Interesting! Yes, this seems to be the reason behind the error. Just created a ticket to track and fix this bug:
https://github.com/andresriancho/w3af/issues/475 Thanks for your bug report, I'll try to fix this soon. Regards, On Tue, Jun 18, 2013 at 5:16 AM, Zuhdi Najib <nzu...@hotmail.com> wrote: > Hi Andres, > > Oh I think I know why. I put DVWA-1.0.7.zip at the web root, and had the > content of it extracted to dvwa folder. > > So if I point to the webserver IP, I would get a directory listing of the > DVWA-1.0.7.zip and the dvwa folder. > And somehow the audit rfi plugins tried inject something to DVWA-1.0.7.zip > (I turned on the fuzz url option). > > Could that be the caused of it? > >> From: andres.rian...@gmail.com >> Date: Mon, 17 Jun 2013 09:26:29 -0300 >> Subject: Re: [W3af-users] The exception was: "Invalid URL" >> To: nzu...@hotmail.com >> CC: w3af-users@lists.sourceforge.net > >> >> Zuhdi, >> >> On Sun, Jun 16, 2013 at 7:27 AM, Zuhdi Najib <nzu...@hotmail.com> wrote: >> > Hi, >> > >> > I get this error when running audit rfi plugins: >> > >> > An exception was found while running audit.rfi on >> > "http://domain/DVWA-1.0.7.zip | Method: GET". The exception was: >> > "Invalid >> > URL "dvwa-http:/w3af.org/rfi.html.0.7.zip"" at pool.py:next():626. The >> > scan >> > will continue but some vulnerabilities might not be identified. >> > >> > Any thoughts on this? >> >> Looks strange to me too. What's the content of "DVWA-1.0.7.zip" ? Is >> that publicly available? (I know about DVWA, but maybe you're doing >> something extra?) >> >> > >> > >> > >> > ------------------------------------------------------------------------------ >> > This SF.net email is sponsored by Windows: >> > >> > Build for Windows Store. >> > >> > http://p.sf.net/sfu/windows-dev2dev >> > _______________________________________________ >> > W3af-users mailing list >> > W3af-users@lists.sourceforge.net >> > https://lists.sourceforge.net/lists/listinfo/w3af-users >> > >> >> >> >> -- >> Andrés Riancho >> Project Leader at w3af - http://w3af.org/ >> Web Application Attack and Audit Framework >> Twitter: @w3af >> GPG: 0x93C344F3 -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev _______________________________________________ W3af-users mailing list W3af-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-users
