Anne, On Tue, Apr 9, 2013 at 5:17 AM, Anne Bouquet <[email protected]> wrote: > Hi all > > I've an unidentified wab application error in my w3af report but I can't > explain it. > All audit plugins are enabled so I don't understand what is the problem
Well, that's exactly what w3af is saying: "There is a 500 error and I can't identify it." From the error HTML, which is very generic, it is impossible to tell if this is a vulnerability or not. My advise is that you analyze this in a manual way and potentially read the source code of the application script. > The message I have : > An unidentified web application error (HTTP response code 500) was found > at: "https://....";. Enable all plugins and try again, if the > vulnerability still is not identified, please verify manually and report > it to the w3af developers. > > The request : > ========================================Request 10457 - Fri 05 Apr 2013 > 12:00:42 PM CEST======================================== > SEARCH https://..../HTTP/1.1 > Accept-Encoding: gzip > Accept: */* > User-Agent: w3af.sourceforge.net > Host: ..... > Cookie: > _ReportingWeb_session=BAh7CDoQX2NzcmZfdG9rZW4iMU9CVk1BcU14bVZhYnVxTVJLNWptR3NzdlFmeDlQTXdoUVh4T1Z3T2wrTlk9IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewY6EmxvZ2luX21lc3NhZ2UiEnBsZWFzZSBsb2cgaW4GOgpAdXNlZHsGOwdGOg9zZXNzaW9uX2lkIiVhMDUyNWVhMzgwMDk4MWFhOTY0NTYyN2EyZGZkMGU1Mg%3D%3D--e58a39741803fff1a8c3e88988a86f35ec0c1254 > Content-Type: application/x-www-form-urlencoded > > %3C%3Fxml%20version=%271.0%27%3F%3E%0D%0A%3Cg%3Asearchrequest%20xmlns%3Ag%3D%27DAV%3A%27%3E%0D%0A%3Cg%3Asql%3E%0D%0ASelect%20%27DAV%3Adisplayname%27%20from%20scope%28%29%0D%0A%3C%2Fg%3Asql%3E%0D%0A%3C%2Fg%3Asearchrequest%3E%0D%0A > ========================================Response 10457 - Fri 05 Apr 2013 > 12:00:42 PM CEST======================================= > HTTP/1.1 500 Internal Server Error > Date: Fri, 05 Apr 2013 10:03:13 GMT > Content-Length: 1084 > Content-Type: text/html > Connection: close > > <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" > "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> > > <html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en"> > > <head> > <meta http-equiv="content-type" content="text/html; charset=UTF-8" /> > <title>We're sorry, but something went wrong (500)</title> > <style type="text/css"> > body { background-color: #fff; color: #666; text-align: center; > font-family: arial, sans-serif; } > div.dialog { > width: 25em; > padding: 0 4em; > margin: 4em auto 0 auto; > border: 1px solid #ccc; > border-right-color: #999; > border-bottom-color: #999; > } > h1 { font-size: 100%; color: #f00; line-height: 1.5em; } > </style> > </head> > > <body> > <!-- This file lives in public/500.html --> > <div class="dialog"> > <h1>We're sorry, but something went wrong.</h1> > <p>We've been notified about this issue and we'll take a look at it > shortly.</p> > <p><small>(If you're the administrator of this website, then please > read > the log file to find out what went wrong.)</small></p> > </div> > </body> > </html> > > The logs : > [Fri 05 Apr 2013 12:00:42 PM CEST - debug] SEARCH https://.... returned > HTTP code "500" - id: 10457 > [Fri 05 Apr 2013 12:00:42 PM CEST - debug] Starting "grep_worker" for > response: "<httpResponse | 500 | https://...| id:10457>" > [Fri 05 Apr 2013 12:00:42 PM CEST - debug] keepalive: added one > connection, len(self._hostmap["...."]): 1 > > Does someone have an idea for this problem? > > Thanks a lot > > > Anne > > > > > ------------------------------------------------------------------------------ > Precog is a next-generation analytics platform capable of advanced > analytics on semi-structured data. The platform includes APIs for building > apps and a phenomenal toolset for data science. Developers can use > our toolset for easy data analysis & visualization. Get a free account! > http://www2.precog.com/precogplatform/slashdotnewsletter > _______________________________________________ > W3af-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/w3af-users -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
