[W3af-users] w3af - stops responding on windows

Wed, 22 Jun 2011 06:13:17 -0700 

Hello w3af-Support,

is there a solution for this:

I try to scan my website with full audit - output to html. It takes four 
hours and at the beginning w3af is working hard. I can see this in the 
Network Analyser. There is traffic. But at the end w3af stops responding 
even the gui window stops refreshing. The console is showing the text in 
the attached file w3af.txt. There is no traffic on the lan. The size of 
the report html outputfile is 0KB. I can see the website in the browser. 
In the Taskmanager Python.exe is working around 50% CPU-Load. But its not 
getting to an end.

What can I do? Please help.

Thanks for any hint in advance.


Mit freundlichem Gruß
Sincerely

Andreas


make IT GmbH
Geschäftsführer: Roger Hofmann, Jörg Arnold
Sitz des Unternehmens: Chemnitz
Eingetragen: Amtsgericht Chemnitz, Reg.-Nr. HRB 19301

Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. 
Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten 
haben, informieren Sie bitte sofort den Absender oder vernichten Sie diese 
E-Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail 
ist nicht gestattet.



Hint #1: Try to find vulnerabilities using the audit plugins.
Hint #2: Use the set command to enter the values yourself, and then exploit it u
sing fastExploit.
No [blind] SQL injection vulnerabilities have been found.
Hint #1: Try to find vulnerabilities using the audit plugins.
Hint #2: Use the set command to enter the values yourself, and then exploit it u
sing fastExploit.
An arbitrary local file read vulnerability was found at: "http://www.vms.de/cgi-
bin/download.pl", using HTTP method GET. The sent data was: "lang=download.pl&id
=632&styp=1&navid=1286". The modified parameter was "lang". This vulnerability w
as found in the request with id 25178.
An arbitrary local file read vulnerability was found at: "http://www.vms.de/cgi-
bin/download.pl", using HTTP method GET. The sent data was: "lang=de&id=632&styp
=download.pl&navid=1286". The modified parameter was "styp". This vulnerability
was found in the request with id 25212.
An arbitrary local file read vulnerability was found at: "http://www.vms.de/cgi-
bin/download.pl", using HTTP method GET. The sent data was: "lang=de&id=632&styp
=1&navid=download.pl". The modified parameter was "navid". This vulnerability wa
s found in the request with id 25214.
No [blind] SQL injection vulnerabilities have been found.
Hint #1: Try to find vulnerabilities using the audit plugins.
Hint #2: Use the set command to enter the values yourself, and then exploit it u
sing fastExploit.
No [blind] SQL injection vulnerabilities have been found.
Hint #1: Try to find vulnerabilities using the audit plugins.
Hint #2: Use the set command to enter the values yourself, and then exploit it u
sing fastExploit.
No [blind] SQL injection vulnerabilities have been found.
Hint #1: Try to find vulnerabilities using the audit plugins.
Hint #2: Use the set command to enter the values yourself, and then exploit it u
sing fastExploit.
No [blind] SQL injection vulnerabilities have been found.
Hint #1: Try to find vulnerabilities using the audit plugins.
Hint #2: Use the set command to enter the values yourself, and then exploit it u
sing fastExploit.
No [blind] SQL injection vulnerabilities have been found.
Hint #1: Try to find vulnerabilities using the audit plugins.
Hint #2: Use the set command to enter the values yourself, and then exploit it u
sing fastExploit.
No [blind] SQL injection vulnerabilities have been found.
Hint #1: Try to find vulnerabilities using the audit plugins.
Hint #2: Use the set command to enter the values yourself, and then exploit it u
sing fastExploit.
No [blind] SQL injection vulnerabilities have been found.
Hint #1: Try to find vulnerabilities using the audit plugins.
Hint #2: Use the set command to enter the values yourself, and then exploit it u
sing fastExploit.
No [blind] SQL injection vulnerabilities have been found.
Hint #1: Try to find vulnerabilities using the audit plugins.
Hint #2: Use the set command to enter the values yourself, and then exploit it u
sing fastExploit.
The "pathDisclosure" plugin took more than 5 seconds to run. For a plugin that s
hould only perform pattern matching, this is too much, please review its source
code.
Exception in thread Thread-17:
Traceback (most recent call last):
  File "C:\Program Files (x86)\w3af\Python26\lib\threading.py", line 532, in __b
ootstrap_inner
    self.run()
  File "C:\Program Files (x86)\w3af\w3af\core\controllers\threads\threadpool.py"
, line 108, in run
    self.resultQueue.put( (request, request.callable(*request.args, **request.kw
ds)) )
  File "C:\Program Files (x86)\w3af\w3af\core\controllers\basePlugin\basePlugin.
py", line 197, in _sendMutant
    grepResult=grepResult, useCache=useCache)
  File "C:\Program Files (x86)\w3af\w3af\core\controllers\basePlugin\basePlugin.
py", line 262, in meth
    return attr(*args, **kwargs)
  File "C:\Program Files (x86)\w3af\w3af\core\data\url\xUrllib.py", line 359, in
 POST
    return self._send( req , grepResult=grepResult, useCache=useCache)
  File "C:\Program Files (x86)\w3af\w3af\core\data\url\xUrllib.py", line 483, in
 _send
    self._callBeforeSend()
  File "C:\Program Files (x86)\w3af\w3af\core\data\url\xUrllib.py", line 109, in
 _callBeforeSend
    self._sleepIfPausedDieIfStopped()
  File "C:\Program Files (x86)\w3af\w3af\core\data\url\xUrllib.py", line 138, in
 _sleepIfPausedDieIfStopped
    raise KeyboardInterrupt
KeyboardInterrupt

Scan finished in 4 hours 36 minutes 3 seconds.
Traceback (most recent call last):
  File "C:\Program Files (x86)\w3af\w3af\core\ui\gtkUi\main.py", line 642, in st
artScanWrap
    self.w3af.start()
  File "C:\Program Files (x86)\w3af\w3af\core\controllers\w3afCore.py", line 441
, in start
    self._realStart()
  File "C:\Program Files (x86)\w3af\w3af\core\controllers\w3afCore.py", line 651
, in _realStart
    self._audit()
  File "C:\Program Files (x86)\w3af\w3af\core\controllers\w3afCore.py", line 100
8, in _audit
    plugin.audit_wrapper( fr )
  File "C:\Program Files (x86)\w3af\w3af\core\controllers\basePlugin\baseAuditPl
ugin.py", line 58, in audit_wrapper
    self.audit( fuzzable_request_copy )
  File "C:\Program Files (x86)\w3af\w3af\plugins\audit\xpath.py", line 74, in au
dit
    self._tm.join( self )
  File "C:\Program Files (x86)\w3af\w3af\core\controllers\threads\threadManager.
py", line 120, in join
    self._threadPool.wait( ownerObj, joinAll )
  File "C:\Program Files (x86)\w3af\w3af\core\controllers\threads\threadpool.py"
, line 271, in wait
    self.poll(block=True, ownerObj=ownerObj, joinAll=joinAll)
  File "C:\Program Files (x86)\w3af\w3af\core\controllers\threads\threadpool.py"
, line 108, in run
    self.resultQueue.put( (request, request.callable(*request.args, **request.kw
ds)) )
  File "C:\Program Files (x86)\w3af\w3af\core\controllers\basePlugin\basePlugin.
py", line 197, in _sendMutant
    grepResult=grepResult, useCache=useCache)
  File "C:\Program Files (x86)\w3af\w3af\core\controllers\basePlugin\basePlugin.
py", line 262, in meth
    return attr(*args, **kwargs)
  File "C:\Program Files (x86)\w3af\w3af\core\data\url\xUrllib.py", line 359, in
 POST
    return self._send( req , grepResult=grepResult, useCache=useCache)
  File "C:\Program Files (x86)\w3af\w3af\core\data\url\xUrllib.py", line 589, in
 _send
    self._incrementGlobalErrorCount(e, parsed_traceback)
  File "C:\Program Files (x86)\w3af\w3af\core\data\url\xUrllib.py", line 737, in
 _incrementGlobalErrorCount
    raise w3afMustStopByUnknownReasonExc(msg, errs=last_errors)
w3afMustStopByUnknownReasonExc: xUrllib found too much consecutive errors. The r
emote webserver doesn't seem to be reachable anymore.
timed out [('C:\\Program Files (x86)\\w3af\\w3af\\core\\data\\url\\xUrllib.py',
'499', '_send'), ('C:\\Program Files (x86)\\w3af\\Python26\\lib\\urllib2.py', '3
97', 'open'), ('C:\\Program Files (x86)\\w3af\\w3af\\core\\data\\url\\handlers\\
localCache.py', '100', 'http_response'), ('C:\\Program Files (x86)\\w3af\\w3af\\
core\\data\\url\\handlers\\localCache.py', '349', 'store_in_cache'), ('C:\\Progr
am Files (x86)\\w3af\\w3af\\core\\data\\url\\handlers\\keepalive.py', '163', 'ne
w_read_meth'), ('C:\\Program Files (x86)\\w3af\\w3af\\core\\data\\url\\handlers\
\keepalive.py', '283', 'read'), ('C:\\Program Files (x86)\\w3af\\w3af\\core\\dat
a\\url\\handlers\\keepalive.py', '228', '_raw_read'), ('C:\\Program Files (x86)\
\w3af\\Python26\\lib\\httplib.py', '619', '_safe_read'), ('C:\\Program Files (x8
6)\\w3af\\Python26\\lib\\socket.py', '377', 'read')]
timed out [('C:\\Program Files (x86)\\w3af\\w3af\\core\\data\\url\\xUrllib.py',
'499', '_send'), ('C:\\Program Files (x86)\\w3af\\Python26\\lib\\urllib2.py', '3
97', 'open'), ('C:\\Program Files (x86)\\w3af\\w3af\\core\\data\\url\\handlers\\
localCache.py', '100', 'http_response'), ('C:\\Program Files (x86)\\w3af\\w3af\\
core\\data\\url\\handlers\\localCache.py', '349', 'store_in_cache'), ('C:\\Progr
am Files (x86)\\w3af\\w3af\\core\\data\\url\\handlers\\keepalive.py', '163', 'ne
w_read_meth'), ('C:\\Program Files (x86)\\w3af\\w3af\\core\\data\\url\\handlers\
\keepalive.py', '283', 'read'), ('C:\\Program Files (x86)\\w3af\\w3af\\core\\dat
a\\url\\handlers\\keepalive.py', '228', '_raw_read'), ('C:\\Program Files (x86)\
\w3af\\Python26\\lib\\httplib.py', '619', '_safe_read'), ('C:\\Program Files (x8
6)\\w3af\\Python26\\lib\\socket.py', '377', 'read')]
timed out [('C:\\Program Files (x86)\\w3af\\w3af\\core\\data\\url\\xUrllib.py',
'499', '_send'), ('C:\\Program Files (x86)\\w3af\\Python26\\lib\\urllib2.py', '3
97', 'open'), ('C:\\Program Files (x86)\\w3af\\w3af\\core\\data\\url\\handlers\\
localCache.py', '100', 'http_response'), ('C:\\Program Files (x86)\\w3af\\w3af\\
core\\data\\url\\handlers\\localCache.py', '349', 'store_in_cache'), ('C:\\Progr
am Files (x86)\\w3af\\w3af\\core\\data\\url\\handlers\\keepalive.py', '163', 'ne
w_read_meth'), ('C:\\Program Files (x86)\\w3af\\w3af\\core\\data\\url\\handlers\
\keepalive.py', '283', 'read'), ('C:\\Program Files (x86)\\w3af\\w3af\\core\\dat
a\\url\\handlers\\keepalive.py', '228', '_raw_read'), ('C:\\Program Files (x86)\
\w3af\\Python26\\lib\\httplib.py', '619', '_safe_read'), ('C:\\Program Files (x8
6)\\w3af\\Python26\\lib\\socket.py', '377', 'read')]
timed out [('C:\\Program Files (x86)\\w3af\\w3af\\core\\data\\url\\xUrllib.py',
'499', '_send'), ('C:\\Program Files (x86)\\w3af\\Python26\\lib\\urllib2.py', '3
97', 'open'), ('C:\\Program Files (x86)\\w3af\\w3af\\core\\data\\url\\handlers\\
localCache.py', '100', 'http_response'), ('C:\\Program Files (x86)\\w3af\\w3af\\
core\\data\\url\\handlers\\localCache.py', '349', 'store_in_cache'), ('C:\\Progr
am Files (x86)\\w3af\\w3af\\core\\data\\url\\handlers\\keepalive.py', '163', 'ne
w_read_meth'), ('C:\\Program Files (x86)\\w3af\\w3af\\core\\data\\url\\handlers\
\keepalive.py', '283', 'read'), ('C:\\Program Files (x86)\\w3af\\w3af\\core\\dat
a\\url\\handlers\\keepalive.py', '228', '_raw_read'), ('C:\\Program Files (x86)\
\w3af\\Python26\\lib\\httplib.py', '619', '_safe_read'), ('C:\\Program Files (x8
6)\\w3af\\Python26\\lib\\socket.py', '377', 'read')]
timed out [('C:\\Program Files (x86)\\w3af\\w3af\\core\\data\\url\\xUrllib.py',
'499', '_send'), ('C:\\Program Files (x86)\\w3af\\Python26\\lib\\urllib2.py', '3
97', 'open'), ('C:\\Program Files (x86)\\w3af\\w3af\\core\\data\\url\\handlers\\
localCache.py', '100', 'http_response'), ('C:\\Program Files (x86)\\w3af\\w3af\\
core\\data\\url\\handlers\\localCache.py', '349', 'store_in_cache'), ('C:\\Progr
am Files (x86)\\w3af\\w3af\\core\\data\\url\\handlers\\keepalive.py', '163', 'ne
w_read_meth'), ('C:\\Program Files (x86)\\w3af\\w3af\\core\\data\\url\\handlers\
\keepalive.py', '283', 'read'), ('C:\\Program Files (x86)\\w3af\\w3af\\core\\dat
a\\url\\handlers\\keepalive.py', '228', '_raw_read'), ('C:\\Program Files (x86)\
\w3af\\Python26\\lib\\httplib.py', '619', '_safe_read'), ('C:\\Program Files (x8
6)\\w3af\\Python26\\lib\\socket.py', '377', 'read')]
timed out [('C:\\Program Files (x86)\\w3af\\w3af\\core\\data\\url\\xUrllib.py',
'499', '_send'), ('C:\\Program Files (x86)\\w3af\\Python26\\lib\\urllib2.py', '3
97', 'open'), ('C:\\Program Files (x86)\\w3af\\w3af\\core\\data\\url\\handlers\\
localCache.py', '100', 'http_response'), ('C:\\Program Files (x86)\\w3af\\w3af\\
core\\data\\url\\handlers\\localCache.py', '349', 'store_in_cache'), ('C:\\Progr
am Files (x86)\\w3af\\w3af\\core\\data\\url\\handlers\\keepalive.py', '163', 'ne
w_read_meth'), ('C:\\Program Files (x86)\\w3af\\w3af\\core\\data\\url\\handlers\
\keepalive.py', '283', 'read'), ('C:\\Program Files (x86)\\w3af\\w3af\\core\\dat
a\\url\\handlers\\keepalive.py', '228', '_raw_read'), ('C:\\Program Files (x86)\
\w3af\\Python26\\lib\\httplib.py', '619', '_safe_read'), ('C:\\Program Files (x8
6)\\w3af\\Python26\\lib\\socket.py', '377', 'read')]
timed out [('C:\\Program Files (x86)\\w3af\\w3af\\core\\data\\url\\xUrllib.py',
'499', '_send'), ('C:\\Program Files (x86)\\w3af\\Python26\\lib\\urllib2.py', '3
97', 'open'), ('C:\\Program Files (x86)\\w3af\\w3af\\core\\data\\url\\handlers\\
localCache.py', '100', 'http_response'), ('C:\\Program Files (x86)\\w3af\\w3af\\
core\\data\\url\\handlers\\localCache.py', '349', 'store_in_cache'), ('C:\\Progr
am Files (x86)\\w3af\\w3af\\core\\data\\url\\handlers\\keepalive.py', '163', 'ne
w_read_meth'), ('C:\\Program Files (x86)\\w3af\\w3af\\core\\data\\url\\handlers\
\keepalive.py', '283', 'read'), ('C:\\Program Files (x86)\\w3af\\w3af\\core\\dat
a\\url\\handlers\\keepalive.py', '228', '_raw_read'), ('C:\\Program Files (x86)\
\w3af\\Python26\\lib\\httplib.py', '619', '_safe_read'), ('C:\\Program Files (x8
6)\\w3af\\Python26\\lib\\socket.py', '377', 'read')]
timed out [('C:\\Program Files (x86)\\w3af\\w3af\\core\\data\\url\\xUrllib.py',
'499', '_send'), ('C:\\Program Files (x86)\\w3af\\Python26\\lib\\urllib2.py', '3
97', 'open'), ('C:\\Program Files (x86)\\w3af\\w3af\\core\\data\\url\\handlers\\
localCache.py', '100', 'http_response'), ('C:\\Program Files (x86)\\w3af\\w3af\\
core\\data\\url\\handlers\\localCache.py', '349', 'store_in_cache'), ('C:\\Progr
am Files (x86)\\w3af\\w3af\\core\\data\\url\\handlers\\keepalive.py', '163', 'ne
w_read_meth'), ('C:\\Program Files (x86)\\w3af\\w3af\\core\\data\\url\\handlers\
\keepalive.py', '283', 'read'), ('C:\\Program Files (x86)\\w3af\\w3af\\core\\dat
a\\url\\handlers\\keepalive.py', '228', '_raw_read'), ('C:\\Program Files (x86)\
\w3af\\Python26\\lib\\httplib.py', '619', '_safe_read'), ('C:\\Program Files (x8
6)\\w3af\\Python26\\lib\\socket.py', '377', 'read')]
timed out [('C:\\Program Files (x86)\\w3af\\w3af\\core\\data\\url\\xUrllib.py',
'499', '_send'), ('C:\\Program Files (x86)\\w3af\\Python26\\lib\\urllib2.py', '3
97', 'open'), ('C:\\Program Files (x86)\\w3af\\w3af\\core\\data\\url\\handlers\\
localCache.py', '100', 'http_response'), ('C:\\Program Files (x86)\\w3af\\w3af\\
core\\data\\url\\handlers\\localCache.py', '349', 'store_in_cache'), ('C:\\Progr
am Files (x86)\\w3af\\w3af\\core\\data\\url\\handlers\\keepalive.py', '163', 'ne
w_read_meth'), ('C:\\Program Files (x86)\\w3af\\w3af\\core\\data\\url\\handlers\
\keepalive.py', '283', 'read'), ('C:\\Program Files (x86)\\w3af\\w3af\\core\\dat
a\\url\\handlers\\keepalive.py', '228', '_raw_read'), ('C:\\Program Files (x86)\
\w3af\\Python26\\lib\\httplib.py', '619', '_safe_read'), ('C:\\Program Files (x8
6)\\w3af\\Python26\\lib\\socket.py', '377', 'read')]
timed out [('C:\\Program Files (x86)\\w3af\\w3af\\core\\data\\url\\xUrllib.py',
'499', '_send'), ('C:\\Program Files (x86)\\w3af\\Python26\\lib\\urllib2.py', '3
97', 'open'), ('C:\\Program Files (x86)\\w3af\\w3af\\core\\data\\url\\handlers\\
localCache.py', '100', 'http_response'), ('C:\\Program Files (x86)\\w3af\\w3af\\
core\\data\\url\\handlers\\localCache.py', '349', 'store_in_cache'), ('C:\\Progr
am Files (x86)\\w3af\\w3af\\core\\data\\url\\handlers\\keepalive.py', '163', 'ne
w_read_meth'), ('C:\\Program Files (x86)\\w3af\\w3af\\core\\data\\url\\handlers\
\keepalive.py', '283', 'read'), ('C:\\Program Files (x86)\\w3af\\w3af\\core\\dat
a\\url\\handlers\\keepalive.py', '228', '_raw_read'), ('C:\\Program Files (x86)\
\w3af\\Python26\\lib\\httplib.py', '619', '_safe_read'), ('C:\\Program Files (x8
6)\\w3af\\Python26\\lib\\socket.py', '377', 'read')]

Exception in thread Thread-5:
Traceback (most recent call last):
  File "C:\Program Files (x86)\w3af\Python26\lib\threading.py", line 532, in __b
ootstrap_inner
    self.run()
  File "C:\Program Files (x86)\w3af\w3af\core\controllers\threads\threadpool.py"
, line 108, in run
    self.resultQueue.put( (request, request.callable(*request.args, **request.kw
ds)) )
  File "C:\Program Files (x86)\w3af\w3af\core\controllers\basePlugin\basePlugin.
py", line 197, in _sendMutant
    grepResult=grepResult, useCache=useCache)
  File "C:\Program Files (x86)\w3af\w3af\core\controllers\basePlugin\basePlugin.
py", line 262, in meth
    return attr(*args, **kwargs)
  File "C:\Program Files (x86)\w3af\w3af\core\data\url\xUrllib.py", line 359, in
 POST
    return self._send( req , grepResult=grepResult, useCache=useCache)
  File "C:\Program Files (x86)\w3af\w3af\core\data\url\xUrllib.py", line 483, in
 _send
    self._callBeforeSend()
  File "C:\Program Files (x86)\w3af\w3af\core\data\url\xUrllib.py", line 109, in
 _callBeforeSend
    self._sleepIfPausedDieIfStopped()
  File "C:\Program Files (x86)\w3af\w3af\core\data\url\xUrllib.py", line 138, in
 _sleepIfPausedDieIfStopped
    raise KeyboardInterrupt
KeyboardInterrupt

Exception in thread Thread-1:
Traceback (most recent call last):
  File "C:\Program Files (x86)\w3af\Python26\lib\threading.py", line 532, in __b
ootstrap_inner
    self.run()
  File "C:\Program Files (x86)\w3af\w3af\core\controllers\threads\threadpool.py"
, line 108, in run
    self.resultQueue.put( (request, request.callable(*request.args, **request.kw
ds)) )
  File "C:\Program Files (x86)\w3af\w3af\core\controllers\basePlugin\basePlugin.
py", line 197, in _sendMutant
    grepResult=grepResult, useCache=useCache)
  File "C:\Program Files (x86)\w3af\w3af\core\controllers\basePlugin\basePlugin.
py", line 262, in meth
    return attr(*args, **kwargs)
  File "C:\Program Files (x86)\w3af\w3af\core\data\url\xUrllib.py", line 359, in
 POST
    return self._send( req , grepResult=grepResult, useCache=useCache)
  File "C:\Program Files (x86)\w3af\w3af\core\data\url\xUrllib.py", line 483, in
 _send
    self._callBeforeSend()
  File "C:\Program Files (x86)\w3af\w3af\core\data\url\xUrllib.py", line 109, in
 _callBeforeSend
    self._sleepIfPausedDieIfStopped()
  File "C:\Program Files (x86)\w3af\w3af\core\data\url\xUrllib.py", line 138, in
 _sleepIfPausedDieIfStopped
    raise KeyboardInterrupt
KeyboardInterrupt


------------------------------------------------------------------------------
Simplify data backup and recovery for your virtual environment with vRanger.
Installation's a snap, and flexible recovery options mean your data is safe,
secure and there when you need it. Data protection magic?
Nope - It's vRanger. Get your free trial download today.
http://p.sf.net/sfu/quest-sfdev2dev
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users

Reply via email to