silviu,
Thanks for the bug report! Just fixed the bug, please "svn update"
to get the latest version and you should see that it is not crashing
anymore.
Regards,
On Wed, Mar 14, 2012 at 2:49 PM, silviu andrica
<[email protected]> wrote:
> Hi,
>
> I'm a PhD student looking into the effects on the security and privacy of
> web servers that errors in configuration files have. To this end, I inject
> errors into such servers' configuration files, and then run W3AF against
> them to see if any damage can be done.
>
> In doing so, I stumbled upon an interesting situation. I got W3AF to display
> this:
>
> Traceback (most recent call last):
> File "/w3af/w3af_console", line 153, in <module>
> errCode = main()
> File "/w3af/w3af_console", line 149, in main
> console.sh()
> File "/w3af/core/ui/consoleUi/consoleUi.py", line 142, in sh
> self._executePending()
> File "/w3af/core/ui/consoleUi/consoleUi.py", line 165, in _executePending
> self._onEnter()
> File "/w3af/core/ui/consoleUi/consoleUi.py", line 303, in _onEnter
> self._execute()
> File "/w3af/core/ui/consoleUi/consoleUi.py", line 271, in _execute
> menu = self._context.execute(params)
> File "/w3af/core/ui/consoleUi/menu.py", line 170, in execute
> return handler( params )
> File "/w3af/core/ui/consoleUi/exploit.py", line 81, in _cmd_exploit
> return self._exploitAll( params )
> File "/w3af/core/ui/consoleUi/exploit.py", line 137, in _exploitAll
> instanceList.sort( sortfunc )
> File "/w3af/core/ui/consoleUi/exploit.py", line 136, in sortfunc
> return cmp( y.getRootProbability(), x.getRootProbability() )
> File "/w3af/core/controllers/basePlugin/baseAttackPlugin.py", line 130, in
> getRootProbability
> raise NotImplementedError( 'Plugin is not implementing required method
> getRootProbability' )
> NotImplementedError: Plugin is not implementing required method
> getRootProbability
>
> I'm testing IIS 7 on Windows XP.
>
> Is this something I should be happy about, in that W3AF broke into IIS7 and
> got a shell?
>
> Thanks,
> Silviu
>
> ------------------------------------------------------------------------------
> Virtualization & Cloud Management Using Capacity Planning
> Cloud computing makes use of virtualization - but cloud computing
> also focuses on allowing computing to be delivered as a service.
> http://www.accelacomm.com/jaw/sfnl/114/51521223/
> _______________________________________________
> W3af-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/w3af-users
>
--
Andrés Riancho
Director of Web Security at Rapid7 LLC
Founder at Bonsai Information Security
Project Leader at w3af
------------------------------------------------------------------------------
Virtualization & Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users
