=search
> Too many retries (2) while requesting:
> http://ws7e6ourdomain.com/content/sitesearch/sitesearch.html?searchterm=%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n&Submit=search
> The cookie: "httpReferrer=;path=/;domain=ourdomain.com" was sent by these 
> URLs:
> - http://ws7e6ourdomain.com/
> - http://ws7e6ourdomain.com
>
> Unhandled error, traceback: Traceback (most recent call last):
>  File "/w3af/core/controllers/w3afCore.py", line 419, in start
>    self._realStart()
>  File "/w3af/core/controllers/w3afCore.py", line 609, in _realStart
>    raise e
> w3afException: Too many retries (2) while requesting:
> http://ws7e6ourdomain.com/content/sitesearch/sitesearch.html?searchterm=%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n&Submit=search
>
>
> Too many retries (2) while requesting:
> http://ws7e6ourdomain.com/content/sitesearch/sitesearch.html?searchterm=%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n&Submit=search
>
>
> Any ideas on how to get past this error?

Two different options:
    * Update to the latest version, where that bug is fixed (recommended)
    * Disable audit.formatString (it might crash somewhere else)

> ------------------------------------------------------------------------------
> WhatsUp Gold - Download Free Network Management Software
> The most intuitive, comprehensive, and cost-effective network
> management toolset available today.  Delivers lowest initial
> acquisition cost and overall TCO of any competing solution.
> http://p.sf.net/sfu/whatsupgold-sd
> _______________________________________________
> W3af-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/w3af-users
>



-- 
Andrés Riancho
Director of Web Security at Rapid7 LLC
Founder at Bonsai Information Security
Project Leader at w3af

------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network 
management toolset available today.  Delivers lowest initial 
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users

Re: [W3af-users] too many retries

Reply via email to